When I log in as Administrator the package runs perfectly.
When I log in as Domain User (the one I really want to have running the package) I get:-
Started: 10:49:08 PM
Error: 2007-11-30 22:49:08.30
Code: 0xC0011007
Source: {807048F4-DE2A-465E-B9A7-82E163791556}
Description: Unable to load the package as XML because of package does not have a valid XML format. A specific XML parser error will be posted.
End Error
I have checked, and the Domain User has
"Full Control" permissions to the directory the package is in and
"Full Control" permissions for the DTSX file and
"Full Control" permissions to the directory the dtsConfig is in and
"Full Control" permissions for the dtsConfig fileAny suggestions as to what is wrong?
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
Hi, I want to use a domain user account not belonging to local admin or domain admin groups in SQL 2000/2005 Enterprise edition. This is what I've done so far.. On the machine that is the Domain Controller: - installed SQL 2005 as a domain admin
- created a domain user account using Active Directory Users and Computers. This user is only
"Member of" domain users; not any Administrators group.
- added this user to SQL Server Management Studio->Logins and in Server Roles assigned
sysadmin role. Question 1: Do I need to give any additional permissions to this user to work with SQL? Question 2: How can I test this user for basic SQL operations like database creation? Can I use Osql? Question 3: Can I use this user account to login to my domain controller using remote desktop? I tried adding this user to remote users, but in vain.
After SQL Server 2005 Database Engine is installed by domain administrator, how to give permissions to a regular domain user so that user can control SQL Server Database service?
I want to allow a user to only select from certain tables in a SQL 2005 database. Without granting any permissions, the user can select from any table.
All tables are owned by dbo. I am using a Windows login and it is not a member of any groups other than one to allow Terminal Server logins.
SQL login properties: Only server role is Public Mapped to a user with the same name Default schema is dbo No securables listed
User properties: No owned schemas No role memberships No securables listed
Database permissions: Under explicit permissions, this user is only granted Connect Effective permissions lists everything!!!
Where are these effective permissions coming from? TIA
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
I have 4 new SQL Server 2005 installations on Windows 2003 that I configured at our main office and shipped to a hosting center. All four servers are members of our domain. I set up test datbases with replication on one of the servers and facilitated this with a domain account.
Now that I've moved the servers to the hosting center (which has a DC) and I'm not having any luck adding domain accounts to the permissions section on any of the the SQL Server boxes.
When I try to add a domain account in the SQL Server's permissions window I get "Name Not Found". By every indication the server is connected to the domain. I can log on using my domain account; I can create shares specifying domain accounts but I can't seem to add domain accounts to the SQL server permissions. When I look in the permission's tab I still see the original domain account, I had added back in the main office, stranded by itself in the list of users. We're using mixed authentication by the way.
Why doesn't SQL Server recognize the domain? Where does it get it's list of users? Does the account I'm logging in with just not have the permission to add domain accounts? These diaglogs are slightly different from the normal 'add a user' dialog boxes.
I feel like this must be a simple oversight. Any help would be appreciated. I'd prefer to move away from local accounts to keep things simple.
Why can't another developer check out SSIS packages from source control in TFS. I have given the developer all the permissions out there. I was the one who had created an SSIS solution/project local on my machine and then added to source control in TFS under the teamproject. The developer can do everything except in the source control explorer, everything is grayed out. I know you can set up permissions in source control explorer, and I have done that. but still no luck. Can it be related to workspace. When I open the Souce control explorer, in the workspace, I see the name of my local machine. should it be different. or is something else an issue.
I'm trying to deploy a project that I deployed yesterday just fine, but today I get the following error:
------ Deploy started: Project: Point Reports, Configuration: Debug ------
Deploying to http://reporting.companyname.com/reportserver
Deploying data source '/Data Sources/Srv24.FieldResponse2_1'.
The permissions granted to user 'DOMAINharley.p.bartman' are insufficient for performing this operation.
