SQL Server Admin 2014 :: Group Policy User Denied Access
Sep 15, 2014
I have a user, who is trying log into the server, but everytime he gets this error saying something about the Group policy denies him access.
This user needs access and i'm trying to understand how to grant it to him.
I have been looking into how i can access the group policy editor, but the farthest i can get is the Local group policy editor. How do i make sure this specific user has access?
Is there any way to enforce table references in stored procedures? For Example, we have stored procedures with a ton of different formats, "dbo.table", "table", "db.dbo.table", etc. Can we make it so that for every stored procedure, the reference must be at least "dbo.table"?
Recently after turning on trace I restarted the sql services on a box which is configured for automatic failover availability groups. The ag has not failed over to other node. The other node was in resolving state. When the restarted server is back, the AG went back to that server. I checked the sys.availability groups field for failover property failure condition level, it's set to 1 which means service restarts should initiate the failover.
What I asked for: Three Windows Server 2012 R2 machines with independent storage running a SQL Server 2014 AlwaysOn Availability Group. DB1 would be the primary, DB2 would be a synchronous replica, and DB3 would be a remote asynchronous replica.
What I was given: a two-node Windows Server 2012 R2 WSFC to run SQL Server 2014 Enterprise with shared storage and a third (remote) Windows Server 2012 R2 machine with independent storage, also with SQL Server 2014 Enterprise, to host an AlwaysOn Availability Groups asynchronous replica.
DB1 and DB2 (as Cluster1) share an E: drive. The remote DB3 has its own E: drive. Initially, DB3’s E: drive was claimed as a cluster resource and I couldn’t even see it. I’ve had several ugly days trying to make this work and have temporarily given up, installing DB3 as a standalone SQL Server that is no longer part of the WSFC and pointing everything towards that (it was originally a third node in the WSFC).
Is it possible to create an AlwaysOn Availability Group with nested clusters (i.e. create the AOAG with Cluster1 and DB3 and somehow ignore the individual nodes that comprise Cluster1)?
Hi AllI am getting an access denied message when I launch the Virtual Serveradministration screen, however I can connect through the Virtual Machineremote connectivity without any problems. Please help, I upgraded my memoryand need to change setting though Virtual Server Adminitration screen.Is there a way around this issue!Thank you in advance,James--Message posted via http://www.sqlmonster.com
I setup an availability Group. (Only 2 servers - Primary And secondary) -- 21 , 22
I also define an listener . IP .. 23
1- In First step I connected To Listener (23) And in a while I inserted A record to a table .
While 1=1 insert into Tbl_T1(f1,f2) Values (1,2)
2- in second, I Stop the primary .
- I expected this while whitout disconnect, continue.
3- The while code stopped whit this message :
Msg 64, Level 20, State 0, Line 0 A transport-level error has occurred when receiving results from the server. (provider: TCP Provider, error: 0 - The specified network name is no longer available.)
4- I execute again the script, And it worked in new primary.
My questions :
1- is the listener disconnected between switched primary and secondary ? OR have we data loss between switching?
2- I did some huge update on Primary that fill the Log fiel space. And in last Update I got this error :
Msg 9002, Level 17, State 2, Line 27
The transaction log for database 'Your_DB' is full due to 'LOG_BACKUP'.
Is this (Fill All space) a reason to switch primary? Or not ?
I'm running a primary and secondary on sql server 2012 enterprise edition on windows server 2012, and it runs fine except when a network outage occurs.
Then the handshaking keeps failing, the databases on the replica show as not synchronizing and the only way to fix this is to reboot both primary and secondary.
We keep getting 3520's, etc. on the DR error log
How to eliminate all these prod reboots?
I increased query connection timeouts to 60, but saw no change.
A little background on what I am trying to achieve first. We are moving to Azure virtual machines and we will have 8 disks on the SQL Server box. I am adding more files to the primary file group and each file will go on its own drive. I am then rebalancing data across these files by rebuilding all of the indexes on the tables which is working fine. No problems so far all is good.
