I just installed Reporting Services (2005) in a "distributed installation" mode. That is, I have sql server 2005 on a separate server. I installed the Report Server on its own server where I already had IIS running.
That all seemed to go well and I didn't get any errors or anything. After the install process was done, I ran the RS Configuration Manager tool. Since "Install but do not configure" option was automatically selected for me, I started working through all the pages from top to bottom. Again everything worked, and I have green checkboxes next to all of the nodes in the left except...
When I get to the Encryption Keys page, it has a blue exclamation icon next to its icon in the left pane. On the page itself, the Backup and Change buttons are disabled, greyed out.
And, the next item down, Initialization, is shown with a greyed out "x" icon. It's not red, but greyed out.
So, I'm not sure what this all means, but I'm guess it means that I don't have RS set up yet...! Any help would be greatly appreciated.
Within SQL Management Studio, when I try to add a data driven subscription to a report, the "New Data Driven Subscription.." option is disabled. I've checked all the listed prerequisites and feel that they are OK. The "New Subscription..." is enabled.
I realize this must be an unexpected question in this day and age of MS SQL 2005, however, at my company i need to upgrade from SQL 7.0 to SQL 2000 standard on a WIN2K machine.
can anyone out there tell me why the option to upgrade ("Upgrade, remove, or add components to an existing installation of SQL Server") is disabled ?
I'm reading that i should be able to upgrade without having to install a second instance.
Hi, When i try to deploy a Datasource which is using a report server model, i dont see the Deploy Option Enabled. It is disabled for Report Server Model.
My connection string is server=http://localhost/reportserver;datasource=/i2i Report Model/SCM Data Warehouse Model
Is it possible to load data into MSSQL 2005 that has been encrypted externally with a symmetric key algorithm, such as AES, and then import the key to SQL Server? After browsing through Books Online, I don't see any way to import a symmetric key from an external file, but maybe I'm missing something.
Hi, I would like to encrypt data in my database. I want encrypted column value to be viewable only for certain group of users. Users that has access to my database doesn't meant they can access to my encrypted data.
Currently, I am using the following "approach" as my key management.
create master key encryption by password= 'MasterKeyPass'
CREATE ASYMMETRIC KEY MyAsymmKey AUTHORIZATION MyUser WITH ALGORITHM = RSA_1024 ENCRYPTION BY PASSWORD ='MyAsymmPass'
CREATE SYMMETRIC KEY MySymmKey WITH ALGORITHM = DES ENCRYPTION BY ASYMMETRIC KEY MyAsymmKey
My data will be encrypted using Symmetric key MySymmKey.
User who want to access my data must have MasterKey and MyAsymmKey password. Is it OK? Any better way?
i've getting ready to implement encryption on a rather large database. I'd read that if performance is of utmost concert, you should use symmetric keys. I want to encrypt those keys by asymmetric keys. My code is working, but i'm just not sure if there is a quicker way? do you have to open and close the key each time you select/update/insert in a stored procedure that references an encrypted column, or is there a way to just modify the code by adding the encryptbykey/decryptbykey functions?
has anyone implemented encryption on columns in large tables? any suggestions for me?
Thanks, Pete
here's my code to create the keys:
create asymmetric key ASK_Auto_Encrypt with algorithm = RSA_512;
create symmetric key SK_AE with algorithm = TRIPLE_DES encryption by asymmetric key ASK_Auto_Encrypt;
here's my code to test this:
create table encryption_test (test varchar(50));
open symmetric key SK_AE decryption by asymmetric key ASK_Auto_Encrypt;
insert into encryption_test select encryptbykey(key_guid('SK_AE'),'test');
select convert(varchar(max),decryptbykey(test)) from encryption_test;
We have been playing around with encryption in 2005. I cannot find a BOL topic that discusses dropping encryption objects such as keys.
We do the followign steps:
Create master key with password, then we create a certificate using the master key, we then create a symmetric key using this certificate and encrypt data columns.
But what i find worrying is that you can then drop the symmetric key , there are no warnings that you have objects dependant on this key for decryption.