Deploy complete -- 1 errors, 0 warnings
This seems like a basic permission issue, except I'm not logged in as the user listed! I've never logged into my computer as the user. I did log in to the reporting services website yesterday as that user, but since have rebooted my machine and logged into bothe my computer and the reporting services website as me. Yesterday this report deployed fine. Today, this error message. I've even tried creating a new project and just creating a simple datasource and deploying just that, but still this message! Where is Visual Studio storing and reusing this user name during my deploy process???
We recently upgraded to SQL 2005 from SQL 2000. We have most of our issues ironed out however about every 1 minute there is a message in the Application Event log and the SQL log that states:
EVENT ID 18456 Login Failed for the users DOMAIN/ACCOUNT [CLIENT: <local machine>]
This is a state 16 message which I thought meant that the account does not have access to the default database. The account is actually the account that the SQL services run under.
Any ideas? We can't seem to figure this one out. We actually upgraded to 2005 from 2000 and had an error appear after every reboot that prevented the SQL Agent from running(This application has failed to start because GAPI32.dll was not found. Re-installing the application may fix this problem.) We did a full uninstall of SQL and reinstalled fresh and restored the databases from .bak files and that is when the EVENT ID 18546 started occuring every minute.
We don't have any SQL heavy hitters here so please be detailed with any possible solutions. That you very much for any help you can provide!
.NET Permissions Error in Reporting Services when not using a custom assembly: I need help resolving a permissions error I€™m taking in a SQL RS 2005 report. I have a report that that is includes the following code fragment in Report Properties -> Code: Function rtf2text(ByVal rtf As String) As String Dim rtfcontrol As New System.Windows.Forms.RichTextBox Try rtfcontrol.Rtf = rtf Return rtfcontrol.Text Catch ex as Exception Return ex.Message End Try End Function I reference the .NET System.Windows.Forms DLL under Report Properties -> References -> References, Assembly Name (heading): System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 I have a text box with the following expression: =code.rtf2text(First(Fields!EndingQuoteComment.Value, "QuoteHeader")) And I€™ve verified, by removing the code.rtf2text command that is populated with the following: { tf1ansiansicpg1252deff0deflang1033{fonttbl{f0fromanfprq2fcharset0 Times New Roman;}{f1fnilfcharset0 Arial;}} viewkind4uc1pardif0fs32 ** Ending Quote Comments **par 0i0f1fs17par } When I run the preview in Visual Studio is correctly strips the RTF and displays just €œ** Ending Quote Comments **€?. When I €˜RUN€™ locally or deploy to a SQL RS 2005 Server and run the report I take the following error: Request for the permission of type 'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. I€™ve tried everything that I can think of on the server to make this work. I finally put together a Win 2003 box with SQL 2005, IIS, and RS 2005 running on it in a virtual machine to be 100% sure I had a standard clean install and deployed the report and I€™m getting the same error. Below I€™ve included a basic standalone RDL file that demonstrates my issue. I get the error referenced above when I deploy the RDL below. Any ideas or suggestions are greatly appreciated?
