Due to a lack of planning during an Active Directory migration last year, I'm now stuck with an immutable service master key on one of my production servers. Since I'm posting here, I guess it's obvious that we have no backup from which to restore. The account that all of the SQL services used to run under no longer exists, so the WITH OLD_ACCOUNT workaround is not viable. And REGENERATE fails, as expected, with Msg 15329, Level 16, State 2, Line 2, "The current master key cannot be decrypted..."
After some research, including several of Laurentiu's blog entries, it seems that my only path at this point is to use the FORCE option to REGENERATE. (And then to immediately backup the service master key at several geographically disparate locations!!
Considering that:
We aren't actively using any of SQL Server's encryption capabilities, the closest we come is that one of our legacy applications calls the old PWDENCRYPT() function to hash passwords
##MS_ServiceMasterKey## is the only record in master.sys.symmetric_keys, and every other database's sys.symmetric_keys table is empty
What, if anything, am I likely to lose if I ALTER SERVICE MASTER KEY FORCE REGENERATE? My understanding is that since we don't have any database master keys and aren't using encryption, there's no real potential for corruption or loss. However, I want to be a little more confident about this before I give it a go.
Hi. I'm reading about encryption and not totally up-to-speed on what the Service Master Key is all about...
Let me paraphrase this book: Microsoft SQL Server 2005 Implementation and Maintenance Training Kit by Microsoft Press, while I ask questions... ___________________________________________________________
The database engine uses the Service Master Key to encrypt... - Linked server passwords (example?) - Connection Strings (example?) - Account credentials (example?) - All database master keys
You should back up the Service Master Key and store it offsite. (Even if I never plan to use encryption?)
ALTER SERVICE MASTER KEY REGENERATE regenerates the service master key. (Is it building a completely different key, or regenerating the original?) (Why would I want to regenerate it?) (Does this void all database master keys encrypted by the original Service Master Key?) (If so, do I regenerate all database master keys voided by the regeneration?)
A database master key is optional. (So if I have Server A with encrypted database A, that I want to restore to Server B, I need the following items to perform restore? - a backup of database A - the Service Master Key of A at time of backup - associated password of Service Master Key at time of backup)
Wjen sql 2005 is installed a Service Master key is generated using the password of the account under which sql 2005 server runs.
Suppose I use a domain account to run sql server. The account password will change every so often. I presume this change will not impact the validity of the existing Service master key and therefore any data indirectly encrypted by it. Am I correct?
Technically i am a network administrator, and know very little about SQL 2005, but it has come under my responsibility to manage this box and a lot depends on fixing this problem for me.
Error:
Service Broker needs to access the master key in the database 'Prototype'. Error code:25. The master key has to exist and the service master key encryption is required.
Also, i get the following both in windows event viewer and SQL logs;
Error:
Source: Logon
Message
Error: 18456, Severity: 14, State: 5.
Login failed for user 'logadmin'. [CLIENT: 192.168.1.2] Event ID 18456;
Login failed for user 'admin'. [CLIENT: 192.168.1.34] Event ID 18456
Symptoms:
While users are working and try to run a new query, their credentials are not accepted anymore. The account they are using is has "sysadmin" rights.
Once they restart the machine, they can run multiple queries, and then the same thign over again.
Please help me with this one, for i have pretty much exhausted google etc. I mean there are various blogs with same prblem but not a straighforward fix.
I removed MDS web UI which is working before and recreated. I enabled Window Authentication and Disabled Anonymous Authentication in IIS Authentication. I am getting Access denied when I view MDS web Site.
I was reading that when applying 2008 R2 SP1 you need to run the MDS update component manually: [URL] I was curious if that package changed in later service packs because I couldn't find any mention of it.
SQL 2012, if there was a similar process in their service packs for MDS, or if it hasn't been upgraded?