Once you have dropped the key you cannot decrypt the data anymore?
Also the key defults the expiration date to 1 year.
WHat happens after 1 year when you have encrypted data and an expired key, or someone drops the key ? How can you ever decrypt the data after that ?
You can backup master keys nd certificates but not symmetric keys?
It seems to be that youc an very easily orphan encrypted data by the loss of the symmetric key for whatever reason, is this correct ?
I have a question about the storage of symmetric keys in SQL Server 2005 due to the fact that I have read two conflicting statements on this.
In Laurentiu's blog located at http://blogs.msdn.com/lcris/archive/2005/10/14/481434.aspx, in regards to preventing symmetric key loss he makes the statement that "...Because the keys are stored in the database, they will be saved with the database....".
But in the white paper Improving Data Security by Using SQL Server 2005, which is located at http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx, in regards to symmetric keys the statement is made "...Note: The symmetric key is not stored in the database. Only the encrypted values of the symmetric key are stored in the database. Therefore, users who can access the database cannot decrypt the data without first decrypting the symmetric key....".
So I am just wondering which statement is correct, are symmetric keys stored in the database or not?
I'm just getting my feet wet with how encryption works in SQL 2005. With regards to the encryption of primary / foreign keys, I'm not entirely clear on the best approach. Below are three examples of typical table structures I currently have:
The Customers and Orders tables use identity values as their primary keys. From what I can tell, CustomerID in the Customers table cannot be encrypted and OrderID in the Orders table cannot be encrypted because they are identity values. In these cases, would it be safer (in terms of security) to create a separate, meaningless identity key column in the Customers table and then remove the identity attribute from CustomerID so I can encrypt CustomerID?
Similarily in the OrderDetails table, OrderID and ItemNumber form a composite key. These values are important in that I don't want them to be tampered with. Am I better off creating a separate identity key column which becomes the table's primary key ... then encrypt both the OrderID and ItemNumber columns in this table?
There is all kinds of great info out there about the mechanics behind column level encryption in SQL2005, but it all seems to assume I only have 1 or 2 database servers. If I am using an X509 certificate to encrypt my data, it looks as if I can script the administration of this fairly easily.
But what if I have 1000 SQL Servers?
Is there any guidance/best practices/tools out there that will help me manage the 1000 certificates that I would need to deploy in such a scenario. Also, what if I need to 'rotate' the certificates for some reason. Can a PKI for the domain help me to automate and manage this?
It seems as if the management of these certificates is purely 'manual' at this point.
I have a customer who is looking to encrypt their applications connection to the back-end SQL server. I've gotten a valid certificate for the server from a trusted CA, and it's installed on the server (shows up in Personal certificates in the Certificate MMC when selecting the computer) and I can choose it in the drop down on the certificates tab of the SQL Network protocols properties in Configuration Manager.
Now, my question: If I select the certificate but do NOT enable the "Force Encryption" option, the client will be able to request encryption on their end, and the connection will then be encrypted. If the client (other applications) do NOT request encryption, they will still be able to connect, but their connection will be un-encrypted. URL....
Lastly, I could've swore I had found some information indicating that some methods of establishing a connection to SQL can fail when Force Encryption is enabled, as the method doesn't support SSL encryption.
I am trying to implement the column encryption on one of the tables, have used the below link as the reference and got stuck at the last step.
[URL] ....
I have completed the following steps so far.
- CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘myStrongPassword’
- CREATE CERTIFICATE MyCertificateName WITH SUBJECT = 'A label for this certificate'
- CREATE SYMMETRIC KEY MySymmetricKeyName WITH IDENTITY_VALUE = 'a fairly secure name', ALGORITHM = AES_256,
[Code] .....
Example by using the function
EXEC OpenKeys
-- Encrypting SELECT Encrypt(myColumn) FROM myTable
-- Decrypting SELECT Decrypt(myColumn) FROM myTable
When I ran the last command :
-- Decrypting SELECT Decrypt(myColumn) FROM myTable
I get the following error :
Msg 257, Level 16, State 3, Line 2 Implicit conversion from data type nvarchar to varbinary is not allowed. Use the CONVERT function to run this query.