<?xml version="1.0" encoding="utf-8"?> <Report xmlns="http://schemas.microsoft.com/sqlserver/reporting/2005/01/reportdefinition" xmlns:rd="http://schemas.microsoft.com/SQLServer/reporting/reportdesigner"> <BottomMargin>0.25in</BottomMargin> <RightMargin>0.25in</RightMargin> <PageWidth>7.75in</PageWidth> <rdrawGrid>true</rdrawGrid> <InteractiveWidth>7.75in</InteractiveWidth> <rdnapToGrid>true</rdnapToGrid> <Body> <ReportItems> <Textbox Name="textbox21"> <Left>0.25in</Left> <Top>0.25in</Top> <rdefaultName>textbox21</rdefaultName> <Width>6.375in</Width> <Style> <PaddingLeft>2pt</PaddingLeft> <PaddingBottom>2pt</PaddingBottom> <FontSize>7.5pt</FontSize> <PaddingRight>2pt</PaddingRight> <PaddingTop>2pt</PaddingTop> </Style> <CanGrow>true</CanGrow> <Height>1.375in</Height> <Value>=code.rtf2text("{ tf1ansiansicpg1252deff0deflang1033{fonttbl{f0fromanfprq2fcharset0 Times New Roman;}{f1fnilfcharset0 Arial;}} viewkind4uc1pardif0fs32 ** Ending Quote Comments **par 0i0f1fs17par } ")</Value> </Textbox> </ReportItems> <Height>5.25in</Height> </Body> <rd:ReportID>8804486c-882f-493c-8dfb-b2f778a24b21</rd:ReportID> <LeftMargin>0.25in</LeftMargin> <CodeModules> <CodeModule>System.Windows.Forms, Version=2.0.50727.42, Culture=neutral, PublicKeyToken=b77a5c561934e089</CodeModule> </CodeModules> <Code>Function rtf2text(ByVal rtf As String) As String Dim rtfcontrol As New System.Windows.Forms.RichTextBox Try rtfcontrol.Rtf = rtf Return rtfcontrol.Text Catch ex as Exception Return ex.Message End Try End Function </Code> <Width>7.25in</Width> <InteractiveHeight>10in</InteractiveHeight> <Language>en-US</Language> <TopMargin>0.25in</TopMargin> <PageHeight>10in</PageHeight> </Report>
I'm totally stuck on this issue and would really appreciate any advice. Here's what's going on...
I'm trying to install SP2 on a SQL 2005 Std x64 cluster and all the components upgrade except the DB Engine, which fails with this error saying the domain group (not the service account) could not be validated for the full-text search service.
I've rebooted both nodes. I've verified that the domain group exists. I even removed the full text search component and I still get the same error.
I've reviewed this: http://support.microsoft.com/kb/915846 But the ftsgroup registry value mentioned does not exists. I assume it only shows up after sp2 is installed.
Interestingly, I couldn't uninstall full-text search unless I passed the FTSCLUSTERGROUP parameter to the setup.exe command line remove command.
The OS is Windows Server 2003 Ent x64 SP2. Not a domain controller. I'm upgrading from the RTM version of SQL Server.
I've posted the relevant parts of the summary and log files below.
Thanks in advance for any ideas!
- Chris
-------------------------------------
Summary.txt ==========
Product : Database Services (MSSQLSERVER) Product Version (Previous): 1399 Product Version (Final) : Status : Failure Log File : C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGHotfixSQL9_Hotfix_KB921896_sqlrun_sql.msp.log Error Number : 28130 Error Description : MSP Error: 28130 A domain group is missing for one or more services. To install SQL Server 2005 as a failover cluster, domain groups must be specified for all the clustered services being installed .To proceed, enter the missing domain group information. The domain group cannot be validated for the service Full-Text Search.
Failed to validate group name for FTSCLUSTERGROUP. Error 87 Error Code: 0x80070057 (87) Windows Error Text: The parameter is incorrect. Source File Name: sqlcadomaingroupdialog.cpp Compiler Timestamp: Sat Oct 7 09:43:40 2006 Function Name: validateSetDomainGroups Source Line Number: 484
MSI (s) (A8!98) [12:17:17:610]: Transforming table Error. MSI (s) (A8!98) [12:17:17:610]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:610]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 Error Code: 87 MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Product: Microsoft SQL Server 2005 (64-bit) -- Error 28130. A domain group is missing for one or more services. To install SQL Server 2005 as a failover cluster, domain groups must be specified for all the clustered services being installed .To proceed, enter the missing domain group information. The domain group cannot be validated for the service Full-Text Search.
Error 28130. A domain group is missing for one or more services. To install SQL Server 2005 as a failover cluster, domain groups must be specified for all the clustered services being installed .To proceed, enter the missing domain group information. The domain group cannot be validated for the service Full-Text Search. <EndFunc Name='LaunchFunction' Return='87' GetLastError='0'> MSI (s) (A88) [12:17:17:642]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:642]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 Action ended 12:17:17: Validate_ServiceAccounts.3EA9D9BF_D9D2_4023_B2A7_9E2137B2FB1B. Return value 3. Action ended 12:17:17: INSTALL. Return value 3. Property(S): ProductCode = {26F1A218-3158-4107-B3A6-37FD61CEE969} Property(S): ProductLanguage = 1033 Property(S): Manufacturer = Microsoft Corporation Property(S): ProductVersion = 9.2.3042.00
SQL2K SP2 on Win2K Server in single native-mode domain
I'm trying to change MSSQLServer and SQLServerAgent to run under a domain account instead of LocalSystem. SQL is not running on the DC. I get Error 22042:xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security ID's was done'.