I have a SP SQL server that uses Handshake for the web parts. I am getting an error on SharePoint about 'An error occurred during Service Master Key Decryption' inside the web parts of the page, everything else comes up, from what I have researched MS says go under SQL Configuration Manager and change the service account. Is this the correct course of action for this type of error? I am just having a hard time believing that changing the engines service account will stop this issue, this account is used on several SQL server with no issues.
I noticed when I restore a master database to a server other then the one which created the backup of master, SQL Server contains the following three local security groups that were defined on the source server. The problem is these groups are "local" and do not apply to the server where master was restored.
If you then backup the master database on an instance named MARKETING_PROD and restore it to MARKETING_TEST, the security folder on MARKETING _TEST will now contain the following three entries.
These entries would be invalid because no such server exists and therefor no such local groups exists. There appears to be no Microsoft documentation explaining how to handle these groups when restoring master from one server to another. My assumption is that whenever restoring master to another server you must drop these three groups and add the correct corresponding groups along with the appropriate permissions. I don't understand why SQL Server would not rebuild this information for you during a restore.
I'm having trouble with restoring the master db on w2k3 sql2000 sp3a to a Secondary Standby server. Firstly, I place the server in Single user mode and then restore the master db. The sql server then tries to restart sql services but immediately stops as soon as it starts up.
Background: In my current company the business users maintain a huge quantity of master data using excel. Then a series of SSIS jobs are edited and manually executed.
Goal: the challenge is to replace this process using MDS. One of the requested features is the possibility for the users to edit or insert new master data using the Web UI or the Excel Add-in and when they are done perform a merge of the master data in the target, in this case in the reporting DB.
The perfect solution for me is something like trigger the execution of a SSIS package to export the data from the subscription views to the reporting DB after the business rules are apply to a specific entity.
Now, I checked and verified that my backup version of SQL Server is the same as the version installed on the computer I'm restoring too.
I have SQL Server on a production machine that I backed up and want to test a full restore on a dev machine to make sure it will work when I need it to.
Now that I've run the restore command on my tape backup and go to restart the SQL server service I receive:
Configuration block version 0 is not a valid version number. SQL Server is exiting. Restore the master database or reinstall.
I'm afraid I don't understand why this is happening. If the builds are the same, then shouldn't restoring the MASTER database have worked normally and I'd be able to restart the service now?
I have an Itanium 64bit server to run SSIS packages on. I have one package with three parralell streams. When I run the package in 64 bit mode using dtexec, it runs through validation and exits with no reported errors, when I run it from a job, the job fails and says to see job log, which has no errors.
When I run it in 32 bit mode using the GUI, it runs all the way through.
Does anyone know how to launch SSIS in 32 bit mode from a job on an Itanium?
This is a really wide spread - more than a time discussed - on SQL CE MSDN Forums - Issue !!! Is there any way i can commit changes which happens during runtime (when i am developing the application) such as inserts/updates and deletes to the .sdf DB on the machine ?????
As our DB has no primary keys or indexes ive taken a copy of all populated tables and tried to force primary keys within a new DB.
the problem is all off the tables have multiple datasets within them, a dataset for each year. This causes all instances of ID numbers to not be unique as they are replicated for every year they are active.
Its a school database so a student who has been here for 3 years will have 3 instances of his ID number, one for each years' data set.
So how do i force primary keys if there is no unique identifier? ive been highlighting both data set and ID columns and setting that combination as the primary key.
Essentially i need to analyse the relationships between the tabls in a diagram and also run some speed tests to see how fast the db works when it has indexes and primary keys.
the reason im writing is that ive done this on ten tables and with another 160 to do im just checking im doing the right thing?
CASE WHEN CAST(wo.start_date AS TIME) BETWEEN '00:00:00' AND '00:59:59' THEN 0 WHEN CAST(wo.start_date AS TIME) BETWEEN '01:00:00' AND '01:59:59' THEN 1 WHEN CAST(wo.start_date AS TIME) BETWEEN '02:00:00' AND '02:59:59' THEN 2 WHEN CAST(wo.start_date AS TIME) BETWEEN '03:00:00' AND '03:59:59' THEN 3 WHEN CAST(wo.start_date AS TIME) BETWEEN '04:00:00' AND '04:59:59' THEN 4
[code]....