Where will I use the convert function, in decrypt function or in select statement?
I need to backup a single DB with "Copy-only Backup" option on. I Want to place the backup on a different location, we have a media set which is used for daily backups. I want this backup placed on a different
server 192.168.250.xxx DepartmentsITBackup2015xxx.bak
I have added this location to "back up to" The old one is still there. I I then hit OK th backup hangs for 2-3 minutes and gives me an error which points to the old media set. SO I want to create a new media set and call it "onlyonce" but what I am not sure about is what this Means "back up to a new media set and erase all existing backup sets" Does that mean all old backups will be deleted?
Any simple summary of the new backup encryption? I've found a small handful of articles, but apparently I have some sort of mental block where keys and certs are involved.I'm trying to determine if this is a viable replacement (for our purposes) for SQL Backup, which we started using primarily for the compression and encryption. We don't have issues with SQL Backup, I'd rather not install additional utilities for native functionality.
What I can't seem to understand is how one goes about restoring an encrypted backup onto another server. When one restores the master key onto the destination server, what happens to the existing key on that server?
Right now, we have backups off-site in third-party storage, and all we need to restore is the .sqb and the password (and the SQB converter). With native encryption, we need the .bak, the keys, the cert, and the password?
We have an application with SQL Server 2005 as his database. When I open the database in sql server management studio, under management > it does not give the option like "backup", "copy database", nor there is folder called maintenance plans.
Why is that some of the databases has their "Transaction Log" & "File and Filegroup" options in Backup greyed out? I was trying to create a backup job using the sql enterprise backup wizard. However, the database that is the backend of our erp application has its "Transaction Log" and "File and Filegroup" option greyed out.
I started Configure Report Server (2005) and have executed backup of the encryption key. Problem occurred on restore of the encryption key as following error (I have provided correct backup snk):
ReportServicesConfigUI.WMIProvider.WMIProviderException: The version of the report server database is either in a format that is not valid, or it cannot be read. The found version is 'C.0.8.39'. The expected version is 'C.0.8.40'. To continue, update the version of the report server database and verify access rights. (rsInvalidReportServerDatabase) at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.ThrowOnError(ManagementBaseObject mo) at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.RestoreEncryptionKey(Byte[] encryptedBytes, String password)
ReportingServer sites stop working with similar error (browsing by IE):
The found version is 'C.0.8.39'. The expected version is 'C.0.8.40'. To continue, update the version of the report server database and verify access rights. (rsInvalidReportServerDatabase)
ReportingServer services are all locked by this. Can you please tell how to resolve this problem?
I need to have RETAINDAYS=6hours on a backup command. How can I code that,seems like it should be in integer only,any work-around to have the retain days only few hours(less than a day)?
I'm trying to backup the Encryption Key for the Reporting Services. After I insert the password / location key file and click Ok, I get the following error:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ReportServicesConfigUI.WMIProvider.WMIProviderException: An unknown error has occurred in the WMI Provider. Error Code 80070A91 ---> System.Runtime.InteropServices.COMException (0x80070A91): Password doesn't meet the requirements of the filter dll's (Exception from HRESULT: 0x80070A91) --- End of inner exception stack trace --- at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.ThrowOnError(ManagementBaseObject mo) at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.BackupEncryptionKey(Byte[]& encryptedBytes, String password) -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I have tried with diferents passwords but none of them is ok. I don't have any rule on local windows password policy! Any suggestions?
Hello all - I have an installation of SQL Server 2K5 Express with Reporting Services on an XP Pro SP2 PC. It has been running for about 6 months now. Within the 1st month, I had to restore the Encryption Key (the Report Manager failed to function properly).
All had been well until last week, when I had to restore the encryption key (for the same reason). After restoring the encryption key, the Report Manager immediately started to work again.
It happened again today, so I had to once again restore the encryption key. Can anyone offer any ideas as to why/how this would happen?