I now have an additional problem. If there is a lob or blob column on the table, rebuilding the clustered index and all the non clustered indexes doesn't rebalance the blob or lob data across the disks such as it does with in row data.
I cannot find any articles on rebalancing lob or blob data because all the articles say to move to a new file group. I do not want a new file group, I just want to use the primary file group where the data already resides, and just redistribute it evenly in the same way that I can in row data which is working fine.
One solution I thought about was to BCP data out of the table, truncate the table and then BCP back into the table which I imagine would have the desired effect of distributing the data evenly over the files.
We have applications connected to SQL using windows authentication. While having connection with Application user can also access to Database instance on the same time as well. We need to limit the access of user outside application.
I have SQL Server 2014 (Enterprise) on Server A. The service runs under DomainAAdmin.
The Client machine is B, User credentials DomainBUser.
DomainBUser has a share on B that contains a BCP data file. DomainAAdmin has full access to this file.
If I log onto A (the server machine) with either DomainAAdmin or DomainBUser credentials, and run SQL Server Management Studio with Windows Authentication I can run BCP sucessfully using the following:
BULK INSERT [MyTable] from 'Bsharedatafle.tsv' WITH ( KEEPNULLS , KEEPIDENTITY ) However, if I log onto B, (the client machine and the machine hosting the share) and try to run the same bcp command, I get "Access is Denied".
I've been running the Ola Hallengren maintenance script for the last five months without missing a beat. Today I find an error stating the UserDatabase Integrity check job failed last night. This is running on SQL Server 2014 BI edition w/64 Gigs.
I ran a DBCC CHECKDB on each database manually and all worked until I tried it on the biggest one that is about 18 gbs. It just keeps running and I eventually stopped it so I'm guessing it is memory, but doesn't make sense considering it has 64 gbs. I have it set to 64/4 max / min. Again, this was never an issue until last night.I've been looking up all morning, but not seeing much on this error "The operating system returned error 1453"?
I try to connect from a pc to a SQL Server on another pc. Both pc’s are in a workgroup. I want to connect from a Windows Forms application to a named instance on the other computer. By now I have been able to connect from one pc to SQL Server on the other with tcp:smurfin, 52782.
I want to be able to use servernameinstancename (instead of portnumber) to make a connection in a Windows Forms application.
I’ve checked / tried te following:
•In the properties of the instance, tab Connections, the option Allow Remote Connections is enabled •In Configuration Manager: TCP is enabled •The service SQL Server Browser is started •On the tab IPAddresses, in the section IPAll, there is NO portnumber for TCP Port. And TCP Dynamic Ports has the nummer 52782 •I have created un inbound rule for port 52782 and also for 1434 (SQL Server Browser). And to be on the save side: a rule for 1433 as well. •Restarted the service
If I run the following code in SQL Server, that same port number (52782) is returned:
EXEC xp_ReadErrorLog 0, 1, N'Server is listening on', N'any', NULL, NULL, 'DESC' GO SELECT local_tcp_port FROM sys.dm_exec_connections WHERE session_id = @@SPID
While running Sql 2014 upgrade advisor against a 2005 remote sql server. Below is the error im getting:
"Could not populate SQL Instances: System.Security.SecurityException: Requested registry access is not allowed"
Its able to connect SQL 2005 DB server and its also populating all the required Databases, but when i'm tring to click Run at the last step above error is coming. I even installed SQL 2012 upgrade advisor in my system and getting the same above error.
However if i use SQL 2008 upgrade advisor and connect to SQL 2005 server im not getting any error.The tool is generating successfully all the Pre and Post upgrade issues.
I'm running the tool with Run as administrator option. Is there any specific change i need to do in my system so that the tool runs successfully.
I have a user who needs access to views like(dbo.viewnameabc1,dbo.viewnameabc2 and so on...) dbo.viewnameabc* and anytime the user creates the view he already have the permission to view those views....