The purpose is to take a row and set it to the hour of the day that it occurred in. This works fine, however I would like to force it to display every hour 0-23 regardless of whether or not it has a corresponding row.
So, if no row exists for 0, display 0 with null values for the rest of the columns.
In the following procedure i write the results to a temp table called #temp1I now want to count the results of #temp1, if the count of #temp1 = 0 I want to insert 'No Records Found' into #temp.ERRORMSG else return what is in the table
any idea on how to do this?
ALTER PROC [dbo].[SPU_RPT_Savings_AnomalyDispatches] 40,'04/01/07|06/30/07' @PropertyID varchar(4000), @DropDown varchar(50)
AS SELECT Client.CLIENT, Client.CLIENTID, ErrorEmailLog.ID, ErrorEmailLog.SITEID, ErrorEmailLog.PROPID, ErrorEmailLog.DISTINCTERRORS, ErrorEmailLog.ERRORMSG, ErrorEmailLog.ERRORDATETIME, ErrorEmailLog.EMAILRECIPIENTS, Property.PROPERTY, Property.STREET, Property.CITY, Property.STATE, Property.ZIP, Property.PHONE INTO #TEMP1 FROM ErrorEmailLog INNER JOIN Property ON ErrorEmailLog.PROPID = Property.PROPID INNER JOIN Client ON Property.CLIENTID = Client.CLIENTID WHERE (ErrorEmailLog.ERRORDATETIME BETWEEN SUBSTRING(CONVERT(VARCHAR(12), @DropDown), 0, 9)
Hello all, Is there any way to force Autonum to generate a number before an entire record is created? Some of my forms will not work because it needs a number already listed in its index (which uses Autonum) and cannot add to the table until it is created.I really need it to have a number ready and waiting upon the last record's completion.
im testing an application change that should handle a timeout on a stored procedure being called from the application. thing is, the timeout that we experience in production that led to this fix is random. so is there some way for me to setup a test stored procedure or some way to call the SP so that i can test a timeout scenario? im using MFC and the CDatabase::ExecuteSQL method to call this SP if you were wondering at all. this app is running locally on the server that has an instance of SQL Server Express 2k5 on it. server is running win 2k3.
I have a slight problem, a query that i have written produces data with 2 primary keys the same... however, DINSTINCT wont work in this case as the rows are still different...
Is their a way to force 1 column to always be unique?
Heres the query:
SELECT TOP 5 ORDER_ITEM.ItemID AS 'Item ID', ITEM.ItemName AS 'Item Name', (SELECT SUM(OrdItem2.ItemQuantity) FROM ORDER_ITEM OrdItem2 WHERE OrdItem2.ItemID = ORDER_ITEM.ItemID ) AS Total_Purchased, SUM(ORDER_ITEM.ItemQuantity) AS 'Customer Purchased', CUSTOMER.customerForename AS 'Customer Forename', CUSTOMER.customerSurname AS 'Customer Surname' FROM ITEM, ORDER_ITEM, ORDER_T, CUSTOMER WHERE ITEM.ItemID = ORDER_ITEM.ItemID AND ORDER_ITEM.OrderID = ORDER_0510096.OrderID AND ORDER_T.CustomerID = CUSTOMER.CustomerID GROUP BY ORDER_ITEM.ItemID, ITEM.ItemName, CUSTOMER.customerForename, CUSTOMER.customerSurname ORDER BY Total_Purchased DESC
The query is supposed to select the TOP 5 Products sold as well as selecting the customer that purchased the greatest amount of that item and the amount they purchased.
Currently, i will get 2 duplicate rows (except for customers name and the items the purchased. Like this:
ItemID 83630Mathew Smith 8 366Tony Wattage
Which is kinda annoying.... is there anyway i can prevent this?
And also apart from the Where Joins... is there a more efficient way of writing this?
