i have a mdb file (in Access 2K) with SQL Server 2K linked tables who
runs on a workstation which is on a different domain that the SQL
Server. It works.
If i create a mdb file from a workstation which is a the domain of the
SQL Server and then i run it a my non-domain workstation i have error
message:
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success. - Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server ------------------------------
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
i like to use my Excel pivot from other domain, but I always get the error message "Cannot find repository". I tried a ping on IP of analysis server, no problem. The connection string includes the IP adress as well. Anybody knows the clue ?
I have installed SQL Server 2005 on my Domain Controller successfully and installed the SQL Server tools from the DVD including workstation components on my XP client computer (which is actually hosting the Domain controller as virtual VMWare machine). The authentication is set to mixed mode and I have created a login with all possible rights on SQL Server, but which is at the same time my Domain Admin (So the user is setup in SQL Server in the format Domainuser)
Now when I open any client program (SQL Srvr2005 Management console, or Toad for SQLSrvr) and try to connect, the client does find the server correctly, but I cannot login. The error status is actually 1, which means "unexpected internal error" as far as I have read. I have turned off Windows firwalls by default and also turned off my custom firewall to see if it makes a difference, but it doesn't.
My activated connection protocol on both the server and the client is TCP/IP and I have then changed the port on both the server and the client to a common 4665, which I then granted full passage through my firewall. Now the error has changed and says "the target machine has actively refused the connection", with status code 0... ???
So that's my current situation... Please, can anyone help me? What am I doing wrong?
SQL Server 2005 SP2, installed as a default instance at the domain controller. SSIS connection failed with the message Failed to retrieve data for this request. (Microsoft.SqlServer.SmoEnum) The RPC server is unavailable. No firewalls, client and server in the same subnet, ping is ok. I suspect the issue is similar to described here: http://support.microsoft.com/kb/940232 I've given the user all the rights to DCOM MsDTSServer, but I cannot include him to the local "Distributed COM users" group because the domain controller doesn't have local group at all. I have included the user into the "domain admins" group, after that user got a connection. But this is not good, you know what I mean. Does any other solution exists, without reinstallation SQL Server to another server or giving the administrator's rights to the user? Thank you.
Sorry I didn't know the best forum for this question.
I have 3 SQL 2005 x64 servers on my remote domain. 10.1.10.65 is the primary 10.1.10.66 is the mirror 10.1.10.67 is the whitness.
All 3 machines run the MSSQLSERVER service as a domain admin user acount, and all of the other servies use LocalSystem. All machines are configured to use the default instance name of MSSQLSERVER.
I have another seperate server ON THAT DOMAIN which runs IIS and ASP Classic. I installed the SQL Native client on that machine.
Here is the ASP code: ----------- <% dim strConnString, objConn, rs, sql
sql = "SELECT * FROM DFW" Set objConn = CreateObject("ADODB.Connection") objConn.ConnectionString = strConnString objConn.CommandTimeout = 300 objConn.Open
SET rs = Server.CreateObject("ADODB.Recordset") rs.CursorLocation = 3 rs.Open sql, objConn
Do While Not rs.EOF Response.Write rs(0) & " " rs.MoveNext Loop
rs.close objConn.close set objConn = nothing set rs = nothing %> --------------------------------
If I run this code on the server on the SAME domain and shutdown MSSQL services on the primary machine the Failover server starts working an serving data requests.
It I then take that code and run it from another REOMTE domain, I can connect to the primary server and get data, but when I force a failover for testing it refuses to connect the the MIRROR server.
In the error log on the primary server I see 12 errors. There are 4 sets of the following 3 errors, as SQL will try to connect 4 times before failing.
1) Date 4/7/2008 12:00:39 PM Log SQL Server (Current - 4/7/2008 12:00:00 PM) Source Logon Message Login succeeded for user 'sa'. Connection: non-trusted. [CLIENT: 10.1.3.79]
Does anybody know if it is possible to establish a connection to an sql express instance only with integrated security when this express instance is running on XP which is NOT part of a domain?
