User Credentials Delegation From IIS On WinXP To SQL Server On Win2003SRV Fails
Jan 12, 2007
Problem:
I am trying to create an asp.net website with integrated windows authentication
to access SQL databases. IIS resides on WinXP and SQL Server
on Win2000 SRV. Both are in the same NT Domain. IIS and SQL Server cannot
reside on the same machine and a stand alone web server is
ideal as the website needs to access multiple SQL Servers. IIS is set to
Integrated Windows Authentication. The machine running IIS & the SQL Server
are set to be "trusted for delegation" in active directory. The domain user
accounts that will be accessing the databases are not marked as "Account
is sensitive and cannot be delegated".
The connection string that the web app uses to connect to SQL database is:
with which the user credentials should be flown to the SQL database.
But instead the delegation fails and results in the following ANONYMOUS authentication failure error:
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
_______________
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210
---------------------
Hi guys,I'm not sure if I'm just bad at googling but I can't seem to find a way to set an ASP.NET 2.0 web application to connect to SQL Server 2005 using the current client's user credentials. My web application is using Integrated Windows Authentication so its Page.User.Identity is set to a DOMAINusername value... I want to pass that to my connectionstring or have my connections pick up the identity automatically and use that Identity when accessing the db server.Oh and another thing, my IIS Application Pool is using a specific Identity itself, so I don't know if that might affect the above.Hope someone could help.
When running MS SQL Server on a Windows XP Pro OS, is there a limit to the number of concurrent users or connections to the database? We want to run server for education in the high school (MS Select licence), we need 16 concurrent connections.
I'd like to programme the execution of a report through the execution property option. However, when I try to do it a message error appears related to credentials of the datasource.
The present action is impossible to complete, because the credentials of the user datasource needed to execute this report are not stored on report server database.
Hello friends, In my web application I have saved my connection string into web.config file. Now I have to send this web application to the client in the form of web set up. The issue is that on the client side, user credentials for the database will be different. So can we do some setings that the web application whenever will run should ask for the server name, username & Password. If this can be done then the application can be run anywhere considering all compatibilities. Please let me know how this can be done. Thanks & RegardsGirish Nehte
I also created these parameters like Server, Database, LoginID, Password in report paramenters
but when I try to run this I am getting either of these errors
error no 1.The current action cannot be completed because the user data source credentials that are required to execute this report are not stored in the report server database. (rsInvalidDataSourceCredentialSetting)
error no 2.An error has occurred during report processing. Cannot create a connection to data source 'SRVDataSource'. For more information about this error navigate to the report server on the local server machine, or enable remote errors
I have a situation and no idea what is going wrong.
We have many reports stored and view from the report manager. many of these reports internally use a datasource which is shared among others.
Many a times we have realised that the report stops working with the error. Reporting Services Error
The current action cannot be completed because the user data source credentials that are required to execute this report are not stored in the report server database. (rsInvalidDataSourceCredentialSetting) Get Online Help
SQL Server Reporting Services
All i have to again do is update the user credentials and it starts working again. but nobody explicitly remove the credentials also. i dont know if it a tools bug or some where i am making a mistake in deploying. i deploy the reports through visual Studio.
How Sync the user and password from my Active Directory, to a SQL Database. Actually, my environment have a database with users and password added, my custom applications uses it like a passport, but now I want to use Active Directory to control these users, but I can't use windows authentication in my old apps. I was reading about Forefront Identity Manager to do this, but I need a free solution. The Sharepoint database sync user credentials with AD?
I have created reports using in SSRS 2005 and deployed in Reportserver.
when I run the reports I am getting the following error.
" The current action cannot be completed because the user data source credentials that are required to execute this report are not stored in the report server database. (rsInvalidDataSourceCredentialSetting)
I'm using the RTM version of Visual Studion 2008 and SQLServer Express.
Logged in as an administrator, I can create a connection to an mdf file and all is well.
As a normal user, attempting to create a connection gives the message "sqlservr.exe has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
I have tried this with UAC turned on and turned off. The result is the same. In Services I can see that SQLEXPRESS is running, but each time I try to connect, I get the "stopped working" message.
For existing database programs that have the .mdf file stored in the project folder, I can run the program in the VS IDE on my XP machine and on my Vista machine as administrator, but not as a normal user.
I'm not looking for a workaround to make this work once, but the cause and solution to the problem. This is for an introductory VB textbook and we must be able to move a database program from one machine to another and make it work. Everything I have read says that SQLExpress should be able to do that.
I'm trying to deploy a project that I deployed yesterday just fine, but today I get the following error:
------ Deploy started: Project: Point Reports, Configuration: Debug ------
Deploying to http://reporting.companyname.com/reportserver
Deploying data source '/Data Sources/Srv24.FieldResponse2_1'.
The permissions granted to user 'DOMAINharley.p.bartman' are insufficient for performing this operation.
Deploy complete -- 1 errors, 0 warnings
This seems like a basic permission issue, except I'm not logged in as the user listed! I've never logged into my computer as the user. I did log in to the reporting services website yesterday as that user, but since have rebooted my machine and logged into bothe my computer and the reporting services website as me. Yesterday this report deployed fine. Today, this error message. I've even tried creating a new project and just creating a simple datasource and deploying just that, but still this message! Where is Visual Studio storing and reusing this user name during my deploy process???
