I apologize for a dumb question, but where could I find an example of making a VB 6 (not .NET) connection to a SQL 2005 server using the current user's NT security properties? I don't want our users to use ODBC, nor have to hard code a SQL login. I wish to control access via their presence/absence in an active directory group. I think this means I want the VB to use the current user's NT security context to help with the connection. I will pass the server and the DB, but I do not want to pass the password. I am pretty sure there is a method for this, but I cannot find one. All my examples show a sql login and a password as part of the string.
Hello, I have a sql 2005 server, and I am a developer, with the database on my own machine. It alwayws works for me but after some minutes the other developer cant work in the application
He got this error
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.1.140]
and When I see the log event after that error, it comes with another error.
SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.140]
He has IIS5 and me too.
I created a user on the domain called ASPSYS with password, then in the IIS on anonymous authentication I put that user with that password, and it works, on both machines.
I go to the profiler, and I see that when he browses a page, the database is accesed with user ASPSYS, but when I browse a page, the database is accesed with user SElevalencia.
Thats strange.
The only way that the other developer can work again on the project is to restart the whole machine. He has windows xp profession, I have windows 2000.
My DTS package, deployed and run from the file system, works just fine for me, but fails when someone else runs it. The only explicit error from the dtexec command is:
I have a user who has some ODBC connections that use SQL Authentication (through a generic id)to connect to SQL Server that work fine. What worries me is the user can access the same SQL Server throught NT authentication and connect through QA, EM (registering a server) or ODBC, even though she is not listed in the security of that SQL Server as a SQL user or and NT user. Worse is that she seems to have full rights to the server. I had her log in on another box and the same thing happened. I am on SQL 2000 SP1. Anyone have any ideas to is it time to call MS?
Microsoft Security Paradigmes are Irritating. I sure they're fine onceyou know what they are, but for the uninitiated it's quitecounterintuitive to work with.I moving an old SQL Server-backend-IIS5/ASP-frontend application toservers with windows 2003 standard edition. One server will run thedatabase the other will run IIS 6.0. Note that i haven't set-up adomain, which i think requires one machine to be domain controllerwhich would decrease performance and stuff. I've simply put them on thesame group.I wan't to restrict access the sql server so only the incommingconnection from the webserver is allowed. I can use either namedpipes(which should be the fastest protocol) or tcpwhich should beslight slower than named pipes) but i seem to have a problem. If I usenamed pipes to connect the IUSR(the user under which IIS is running)must have access-rights to IPC$ share on the sql server. I can't seemto set any access-right directly for IPC$ share, but i can reactivatemy guest user and then it works, everyone can now access the ipc$ shareso it's not really what i'm looking for.I can also connect through TCP( and set up some kind of filter onlyallowing incomming connections on port 1433 from the ip of the webserver.But i don't know how to do this. I've taken a look at the IPSec stuffbut it's all about kerberos authentication and other bull which i don'tthink i need. What i need is simply a ip traffick filter, which doesnothing else but reject incomming connection from all other ip's thanmy webserver.My question is how do I do this? Do i need to have a addtitíon"firewall" service running and if so why, how much extra overhead willthis create for the server. Alternately, is it possible to change theaccess right for the IPC$ share manually?Thanks in advance for any input you might have on this?Regs Jens
My company gave me their old Windows 2000 server. I installed mydatabase on it and the ODBC connection works perfectly on the server.When I go to my client machine I go the the ODBC Connections in it andit fails. It refuses connections and will not reply to pings. It is nota network issue, as I can telnet to the server just fine. It's strictlya security issue. I just have no clue where to look. Any suggestionswould be appreciated. Thanks
I have an app that queries the same SQL Server, instance and database. In one execution of the app, it makes multiple queries against the database in two different runs, each run being approx. 10 seconds apart. The app app does remote logins to the SQL Server using Standard Security. Each run makes twenty (20) connection attempts and all connection attempts between the two runs are using the same SQL account/password€¦(when successful) there is a .5 second delay between each attempt. So, here is a visual description:
The problem I€™m seeing is: All connection attempts in Run 1 are successful in connecting to the SQL Server. All connection attempts in Run 2 are UNSUCCESFFUL when connecting to SQL Server (error message is €œSQL Server cannot be found or Access Denied€?). Remember, ALL connection attempts are using the same SQL account and password.
As an added note: When I switched from using SQL Standard Security to Windows Security, ALL connection attempts in each Run was successful.