The SQL machine is part of the domain. I'm logged in as a Domain Admin.
I need to provide a UI to get the information to add a windows login to a SqlServer database. The CREATE LOGIN Sql statment requires the user name as "DomainNameUserName". I can get a list of users in XML using the following code:
public static XmlDocument GetAllADDomainUsers(string DomainPath) { string domain; XmlDocument doc = new XmlDocument(); doc.LoadXml("<users/>"); XmlElement elem;
DirectoryEntry searchRoot;
ArrayList allUsers = new ArrayList();
if (DomainPath.Length == 0) { DirectoryEntry entryRoot = new DirectoryEntry("LDAP://RootDSE"); domain = entryRoot.Properties["defaultNamingContext"][0].ToString(); } else domain = DomainPath;
searchRoot = new DirectoryEntry("LDAP://" + domain);
This works for listing the names but how do I get the NetBIOS domain name for a selected user as required by SqlServer? I have tried using TranslateName from secur32.dll. That works on some machines but for some reason on other machines, it returns a blank. Is there another way?
My SQL servers are using integrated windows nt security. Our user account is changing to a new domain. Is there an easy way to change the server logins to point to the new domain instead of removing the user and adding a new login from the new domain.
Im currently working on a intranet and trying to set up some security. The intranet acesses a SQL server 2000 database. I would like to know if there is a stored procedure(or other way) of returning all the domain groups that a user belongs to when passed the users NT login. I found xp_enumgroups which returns all the groups on the domain and also xp_logininfo which returns the users of a passed domain group. These are usful but i need to just pass the NT username and return all the Domain Groups. Any thoughts, ideas would be great!
My SQL Server is running as a Domain user account and it asked me to enter the password for thr Domain user account when I was changing the Startup account from Local to Domain user. My QUESTION here is: Is there a way or command for me to change the password automatically on the Services account, if I change the password for the Domain User account/.
New to SQL Server. Plan to install SQL Server 2005 standard edition on Windows 2k3. After searched a lot of places, still don't understand what exactly "domain user account" is. Could someone explain it to me? 1. Is this a OS account where SQL Server is running? 2. Or, is this an account under domain controller on other machine? Is this an account on DNS srver? How do I create it? 3. Or, is this an account in SQL Server?
Where is this account located? How do I manage it?
is there an easy way I can give a specific user complete insert,update, and delete permissions on all tables,view, and sp in a db without having to set individually for all?
Is there an automatic way of changing the Domain user password getting used for running the SQL Server as a Domain user account? I'm taking about EM---Security----Domain User name and the password getting used for running the SQL Server?
Hi, I'm new in MS SQL Server; comming from Firebird and PostgreSQL. I'm trying to import the SQL Script of a database I have in PostgreSQL 8; one basic SQL functionality is the "domain", as the way to create a user datatype; in my database I have one basic domain: OID:
CREATE DOMAIN dom_oid AS numeric(18,0) DEFAULT nextval('oid_secuence');
Is there a similar way to create this kind of types in SQL Server?
I have read the posts concerning login failures for the ASPNET user. I have a slightly different problem, as you can see from the title of this post.
My environment is a private domain that has two machines:
1) Windows 2000 server on which SQL Server is running. Let's call it FOO_SERVER.
2) Windows XP Professional on which I am running my IIS and .NET development environment. Let's call it FOO_WORK.
3) Let's call the domain, FOO_DOMAIN.
The user, ASPNET, is not a domain user, but a local user, so I do not know how to establish it as a valid login for SQL Server. But this is beside the point, anyway, as the error I am getting has nothing to do with the ASPNET user. It appears that a different username is being used to access SQL Server.