I used 3 seperate web.config files - one for Development seerver, one for Certification server, and one for Production server. The only difference between these three is the within the <connectionStrings> tags. For Example: <connectionStrings><add name="strConn" connectionString="server=xxx;uid=xxxx;pwd=xxxxx;database=yyy;"/></connectionStrings> Within Development the connectionString points to the Development SQL server, Cert to cert SQL, and Prod to Prod SQL. I do not have permissions to copy new Web.Config files into Cert or Prod, so when I have a change within my web.config I have to have another group manually add these files. Is there a way to identify the domain I am curernt within and use a specific set of connections string within the web.config based off this information. If so, can anyone post an example of how to do this...
(Cross post from newsgroup) Attempting to implement Windows authentication between trusted domains. . . I have a domain trust set up between two domains connected via persistent vpn:
Hi all. I am a bit new to SQL but I have studied much info, BOL, various best practices and so on. The problem is - I cannot find any tutorial which could tell me step by step how to set SQL server on a PC and connect to it from another computer (they all are on a domain). So I decided that I am doing something wrong...
I have done the following (all is done on virtual PCs): 1.I have installed a virtual PC with windows 2003, which acts as a domain controller.
2.I installed Win2003 on a second PC and added it to the domain. Installed MS SQL Server 2005 and SP2 on it. Server uses Windows auth. and all the services are running from a dedicated domain account which I added on the first PC.
I added a domain account (let's call it USER_X) to the SQL server Security/Logins
Everything is OK locally, I can connect to the server using USER_X from the same PC.
3.I installed Win2003 on a second PC and added it to the domain. Installed MS SQL Server 2005 client componenst, SSMS and SP2 on it. Logged on as USER_X. And tried to connect to the PC number 2. And failed. SSMS gives an error (1396) Named pipes error "Could not open a connection to SQL server". But the server appears on the list if I click Server name->Browse for more->Network servers. Why I cannot connect to it if I see it? Tried to enable Windows and SQL auth, created a pure SQL user USER_Y, checked locally - ok, can connect. But cannot connect as USER_Y from the third PC.
Finally 4.I installed Win2003 on a fourth PC (did not add it to the domain). Installed MS SQL Server 2005 and SP2 on it. Server uses Windows and SQL auth. Enabled Windows and SQL auth, again created a pure SQL user USER_Y, checked locally - ok, can connect. And checked connection from the third PC - I can connect fine as SQL USER_Y to the SQL server on a PC which is not on the domain but cannot connect as SQL USER_Y to the SQL server on a PC which is on the domain!
What am I doing wrong? How to connect from a PC on a domain to another SQL server on the same domain? It is just a basic config which (I think) SQL admins have gone through many times but I am stuck.
Help, please! I hope to hear from someone who has installed SQL server on a domain and successfully created remote connections.
Hi, I have been creating a web store, which we will be hosting on our Windows Server 2003 system. I am also writing a windows application that will be running on our client systems on the same network/domain. I have no need to allow internet access to the database, just within our domain. Pretty much the windows application will be running and whenever a customer places an order, the program will automatically pop-up the needed information for our credit card processing, and shipping department. So far I have been able to establish a connection to our server by creating a data connection under the server explorer. However, it does not list any databases whatsoever, the web site has been published using Visual Studio 2005 Professional on the server, and is in 100% working order. I have searched and haven't found anything concrete on this, i'm sure its just something simple that im missing. It appears that the server is definetely connected to the database (since the website is fully functional), but it is not listing the information for other systems to access it. If anyone has any ideas, please let me know. Thank you
I'm trying to set up replication from one SQL server to another.
The publishing server is not a member of a domain and is located in a hosting center (but we have full control over the server). I can set up a Snapshot publication just fine.
The subscribing server is located in another remote location and is a member of a domain. Here I can also set up the subscription without errors.
The errors, I think, comes when the snapshot is about to be created, the error is, on the publisher server:
[298] SQLServer Error: 18456, Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. [SQLSTATE 28000]
And the snapshot is not created.
Is it even possible to set up replication like this. I need to transfer the data from one sql server to another so we have a working "backup" so to speek if the other server does not respond.
I'm trying to establish connection between two SQL servers, one on a Domain and one on a Workgroup. When I log as the local administrator to the Domain machine, everthing is fine and both machines can register each other (both machines have the same local admin user name & password.) When I log back into the Domain on the Domain machine, I cannot register the Workgroup server but I can register Domain server from the Workgroup server. Putting the Workgroup machine on my Domain won't work because I'm going to be using a firewall. Do I need to set up another domain for the Workgroup machine and configure a trust on the Domain machine? Any suggestions?