Does see anything wrong with this? Is Standard SQL Security limited in the number of simultaneous connections or in some other kind of way?
I am using windows impersonation in a CLR that is retrieving folder structure. In order to use impersonation I need to pass the windows credential to the SQL server so I am trying to use "integrated security=SSPI" and I also tried "integrated security=true" as well with the same result...I get the error: Login failed for user ''. The user is not associated with a trusted SQL Server connection. The SQL Server and IIS are located in different un-trusted domain. I am however able to connect to the SQL Server using user id and password. In my web.config file: <add name="ConnectionName1" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;Integrated Security=true;persist security info=False; Trusted_Connection=Yes;" providerName="System.Data.SqlClient"/> à Doesn’t work <add name="ConnectionName2" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;uid=user;pwd=password;" providerName="System.Data.SqlClient"/> à WorksBased on the error message it looks like there is no user passed to the SQL server. What am I missing? At this point I am thankful for any input…
Does anybody know if it is possible to establish a connection to an sql express instance only with integrated security when this express instance is running on XP which is NOT part of a domain?
Hi,A person from my company's IT department approached me a few days ago saying that they followed some instructions on a recent security vulnerability in IIS whereby they where told to turn impersonation off in IIS. I'm afraid I don't know the exact procedure, but I do know that it took down all of my applications with the following error:"Failed to generate a user instance of SQL Server"I do NOT have impersonation enabled in my web.config, however all of my connection strings look like the following:<add name="myConnectionString" connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|myDatabase.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>From what I've read, this type of connection string, which VWD 2005 generates by default, is not the correct way to go about connecting to a database. Could this be my problem??Thanks!
Hi , I am trying to connect to MS Sql server 2000 from Java (1.4.2 /1.5 ). I installed my Sql Server(8.00.382) from the one supplied withVS.NET 2001. When I installed it on my laptop it did not ask me for auser name and password. After install when I re-started my machine Isee the server started up with a green light. Now when I connect to theserver from VS.NET it works fine. This is because VS uses windowsintegrated security. I now need to connect using Java , so I downloadedthe microsoft drivers for SQL2000-JDBC sp3 from the microsoft site. Iadded the jar files to my Java project classpath. I manage to registerthe driver in java :Class dbClass = ClassLoader.getSystemClassLoader().loadClass("com.microsoft.jdbc.sqlserver.SQLServerDriver");DriverManager.registerDriver((Driver) dbClass.newInstance() );Connection conn =DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;_integrated security=SSPI");but cannot seem to get a connection as it gives an SQLException sayingthat it is unable to connect:java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Errorestablishing socket.I cant seem to figure it out.Can some one help ??I am a newbie to sqlserver so couldnt quite figure out how to changeadmin password or create a new user with the tools provided with thisversion of sql (SQL Server Desktop Engine).Any help will be appreciated.Ebby
Assume I have an asp.net/sql server 2000 web app in a shared hosting environment. I then encrypt the connection string using ProtectSection("DataProtectionConfigurationProvider") in the page load of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server. 2. The first time I run the app eg. www.whatever.com/default.aspx, the ProtectSection method above is executed. 3. Now the conn string area of my web.config is encrypted, and asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config -- whether via getting into the server or via ftp, they would see an encrypted connection string. Thanks very much!
Any way to find out who's causing "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." error in SQL Server error logs?
I have a piece of Java code that needs to connect to SQL 2000 (SP4) using Windows Authentication. It's running on Windows Server 2003 SP1.
I tried JDBC v1.1 and followed the code from the following blog:
http://blogs.msdn.com/angelsb/default.aspx?p=1
But still get this error as shown below. Any help appreciated.
I am using JDK1.4.2, "sqljdbc_auth.dll" is located under "E:SQL2005JDBCDrvsqljdbc_1.1enuauthx86", also made a copy under "E:JavaTest" and "C:WindowsSystem32" but still won't work.
E:JavaTest>java -classpath ".;E:JavaTestsqljdbc.jar" -Djava.library.path=E:S QL2005JDBCDrvsqljdbc_1.1enuauthx86 TestW2 com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError (Unknown Source) at com.microsoft.sqlserver.jdbc.IOBuffer.processPackets(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.processLogon(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(Unknown Source ) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(Unknow n Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.loginWithoutFailover (Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Sour ce) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source) at java.sql.DriverManager.getConnection(Unknown Source) at java.sql.DriverManager.getConnection(Unknown Source) at TestW2.main(TestW2.java:7) ===========================================================
The code is simple (TestW2.java):
import java.sql.*;
public class TestW2 { public static void main(String[] args) { try { java.lang.Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); Connection conn = java.sql.DriverManager.getConnection("jdbc:sqlserver://VMW2k3ENT003.TESTCBFPOC.COM.AU;integratedSecurity=true"); System.out.println("Connected!"); conn.close();
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says: Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.Â
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?
