Hey Everyone,
I am testing restoring databases on another SQL 2005 server in out environment using HP data protector 5.5 and its great. However, I notice that the security login accounts do not get restored. If this is the case how do I go about getting accounts restored? Also, are there any other options?
Cheers,
Mark
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
View 7 Replies View RelatedI have a situation that I have discovered in our QA database that I need to resolve. When I looked at the Activity Monitor for our server, I discovered that a process is running under a domain user account for one of our .Net applications. The problem is that that domain user account has not been created as a SQL login account on the server. I am trying to figure out how someone can log in to the database server with a domain user account that has not been added to SQL Server as a login account.
Does anyone have any insight on this? I don't like the idea of someone being able to create domain account that can access the database without me granting them specific access.
- Larry
I am getting the error:
Cannot open database "aspnetdb" requested by the login. The login failed.
When I browse to my ASP.NET 3.5 LINQ web application on the IIS 6.0 server on Server 2003.
I imagine this is because while I granted SQL Server 2005 login and permissions to my database that the application stores its data in, I did NOT grant any rights to the service account the IIS Application Pool uses for its identity to the aspnetdb database on SQL Server which is where all my roles information is stored at.
My question is what are the MINIMUM permissions needed for this database so it can perform its roles related functions?
I'm using Windows Authentications with the SQL Role provider for authorization.
Thank you.
EDIT: I think I only need to open the aspnetdb database and add my login to the aspnet_Roles_FullAccess role. Is that correct?
I have a server that has 20 databases . I have tested with few users with different level of access and all of them were able to connect to the server and also see, select, update , delete from a particular database which is kind of weird because they do not have a user login associated or mapped to that database. I checked and no user is part of any group in AD that would give them permission to connect . I need a query that would find the permission path of a user. I already queried with xp_logininfo but I am not getting any thing.
View 9 Replies View Relatedcan any 1 give info on "Security Account Delegation"
thanks in advance
Hi,I created a user account on my active directory service. I then triedto assign a service located on my SQL server to be executed by thisaccount. However, when I try to configure my SQL server service, Iget the following error message:WMI Provider Error"No mapping between account name and security ID was done"Do you know what I am doing wrong?thanks
View 1 Replies View Related
By default does CLR code run under the SQL Service Server account or the SQL Agent Service Account? Does anybody have a link to BOL or MSDN???
My assumption is its under SQL Server Service Account.
I'm trying to satisfy the DBA's security concerns in regards to CLR Code. If the account it runs under (Agent or service) has zero privliges will a dba still be able to maintain the server? Wouldnt all their backups work under a privilaged account that isnt the SQL Server Service Account?
Double posted in security.
Can you use a SQL service account (domain account) on two different SQL instances?
Can you set the SPN for both clusters instances with the same account?
Hi world,
I have a question, but first I need to give you some background:
My network works with Active Directory on Windows 2000, and I have web servers running on windows 2003 and SQL Servers 2000 running on Windows 2003.
I wanted to enable account delegation and I found a bunch of information.
Everything seemed "easy", but I tried to test it first on my test servers anyways and this is what happened:
We created the SPN for the SQL Server
Account is trusted for delegation check box was selected for the service account of SQL Server.
Account is sensitive and cannot be delegated check box was not selected for the user requesting delegation.
But when we checked the box Computer is trusted for delegation (and only this box !!) in the server running an instance of SQL Server 2000, the role of this server changed magically (just like this guys, it was magic) from "server" to "Domain Controller".
We were intrigued about this change, but we "trusted" the white paper that we had in front of us.
http://support.microsoft.com/kb/319723
After some hours, the production web servers (of the whole network) and many workstations stopped working:
The IIS on this web servers will show an empty list of websites
The network and dial-up connections were missing on the web servers and also on the workstations.
The web servers and the workstations affected were "isolated" from the network, the command ping was not finding any of this computers.
Anyway, it was a nightmare, it took a while to fix the mess, we reverted the changes in Active Directory, and this makes me thing that the magical "promotion" of the SQL server to Domain Controller had to do with all this.
the questions is:
Do you have an idea about what could have caused all this? I mean, I still need to enable this account delegation thing. But I would like to know first if someone has done it before in a similar environment or if someone has run into one of the problems described before.
Thanks world.
Hi experts,
Is there any potential security threat using Proxy accounts in SQL Server 2005 ? If any , Please give URLs for reference.
Thanks,
DBLearner
I received the following when trying to deploy an 2005 analysis services package over an existing database:
The following system error occurred: No mapping between account names and security IDs was done.
We have redeployed this solution several times over the last week and have never encountered this error. The changes that we are deploying are related to partitioning of the measure group fact tables - and are not related to security in any way. Can someone assist?
Hi everyone,
I have a simple question for you which is too important for me.
My question is about logins in my own(local) server.