I am developing a simple DB-Library program in C calling SQL Server 2000 onwindows 2003 and NT 4. I have some T-SQL code that checks for the existenceof a table and want to abort the program if the table doesn't exist. I issuea raiserror if the table doesn't exist and then call RETURN.I construct the string using sprintf and pass it dbfcnd and dbsqlexec. Sincethe commands work, there is no error to halt the execution of the program.Is there an easy, clean way to force dbsqlexec to fail? Do I need a storedprocedure to return an error code and then deal with that?Thanks for any advice,-Gary
A stored procedure in the cache is automatically recompiled when a table it refers to has a table structure change. User defined functions are not. Here's a simplified code sample:
set nocount on go
create table tmpTest (a int, b int, c int)
insert into tmpTest (a, b, c) values (1, 2, 3) insert into tmpTest (a, b, c) values (2, 3, 4) go
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[fTest]') and xtype in (N'FN', N'IF', N'TF')) drop function [dbo].[fTest] GO
CREATE FUNCTION dbo.fTest (@a int) RETURNS TABLE AS RETURN (SELECT * from tmpTest where a = @a) GO
select * from fTest(1)
CREATE TABLE dbo.Tmp_tmpTest ( a int NULL, b int NULL, d int NULL, c int NULL ) ON [PRIMARY] IF EXISTS(SELECT * FROM dbo.tmpTest) EXEC('INSERT INTO dbo.Tmp_tmpTest (a, b, c) SELECT a, b, c FROM dbo.tmpTest TABLOCKX') DROP TABLE dbo.tmpTest EXECUTE sp_rename N'dbo.Tmp_tmpTest', N'tmpTest', 'OBJECT'
select * from fTest(1)
drop table tmpTest
Running it, the output is:
a b c ----------- ----------- ----------- 1 2 3
Caution: Changing any part of an object name could break scripts and stored procedures. The OBJECT was renamed to 'tmpTest'. a b c ----------- ----------- ----------- 1 2 NULL
(I know that "select *" is bad, but it's a lot of legacy code that I'm working with here, and that's how it's written.)
The function doesn't detect that the table has changed in structure, or even that there is no longer a dependency on tmpTest. (Appending a column rather than inserting has the same effect, in that only the first 3 columns are returned.)
DBCC FREEPROCCACHE has no effect, not that I really expected it to, but you never know...
Is there any way, other than dropping and recreating, to force a recompilation of a particular function in memory, or perhaps all functions?
Im trying to do an interactive sort , one of the rows returned from my datasource called 'Total' i wish to display at the bottom always. is there a way i can do this?
I've tried the below on the column header but the total is either at the bottom or the top how can i check the ordering if Ascending or Descending? Then i cld swop the 1 and the 2 around.
In a decision tree algorithm, is there a known way to force a branch at a top level? For exmaple, I have 30 known decision patterns that are going to be completely different and I don't want them to intermingle. I wanted to force a branch at the top node on one of the 30 patterns so I wouldn't have to create 30 mining models per client.