In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.
If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?
Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.
I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?
Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?
I'm designing a distributed application where I will have SQL Server 2005 distributed databases replicating data to my central hub which is again a SQL Server 2005 database using SQL Service Broker. Data will be sent from the central hub to the distributed sites and vice versa. I need to authenticate the communication and also secure the communication by encrypting the messages. Which security shall I use? Where do I configure the type of security being used? What is the difference between transport security Vs dialogue security - Full security model?
I added a connection (ADO.NET) object by name testCon in the connection manager - I wanted to programmatically supply the connection string. So I used the "Expressions" property of the connection object and set the connectionstring to one DTS variable. The idea is to supply the connection string value to the variable - so that the connection object uses my connection string.
Then I added a "Backup Database Task" to my package with the name BkpTask. Now whenever I try to set the connection property of BkpTask to the testCon connection object, by typing testCon, it automatically gets cleared. I am not able to set the connection value.
Then after spending several hours I found that this is because I have customized the connection string in testCon. If I don't customize the connection string, I am able to enter the "testCon" value in the connection property of the BkpTask.
I have a package that uses a for loop to iterate through an unknown amount of excel files and pull their data into a table. However, there will be cases when the file is corrupted or has some sort of problem so that either the transformation will fail or the excel data source will fail with an oledb connection error. Could anyone suggest a clean way to trap these errors? Specifically, the "Cannot Aquire Connection from Connection Manager", which is the excel connection.
Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.
What's the better security to use? Currently I'm always registering using the Windows authentication. When I'm trying to register using SQL authentication I always get "Login failed for user 'sa'" error....
All -- Please help. I have some questions about connection strings.
BACKGROUND...
Note that I am using the "SQL Native Client OLE DB Provider", SQL Sever 2005 Express, ASP.NET, C#.NET, and VS.NET 2005. Note that I do not want to use the "Attach a database file" type of connection string. Note that I am using the site http://www.ConnectionStrings.com as a reference. Note that this "Standard security" connection string...<add name="LocalSqlServer" connectionString="Server=MYTESTOFFICESERVERS;Database=MyDatabase;Uid=MyDatabaseUser;Pwd=MyDatabasePassword;" />...does not work and causes the following run-time error...A connection was successfully established with the server, but then an error occurred during the login process. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.) Note that this "Trusted connection" connection string...<add name="LocalSqlServer" connectionString="Server=MYTESTOFFICESERVERS;Database=MyDatabase;Trusted_Connection=yes;" />...works but is less-than ideal because it uses a Trusted Connection rather than a Username/Password combination.
QUESTIONS... (A) What exactly does the error in Item 4 mean? (B) Do 4 and 5 imply that one must use a Trusted_Connection for all SQL Server 2005 Express connection strings when the database does not reside in the web application's App_Data folder or use a "Attach a database file" type of connection string? (C) Are there any alternatives? (D) What do you suggest?
We are using the Windows Task Scheduler as a substitute for the SQL Server Agent, which isn't available in the Express edition. The scheduled task just calls a batch file, which in turn, runs a stored procedure using osql with the -E option for a Trusted Connection.
SQL Server Express has been installed using the defaults, which means the service is running in the "NT AUTHORITYNETWORK SERVICE" account. The scheduled task we create is set to run using the "NT AUTHORITYSYSTEM" account.
Now we find that on Windows Vista (tested using Ultimate Edition) that the scheduled task fails to run the stored procedure until the machine is rebooted the first time after installing SQL Server Express. When I say "fail", I mean that the stored procedure isn't executed. The scheduled task however completes and reports no errors. On Windows XP, we do not run into this problem so I suspect it has something to do with the UAC in Vista?
We further found that after installing SQL Server Express and creating the scheduled task in the "NT AUTHORITYNETWORK SERVICE" account, the scheduled task (and stored procedure) runs fine WITHOUT requiring a reboot.
Can anyone explain why a reboot is needed to get SQL Server Express to run the scheduled task correctly under Windows Vista and the SYSTEM account?