I know that my local server(my computer's server) has to default login account which are called sa and BUILTIN/ADMINISTRATOR. While I am using my own server, I do not know which default login account is used by my Server since I use windows authentication while connecting to the Server.
Another question is that while adding new login account for my own Server, I noticed that there is a choice which is comprised of Grant and Deny for the Security. What is the meaning and usage of this ??
Thanks and Regards
Our system is MS SQL Server v7 and NT 4. We have a stored procedure that exec's xp_cmdshell to run an external program located on the server. When a user who has 'sa' rights runs this stored procedure it works fine. When a 'non-sa' user (via the "BuiltinUsers" NT account) runs it, xp_cmdshell produces the following error:
Msg 50001, Level 1, State 50001
xpsql.c: Error 1385 from LogonUser on line 476
Is there an NT security or SQL Server setting I've overlooked that can be changed to allow non-sa users to xp_cmdshell programs?
n.b. The BuiltinUsers account does already have execute permission on the xp_cmdshell procedure.
I doing some testing with security and ran into the following problem.I want to log into the SQL server (from Query Analyzer) using mydomain account. To allow this, I went into Logins section inEnterprise Manager and added my user account as a Windows User.If I set Analyzer to use Windows authentication I am to log in with noproblems. But if it is set to SQL Server authentication and I type inmy username (in the format domainusername or username@domain) andpassword I get a login error.Is there a way to login in to SQL using domain account without usingwindows authentication?Thanks,Jason
View 2 Replies View RelatedHi everybody !!!
I have SQLServer 2005 installed and I think a login account is corrupted because Im not able to connect to a database. I get an Timeout expiration error after I clicked on Login Properties or when I try to make a connection to SQLServer 2005 using that login account. Also I cannot review the script needed to create the login, but I do can review the database user properties mapped to this login account.
Is there a way to recreate or repair a login account??
The only solution I have right now is create another login accout, but this involves to modify database connection properties within my code.
Any help, comment or suggestion is really appreciated.
Thans a lot.
Hi everybody !!!
I have SQLServer 2005 installed and I think a login account is corrupted because Im not able to connect to a database. I get an Timeout expiration error after I clicked on Login Properties or when I try to make a connection to SQLServer 2005 using that login account. Also I cannot review the script needed to create the login, but I do can review the database user properties mapped to this login account.
Is there a way to recreate or repair a login account??
The only solution I have right now is create another login accout, but this involves to modify database connection properties within my code.
Any help, comment or suggestion is really appreciated.
Thans a lot.
I need to change the login name for the dbo account on several databases to the SQL sa name instead of using a Windows authentication domain name. I haven't been able to find a way to make this change.
View 6 Replies View RelatedIn SQL 2000 I use to be able to grant a computer account access to a SQL DB by adding that computer account to the SQL Logins using DOMAINCOMPUTERNAME$. I have not been able to do this so far in SQL 2005.
Does anyone know if this is still possible or has this functionality been removed from 2005?
Hi There
When i go to configuration manager and change the sql server service to run as a domain account i get the following error:
No mapping between account names and security IDs was done.
This is Sql Server Express running on a domain controller - Windows Server 2003 R2.
Everything i find ont he net refer to IIS, DHCP etc etc , i cannot find the issue regrading sqls server configuration manager.
Thanx
Hello all;
I am trying to form a replication system but at the very beginning i couldn't pass an obstacle.
While trying to create the Replication it says i have to change the user which starts the SQL Agent because the current starter user account is a system account and this will make the replication between servers fail.
"SQL Server Agent on OZN currently uses the system account, which causes the replication between the servers fail. In the following dialog box, specify another account for the service startup account."
I change it in the properties dialog box of the SQL Server Agent. The new account is the one I formed and granted accordingly. But it gives the following error when I try to apply the changes.
" Error 22042: xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security IDs was done' "
I tried many things, searched in the net, changed the owner of the database, applied new accounts, many grants, applied service pack 4, etc...
If anyone helps it will be very much appreciated. Thanks in advance...
Our software vendor rep is trying to upgrade MS SQL server 2008 SP4 to 2012 SP1. Get an error message: no mapping between account names and security ADs was done. He says that we get this error message because we have two domain controllers in our network, and one is running on the same windows server that run sql server. Out IT support disagrees to delete the second domain controller, saying it is recommended by Microsoft and he suggests that the problem is in Active directory.
View 2 Replies View RelatedHi everyone,
Is there any limitation in number of accesses for a sql login account?
For example, I use one sql login account to connect between the website and db. Since I changed web server to window 2003. I got error message saying SQL Server does not exist or access denied.
I then created another sql account instead of only one login account. now the website is running fine and faster than before.
I really don't understand it. Can anyone please explain it?
Thanks in advance!
I'm trying to install SQL Server 2005 Express on a Windows 2000 server, but I'm getting the following error message:
"Failure setting security rights on user account SQLServer2005BrowserUser${computerName}"
Can anyone help me please?