SELECT acct.USERNAME, SUM(trans.CHARGES) - SUM(trans.CREDITS) AS [Charges - Credits], MAX(trans.ENDPERIOD) AS [Billed Through], acct.FULLNAME, bill.COMPANY, bill.BILLTOCOMPANY, bill.firstname, bill.lastname, bill.STREET1, bill.STREET2, bill.CITY, bill.STATE, bill.ZIPCODE, bill.COUNTRY, acct.PHONE1, acct.PHONE2, bill.EMAIL, acct.BILLPERIOD, acct.PLAN FROM TRANS trans, ACCTS acct, BILLING bill WHERE trans.ACCTNUM = acct.ACCTNUM and bill.ACCTNUM = acct.ACCTNUM and bill.ACCTNUM = trans.ACCTNUM AND acct.CLOSED = 0 AND acct.SUSPENDED = 0 GROUP BY acct.USERNAME, acct.FULLNAME, bill.COMPANY, bill.BILLTOCOMPANY, bill.firstname, bill.lastname, bill.STREET1, bill.STREET2, bill.CITY, bill.STATE, bill.ZIPCODE, bill.COUNTRY, acct.PHONE1, acct.PHONE2, bill.EMAIL, acct.BILLPERIOD, acct.PLAN HAVING SUM(trans.CHARGES) - SUM(CREDITS) > 0 ORDER BY [Billed Through] DESC
SELECT acct.USERNAME, SUM(trans.CHARGES) - SUM(trans.CREDITS) AS [Charges - Credits], MAX(trans.ENDPERIOD) AS [Billed Through], acct.FULLNAME, bill.COMPANY, bill.BILLTOCOMPANY, bill.firstname, bill.lastname, bill.STREET1, bill.STREET2, bill.CITY, bill.STATE, bill.ZIPCODE, bill.COUNTRY, acct.PHONE1, acct.PHONE2, bill.EMAIL, acct.BILLPERIOD, acct.PLANFROM TRANS trans, ACCTS acct, BILLING billWHERE trans.ACCTNUM = acct.ACCTNUM AND bill.ACCTNUM = acct.ACCTNUM AND bill.ACCTNUM = trans.ACCTNUM AND acct.CLOSED = 0 AND acct.SUSPENDED = 0GROUP BY acct.USERNAME, acct.FULLNAME, bill.COMPANY, bill.BILLTOCOMPANY, bill.firstname, bill.lastname, bill.STREET1, bill.STREET2, bill.CITY, bill.STATE, bill.ZIPCODE, bill.COUNTRY, acct.PHONE1, acct.PHONE2, bill.EMAIL, acct.BILLPERIOD, acct.PLANHAVING SUM(trans.CHARGES) - SUM(CREDITS) > 0ORDER BY [Billed Through] DESC
Incorrect syntax near the keyword 'PLAN'.
If i take out SELECT & GROUP BY acct.plan, it works fine.
I've googled a bit and found 'EXPLAIN PLAN' command, I assume it's parsing the 'PLAN' as a command and screwing stuff up. I don't get why it'd take it for a command instead of a column. How does one select a keyword as a column name? Brackets & single quotes didn't do the trick.
Hello All, Is it possible to force a delete of a table even when another program is using that DB, and still has some view data on that specific table. I know that I can delete tables if another program is just have connection to the DB, but not using the specific table I'd like to delete. Can it be done also on a viewed table?
The principle, partner and witnesss have two NICs each (NIC1 and NIC2). I want them to communicate in NIC2 for sending logs and establishing quorum. This will happen in their own private network (say 192.168.1.0/24). The NIC1 in each server will be available for client communication. The domain and clients are in the network (say 10.1.1.0/24).
I am using the same domain account as SQL server service account in all three servers.
I have set the Interactive Height in my SQL report to 11 inches. I have also set a page break to occur after each table group in my report. When I run the report in SQL Reporting Services (or in Visual Studio 2005) the only page breaks that occur are the ones after each group. The Interactive Height setting is not causing page breaks. The first group in my report prints out as 4 pages but is showing up on the html screen as 1 long page. The first page break finally occurs at the end of the first group.
How can I get the Interactive Height to force page breaks within each of my groups? I am using SQL Reporting Services 2005.
I have a need to force a package to run using the 32-bit runtime from the SQL Server Agent. The machine is a x64 unit. I'm having to use an ODBC driver to extract data from our ERP package that will only run in 32 bit. Any help would be appreciated.
I have statement which is comparing a smalldatetime column to literal string as follows:
sales_date ='21-9-2004 0:0:0.000'
when I run the statement in query analyzer it bombs out with:
Server: Msg 296, Level 16, State 3, Line 1 The conversion of char data type to smalldatetime data type resulted in an out-of-range smalldatetime value.
If I alter the format of the date literal to '2004-09-21 00:00:00' the statement works.
Is there anyway of forcing the statement to treat '21-9-2004 0:0:0.000' as '2004-09-21 00:00:00' without modifying the statement itself ?