Guys, I have problem in adding the user. The domain name "scs" that I am logged on a machine with user name "rao", But I am not able this user to SQL Server as scs/rao, it gives that the not found.
I am in the process of installing SQL Server 2005. Under Service Account I am selecting the domain user account option. It asks for the username, password and the domain name. How can I find out what the domain name is?
A while back I asked this in the SQL security forum, but did not receive any replies. I feel that this is a fairly basic, common question, so I am posting it here in the hopes that this forum has higher traffic and that someone here will know the answer.
I am trying to connect as follows:
Server: Windows 2003, SQL 2005, on a domain Client: Windows 2008 Beta, not on any domain
I created an account with the same user name as the domain user on the client machine. And then I logged in as that user and went to Manage Network Password. I entered the correct domain credentials. Verified that this worked for file shares. However, SQL does not appear to be recognizing this and it tells me:
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
I have verified that this domain account is working properly with SQL when the client is also on the domain.
Q: How can I get this Windows authentication scenario to work where the client is not on the domain and the SQL server is on the domain?
(Note: A similar case that can also occur frequently is that the server and client are on different domains.)
1. How could I change the Domain within SQL Server. 2. When the NT Server changed to a new domain, Does the SQL server change also? Could someone help me. Thank you.
SQL2K SP2 on Win2K Server in single native-mode domain
I'm trying to change MSSQLServer and SQLServerAgent to run under a domain account instead of LocalSystem. SQL is not running on the DC. I get Error 22042:xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security ID's was done'.
The SQL machine is part of the domain. I'm logged in as a Domain Admin.
I can map to a domain to the server where I have a sql Server database from my machine which is in another domin. However, I cannot register the sql server with enterprise manager from the same machine. I am assuming that it is not a permission problem since I could not get the registration to work logging on as SA or with windows authorization. What should be looked at?
We have a network setup with two domain controllers, DC1 and DC2, working independently from eachother along with a DBserver1 that runs a BCM database and is a member of DC1. For certain reasons we would like to demote the DBserver1 and join it on the domain of DC2. What are the steps required in order to properly move a BCM Database running on SQL2005 to a new domain, where the security data lies in the active directory of DC1?
I have a IIS server on "A" Domain. My application is hosted on on a machine which is under that domain.
I have a DB server, SQL server 2000 on B Domain. The server is a named instance of SQL Server 2000. I have a default SQL Server 7.0 on that same machine.
For the application i am trying to connect from the IIS to database server, but i am unable to connect to the named instance, but i can connect to the default 7.0 instance.
The connection string used for the application is as follows: oConn.open "Driver={SQL Server};Server=server_nameinstance_name;Database= db_name;uid=user_name;pwd=password;"
I am getting SQL Server does not exists error messege on page...
Please help, me if any one knows how to connect to the database server which is on different domain and is a named instance using the connection string in ASP page..
Novice wants to learn why it is not recommended to install sql 2005 express on to a 2003 domain controller. I have installed sql 2005 express on a 2003 domain controller and when I tried to run management studio it failed to run. there seems to be no problem with the engine, oh I also installed books online I wonder... can there be an issue with the books online and management studio I remember there were problems in the beta era. Now I am wondering if it's a good idea at all I feel like I have been left at train station with all my luggage, I have all this equipment... work stations, a server, printers and no resolution to my problem. most of all I want to learn why I shouldn't install sql on a domain controller... can someone please explain in detail.
I am trying to migrate users accounts from a 2000 Server to 2003 server I am changing domain names and the new domain a is a child domain off a parent domain. I have created a trust on both domain servers and the parent domain and I have created administrative users on each domain I am using the ADMIT migration tool and can get all the way through it then get an access denied when it trys to create the accounts. The knowledge bases on this say I need a Domain Admin user on each domains for the other domain. Being in a child domain it does not let me create this I have created users and added the admistrative group for each user this should give the rights to create the users on the new domain, but still am getting the access denied.
Does anyone know what I am missing on this? Any help would be greatly appreciated.