SQL server job or SP to deny access to an AD login for certain period of time to SQL server instance...i.e. to deny access to login ADxyz from 12 PM to 10 PM and revoke access to same login at 10:01 PM...
I have system database and user database file are present in G,H and W drive.The process is going to be - copy data from G to S, H to T, W to U. Rename G to X, H to Y and W to Z. Rename S to G, T to H and U to W. Reboot the servers. The original G, H and W will then be X, Y and Z. The old S will be the new G, old T will be H and old U will be W. My question is that after doing this whether my SQL server will start or not
I've recently started working with a public sector organisation who have 4 clustered sql instances that has 80% of it's db mirrored.
Looking at the transaction log - it seems that a transaction log backup is a good idea as the log is 4x larger than the data file.But I'm not allowed access to the physical server to check onto which drive I can create the trn. No RDP, no vmware - let's be honest I'm not even allowed to launch cmd line Also the Server Manager informs me "We will need to carefully look at database backups if you guys want to start doing these backups on box, as that will break our off box backup routine (it will screw the transaction chain)."
I don't understand how backing up the transaction log could break the "transaction chain"?
We are upgrading from SQL 2008R2 to SQL2014 but we have discovered that a couple of our applications are not supported on 2014. We'd like to keep one 2008R2 server and one 2014 server until we have time to upgrade the applications and move everything to the new server. The problem is we have custom code in some of the 2014 databases that access tables in the 2008 databases.
I know we can easily do cross server joins by using a linked server, but it would be a huge undertaking to find all that code and add a linked server name in front of every table, stored procedure, etc. So my question is, is there any way to move a database to a different server and still be able to access it without having to qualify the object names with a linked server? Is there some kind of server/database synonym that can be setup that would be recognized by all databases?
I have a Windows Server 2012 R2 2 node cluster with SQL Server 2014 FCI installed. Data files are on a separate Windows Server 2012 R2 file server. Data files share has been permissioned to the SQL Server service and SQL Server Agent service accounts as Full Control. NTFS Permissions are Full Control.
When I try to attach a database CREATE DATABASE AdventureWorksDW2012 ON (FILENAME = 'apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATAAdventureWorksDW2012_Data.mdf') FOR ATTACHI get this error: Msg 5120, Level 16, State 101, Line 4 Unable to open the physical file "apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATAAdventureWorksDW2012_Data.mdf". Operating system error 5: "5(Access is denied.)".
If I log into the file server (called APRICOT) and look at the NTFS permissions they all look good. I have also reapplied the NTFS permissions from the root folder down.
EDIT If I log on to one of the nodes in the cluster as the SQL Server service account and navigate to apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATA and copy and paste the data file, it works fine.
EDIT2: If I log on to the file server and Enable Inheritance at the root level, then Replace all child objects with inheritable permission entries from this object, I get this error:
User Account Control settings on all nodes and the file server are set to Never notify
For a database, we have 4 data files in a particular file group and the file sizes are almost 70 GB each.
Do I come across any performance issues if I create/pre-allocate an additional data file in the same file group so that the existing files don't grow too much?
In a server we had File Growth,And then We had to Add New Hard Drive And New File On It.And Now We have New server with a Huge Hard Drive.But all files remaind.Can I Reduce This files to One data file or not ?
I am using a standard installation of SQL 2005 Express installed with Visual C# Express. I have tried several connection strings, have tried connecting different databases, all of which end up giving me access denied for user <machineName>Greg (Greg is the local admin account for this PC. I found this guideline for connectivity questions (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=362498&SiteID=1), and have gone through it all, posting the answers to questions here. One thing that may be different about this machine is that it is a tablet PC (WinXP Tablet edition) and I am running VMWare Server. I also tried loading it on a WinXP Pro workstation with no VMWare, and have gotten the same results. Any help will be greatly appreciated.
My connection string: @"Server=(local);Integrated Security=SSPI;Database=Database1");
Client error message: Cannot open database "Database1" requested by the login. The login failed. Login failed for user 'GREGBORGGreg'.