I've been trying to workout how, without impersonation, I can allow an application running under the default ASPNET user to access a network resource (SQL Server/ADAM) not on the same physical machine.
It seems that because the ASPNET user is a local user not a domain user I can't setup windows authentication on the network resource. That seems to leave impersonation which MS et al say is unwise.
Is there a way to change a logins based on domain users, we just changed domains so all the domainlogin logins are not working anymore. Do I have to reapply every security on every database object? There has to be a fix for this, its a common thing.
Any help is greatly appreciated, everything i googled applied to SQL Server 2000 and system tables that dont exist in 2005
Hello,My server is part of a W2K domain. What do you advice me as account torun my SQL*Server, service started with a domain user account or aslocal system ?I need advices from a security point of view.Thank's in advance
I m facing problem in order to publish my reports on the web. the anonymous person will not be able to see my reports, I do not why might be Reporting service restriction for anonymous person. My reports can only see by the person who are my domain user. I want to publish these reports to web. Can you please help me and tell me how to permit anonymous person to view my reports on the web out side domain
I have setup a SQL 2014 server with mixed authentication. Below is sequence.
1. Created a server. Added server to a domain & logged out.
2. RDP to the server using a local account. Installed SQL 2014. Kept the services to run using default NT Authority accounts during initial setup. SQL was installed in mixed mode (SQL & windows authentication). a specific 'sa' pwd was set.
3. After initial setup, I changed all SQL services Logon account to be respective domain accounts. Made sure all services restarted, up & running.
Now, for the same 'sa' SQL login account -
--> if I RDP to the server using local system admin & connect to SQL studio with 'sa' (SQL authentication) - it works. but --> if I RDP to the server using my domain account (which is already an admin on SQL & windows), but connect SQL studio with the Same 'sa' (SQL authentication) - it fails & gives - unable to login 'sa'... ; standard error code : 18456.
Question : How can be the same 'sa' login, is acting different based on with what user context I RDP to the server ?
In an attempt to improve security for our web server/db server setup, we have a SQL Server 2005 server set for Windows authentication only and a web server (both behind a firewall together on a single local domain).
The web server is using IIS7, and the default NetworkService account to run the ASP.NET processes.
I've given the NT AUTHORITYNETWORK SERVICE account access to the database in question.
The SQL authentication fails, but the account failing is NOT the NetworkService account, but the <DOMAIN><COMPUTER>$ account.
Note that if I use identity impersonation with a specific domain account, I can get the app to work. However, I do NOT want to use impersonation, I want the default NetworkService account to work.
Does anyone know why IIS, which is supposed to be using NetworkService, is instead using the <DOMAIN><COMPUTER>$ account to connect to SQL, which is then failing?
I am new to this forum so I hope I have got the right one.
The problem I am having is I installed a new server into an office with 25 users. I joined the users to the new domain with new logins.
The server process then installed outlook 2003 onto each machine. Most machines are windows 2000
Problems arose in sage I have tied this down to the report designer and odbc.
On every machine bar 1 the report designer crashed when running a report. The problem like I said was that you cannot now connect to the odbc driver for sage and when you go into odbcad and try to look at the driver you get an error saying
The setup routines for the sage line 50 odbc driver could not be loaded due to system error 127
Then after that comes
Could not load the setup or translator library
I have looked on the net for this error and it tells you to look in the registry to make sure that the odbcinst is pointing to the correct location, I have checked this and it is. I ahve also checked the security and this seems ok aswell.
The next step was I loaded a fresh copy of windows 2000 into a new folder and tried to load the odbc driver again. This failed with the same as above.
This points to the software settings but I cannot find out where.
Iwas wondering if anyone has had the same problem and they could point me in the right direction.
am working on asp application which basically is an interface to the report server. I am currently unable to determine the source of the problem so it may have nothing to do with reporting services.
I am working on asp application which basically is an interface to the report server. I am currently unable to determine the source of the problem so it may have nothing to do with reporting services.