I'm developing a client-server application using Visual Basic and SQL Server
6.5 for 700 users. The application currently requires users to login to the
database using their network account (via trusted connections). Each of the
users takes up a maximum of 6 connections. Unfortunately, other
considerations will force us to discard use of trusted connections. So it
only leaves us either to create 700 user accounts on SQL Server separately
from their network logins or to create one SQL Server account and everybody
uses that same account to login to the database. For political reasons, the
customer would prefer not to ask their support group to maintain 700 user
accounts on SQL Server if it can be avoided.
My question: is there any technical limitation or other negative consequence
of having 700 users login to the same account to SQL Server if SQL Server
can handle that many connections (it would be 6*700 = 4200 connections)
simultaneously? Are we supposed to do things like this? It seems that we
don’t have better choice than this.
I have a SQL 2k5 ent. 64 bit on Windows 2003 Ent x64 edition.
The sql server was running fine under localsystem account. Recently I changed the service account to a local user (part of users group in windows) and implemented permissions according to KB article 283811. (have imlpemented the same on many other sql servers without issue).
However, the SQL services are not starting up and I am seeing the following errors in the errorlog.
===================
2007-07-25 12:36:55.90 spid11s Server name is 'HBCARPROD'. This is an informational message only. No user action is required.
2007-07-25 12:36:55.90 spid13s Starting up database 'model'.
2007-07-25 12:36:55.90 Server Error: 17182, Severity: 16, State: 1.
2007-07-25 12:36:55.90 Server TDSSNIClient initialization failed with error 0x5, status code 0x51.
2007-07-25 12:36:55.90 Server Error: 17182, Severity: 16, State: 1.
2007-07-25 12:36:55.90 Server TDSSNIClient initialization failed with error 0x5, status code 0x1.
2007-07-25 12:36:55.90 Server Error: 17826, Severity: 18, State: 3.
2007-07-25 12:36:55.90 Server Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
2007-07-25 12:36:55.90 Server Error: 17120, Severity: 16, State: 1.
2007-07-25 12:36:55.90 Server SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
====================================
I have gone through the http://blogs.msdn.com/sql_protocols but everything mentioned here seems to be there. I understand this is some permission issue. Just not able to find it out. Can anybody help?
Dear All,
I currently installed visual studio 2005. So together it als install sql server express. So then I install the sql server management studio express too. So the problem now I want to do is run asp.net pages. I want to know how to create a local account with my own password. Because now I can only login using default windows authentication so how can I create an account with for sql server authentication ? Another question is that for the server address in my asp.net page what must I write localhost or the name shown in the server name text box while logging in. Thanks.
I would like to write code to delete and add a SQL Login to every User database on my development server.
Whenever I restore databases to dev using production backups the SQl Server logins are invalid and I need to delete them from the user database and add them again.
I've already hard-coded a sql server job with n steps... a step for each user database to drop and add this sql user to each database. This isn't optimal since I have to add or delete a step everytime a user database is added or deleted.
Does anyone know how to write a loop or cursor that does this dynamically?
I am doing something syntactically wrong related to the GO statement.
declare @db varchar(100)
declare @message varchar(3000)
DECLARE user_cursor CURSOR FOR
SELECT top 1 name
FROM master.sys.databases
where name not in
('master','tempdb','model','msdb')
OPEN user_cursor
FETCH NEXT FROM user_cursor INTO @db
WHILE @@FETCH_STATUS = 0
BEGIN
SELECT @message = 'use '+@db + '
GO'
+'DROP USER [SQLLogin.DataEntry]
CREATE USER [SQLLogin.DataEntry] FOR LOGIN [SQLLogin.DataEntry]
EXEC sp_addrolemember N''db_datareader'', N''SQLLogin.DataEntry''
GO
'
execute @message
print @message
FETCH NEXT FROM user_cursor INTO @db
END
CLOSE user_cursor
DEALLOCATE user_cursor
the password of sa account is empt
I use "sqlcmd -S servername -U sa " command but failed
any suggestions?
thanks
Hi All,
I have a sql server database user with Password must change, and I get this error when i use ODBC connection wizard,
18488
Login failed for user '%.*ls'. Reason: The password of the account must be changed.
where would the windows shows up to change it similary we do when we connect through Management studio and provide new password.
Any idea.
Hi,
I have a least privileged SQL Login €œClient€? and have granted execute rights on XP_Cmdshell SP at master db. When I execute master.. XP_Cmdshell €˜dir€™ I€™m getting the below error.
Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
Please note it is SQL Login account and not windows account. I have checked everywhere for similar problem and no luck.
Thanks for you help in advance
With regards
GK
Any idea why this happened and what do i have to do to reslove it?
Code Snippet
Login failed for user 'dd_user'. Reason: The password of the account must be changed.
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies View Related