Client is local to the SQL 2005 Express - this is an application running on a local PC.
I am able to ping -a GREGBORG (as well as localhost)
I am able to telnet to port 1433 of my local machine, although Ctrl+[ does not give me an SQL prompt
I am using ADO.NET 2.0 and Visual C# 2005 Express
I have enabled Shared memory, named pipes and TCP/IP.
I have no alias' configured, and am not requiring encryption.
========================= I am using SQL 2005 Express loaded on Windows XP tablet edition.
The SQL browser is not enabled, and it says that it has no enabled devices associated with it.
SQL Server is running under the Network System account
I have tried running it firewalled and not firewalled
I am running Clamwin anti-virus
From the ERRORLOG: 2007-01-03 12:29:56.19 Logon Error: 18456, Severity: 14, State: 16. 2007-01-03 12:29:56.19 Logon Login failed for user 'GREGBORGGreg'. [CLIENT: 10.101.1.200]
From the command prompt I get: C:Documents and SettingsGreg>osql -E -S (local)sqlexpress 1> use Database1 2> go Msg 911, Level 16, State 1, Server GREGBORGSQLEXPRESS, Line 1 Could not locate entry in sysdatabases for database 'Database1'. No entry found with that name. Make sure that the name is entered correctly.
When I try to attach Database1 in my 'My Documents' folder, it says that access is denied to the file.
I added a user via SQL Management Studio Express and then received the error:
C:Documents and SettingsGreg>osql -S gregborgsqlexpress -U Greg -P ******** 1> sp_attach_db "Database1", "C:documents and SettingsGregMy DocumentsVisual Studio 2005Projects est_SQL est_SQLDatabase1.mdf" 2> go Msg 5133, Level 16, State 1, Server GREGBORGSQLEXPRESS, Line 1 Directory lookup for the file "C:documents and SettingsGregMy DocumentsVisual Studio 2005Projects est_SQL est_SQLDatabase1.mdf" failed with the operating system error 5(Access is denied.). 1> use northwind 2> go Msg 945, Level 14, State 2, Server GREGBORGSQLEXPRESS, Line 1 Database 'Northwind' cannot be opened due to inaccessible files or insufficient memory or disk space. See the SQL Server errorlog for details.
In the ERRORLOG I have: 2007-01-03 12:38:27.25 spid51 Error: 5173, Severity: 16, State: 1. 2007-01-03 12:38:27.25 spid51 One or more files do not match the primary file of the database. If you are attempting to attach a database, retry the operation with the correct files. If this is an existing database, the file may be corrupted and should be restored from a backup. 2007-01-03 13:07:16.82 spid51 Using 'xpstar90.dll' version '2005.90.1399' to execute extended stored procedure 'xp_instance_regread'. This is an informational message only; no user action is required. 2007-01-03 13:09:24.68 Logon Error: 18456, Severity: 14, State: 8. 2007-01-03 13:09:24.68 Logon Login failed for user 'Greg'. [CLIENT: <local machine>] 2007-01-03 13:09:27.43 Logon Error: 18456, Severity: 14, State: 8. 2007-01-03 13:09:27.43 Logon Login failed for user 'Greg'. [CLIENT: <local machine>]
Again, thank you for any help. I think I may have been staring at this too long to be productive any more... --Greg
I want to set up a database role so that users can use sp_readerrorlog through SSMS. It does a check on membership in the securityadmin role.
I have tested it and can see you can grant execute on xp_readerrorlog but the SSMS GUI uses sp_readerrorlog.
I thought I could create a user/certificate and add the signature to sp_readerrorlog but it's not permitted (likely because it's not a normal database object).
So the other solution is to add the users to the securityadmin role but then explicitly deny alter any login (best done with a custom server role in 2012+ but otherwise just manually in 2008). I tested this out and it works, I'm not able to alter any logins or increase my own permissions, I also did a check of what's reported from fn_my_permissions(null, null) and it shows minimal permissions like I'd expect.