I have created two user defined functions for encryption and decryption using passphrase mechanism. When I call encryption function, each time I am getting the different values for the same input. While I searching a particular value, it takes long time to retrieve due to calling decryption function for each row.
best way to encrypt and decrypt using user defined functions.Below is the query which is taking long time.
SELECT ID FROM table WITH (NOLOCK) WHERE dbo.DecodeFunction(column) = 'value'
When I try to use symetric or asymetric encryption, I am not able to put "OPEN SYMETRIC KEY" code in a function. So, I am using PassPhrase mechanism.
Hi everyone In my SqlServer Management Studio Express, on start up it shows the server type option, but greyed.So that value is fixed to database engine. ( I'm trying to work on an SqlServer Compact Edition database through the SSMStudiothat's why I'm trying to get this to change.)Besides, after I connect i go to the Object Explorer, expand the server node, and go to Replication.When i expand replication, i get the "Local Subscription" option, but nothng for Publication.( I want to work on Merge Replication, that's why I desparately need Publication to work)Am i missing something here? I did not install SqlServer separately, I only have what comes bundled with the Visual Studio 2005 Setup.
I did tried the encryption on server "A" for database "AdventureWorks2012". Then I tried to restore to server "B". There was the certificate issue, and I thought "of course : it's encrypted ! Let's deactivate it". So here I go "ALTER DATABASE AdventureWorks2012 SET ENCYRPTION OFF".I look at sys.databases : not encrypted.I backup using no encryption, I verify using msdb.dbo.backupset : not encrypted.
I move my backup to my other server where encryption was never configured (so no certificate, nothing...), and I have the error : Msg 33111, Level 16, State 3, Line 1
Cannot find server certificate with thumbprint '0xFA130E58C999C4919B8975999C83A75A403B11D8'. Msg 3013, Level 16, State 1, Line 1 RESTORE DATABASE is terminating abnormally.
I'm going through my tables and rewriting them so that I can create relationship-based constraints and create foreign keys among my tables. I didn't have a problem with a few of the tables but I seem to have come across a slightly confusing hiccup.
Here's the query for my Classes table:
Code:
CREATE TABLE Classes ( class_id INT IDENTITY PRIMARY KEY NOT NULL,
This statement runs without problems and I Create the relationship with my Users table just fine, having renamed it to teacher_id. I have a 1:n relationship between users and tables AND an n:m relationship because a user can be a student or a teacher, the difference is one field, user_type, which denotes what type of user a person is. In any case, the relationship that's 1:n from users to classes is that of the teacher instructing the class. The problem exists when I run my query for the intermediary table between the class and the gradebook:
Code:
CREATE TABLE Classes_have_Grades ( class_id INT PRIMARY KEY NOT NULL,
Query Analyzer spits out: Quote: Originally Posted by Query Analyzer There are no primary or candidate keys in the referenced table 'Classes' that match the referencing column list in the foreign key 'Classes_have_gradesFKIndex2'. Now, I know in SQL Server 2000 you can only have one primary key. Does that mean I can have a multi-columned Primary key (which is in fact what I would like) or does that mean that just one field can be a primary key and that a table can have only the one primary key?
In addition, what is a "candidate" key? Will making the other fields "Candidate" keys solve my problem?
ALTER TABLE [Students] WITH CHECK ADD CONSTRAINT [FK_Students_Schools] FOREIGN KEY([SchoolId]) REFERENCES [Schools] ([SchoolId])
What kind of index would ensure best performance for INSERTs/UPDATEs, so that SQL Server can most efficiently check the FK constraints? Would it be simply:
CREATE INDEX IX_Students_SchlId ON Students (SchoolId) Or CREATE INDEX IX_Students_SchlId ON Students (SchoolId, StudentId)
In other words, what's best practice for adding an index which best supports a Foreign Key constraint?
Pls let me know How I generate script for All primary keys and foreign keys in a table. Thereafter that can be used to add primary keys and foreign keys in another databse with same structure.
Also how I script default and other constraints of a table?