We have a database residing on a SQL Server 2012 Express system running under Windows Server 2012. I have installed the SQL 2012 Native Client on the user's workstation. I created the System DSN with the required settings and when I test the connection all tests pass. I am able to ping the server as well as connect to it via SQL Server Management Studio.
Now when the user launches the application he is presented with the dialog window as in Screenshot1 (see attached). After clicking on Ok he is next presented with the dialog window where he has to select the SQL server. See attached Screenshot2. The user selects the SQL server from the drop down list and he is then able to access the application and work normally. I cannot understand why this is happening because I have included the correct server instance in the DSN settings i.e. sqlserversqlexpress
Telling the user to select the server himself is not an option for us.
I have checked the settings on the SQL Server. TCP/IP is enabled, remote connections are allowed and there is no firewall blocking. Port 1433 has been set as the default port to use.
I am try to install SQL Server 2000 on XP OS, but every time it showing only client version can be install to your current oprating system. Is there any patch or service pack to intstall SQL Server 2000 on XP SP2 based system?
Hi,Does anyone know if MS SQL Server 2000, will run stability on a WindowsXP based O/S, using one of the new Dual Core chips, or HT chips?Especially given that when you install it you get compatabilitywarnings?ThanksDavid
Hello, I have the JDE One World application installed on my computer which is XP PRO SP2. When I open Enterprise Manager, I can go to my local machine as a server, expand it, and see all the JDE databases. I can create a new database and connect to it. However, I cannot install SQL Server 2000 on other XP Pro machines. How can I do this? This is SQL Server 2000 STANDARD. Thank you.
I've got the error message when creating linked server and running the DTC across two database servers, ""Error 18452: Login failed for user 'sa'. Reason: Not associated with a trusted SQL Server connection."
But, orginially, if the Server side is Win2000 Server with SQL Server 2000, everything is okay. When I migrate it to the Win2003Server platform, this thing happened.
I've also applied the following solution but it still doesn't work.
http://support.microsoft.com/default.aspx?scid=kb;en-us;827805http://support.microsoft.com/default.aspx?scid=kb;en-us;827805 and
For various reasons a new desktop application I am developing is using the SQL Server 2005 Compact Edition Release Candidate to store local data. On my development machine (XP SP2, VS2005, SQL Server 2005 Developer Edition) the software is able to create the database file, and read and write to it fine.
However on our test machine, which does not have any of the development tools the software is unable to create the database. A System.Data.SqlServerCe.SqlCeException is thrown. The message is: "SQL Mobile usage is restricted on this platform. To use SQL Mobile, you must install SQL Server 2005, Visual Studio 2005, or the Tablet PC SKU." Obviously this goes somewhat against the blurb for SQL Server CE.
Is this something that will be fixed shortly? Or is it the intention that databases can't be created on machines that do not SQL Server or Visual Studio installed? (Incidentally the reason for creating the database on the fly is that we are encrypting it, using the users credentials, so that only they can open the database.)
I have SQL Server 2000 Developer Edition already installed. Before starting the SQL Server 2005 Standard setup, I exited the SQL server agent running in my system tray.
I am logged on as Administrator and no other desktop apps are running. SQL Server 2005 Setup reports several "Setup failed." error messages after the install. I am choosing (for now) ONLY the workstation tools and books online check mark. The installation presents a screen that says that these products were successfully installed ("Setup finished"): - MSXML6 - OWC11 - SQL Server Backward-Compatibility Files However, these items have a red x next to them: - SQL Server Books Online - SQL Server Support Files - SQLXML4 - SQL Native Client - Workstation Components, Books Online, ...
My Setup log file terminates with a few messages--one of which contains the words "Configuration failed." (This is the ONLY mention of the word "fail" in the Setup log--see the excerpt below.)
Any ideas??? I'm stuck without SQL Server 2005 running so this is a productivity killer for me.
More info: Here is what I have done, to no avail:
1) Installed the OWC11 components using a direct download from Microsoft. That install worked. But when it runs again from the SQL Server 2005 DVD, it fails. 2) Logged on not as a user with Admin rights, but as ADMINISTRATOR. Same results--the SQL Server 2005 Standard setup failed. 3) Installed SQL Server 2005 Express successfully. Afterwards, tried again to install SQL Server 2005 Standard, and that setup failed. 4) Cleared registry values for SQL Server 2005 under HKLM.../Software as described in KB article. Also deleted the installation folder ...90. Tried again to install SQL Server 2005 Standard, and that setup failed. 5) Tried the 180-day trial of SQL Server 2005 Enterprise--to no avail. Same results.
Found error logs but they did not help me pinpoint the root cause for the failed installation.
Thank you, -- Jonathan
SQLSetup0004_zzzzz_SQLNCLI_1.log Excerpt: ============================+ MSI (s) (60:90) [12:01:14:390]: Note: 1: 1729 MSI (s) (60:90) [12:01:14:406]: Product: Microsoft SQL Server Native Client -- Configuration failed.
MSI (s) (60:90) [12:01:14:406]: Cleaning up uninstalled install packages, if any exist MSI (s) (60:90) [12:01:14:406]: MainEngineThread is returning 1603 MSI (s) (60:68) [12:01:14:406]: Destroying RemoteAPI object. MSI (s) (60:9C) [12:01:14:406]: Custom Action Manager thread ending. === Logging stopped: 2/8/2007 12:01:14 === MSI (c) (8C:4C) [12:01:14:406]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (8C:4C) [12:01:14:406]: MainEngineThread is returning 1603 === Verbose logging stopped: 2/8/2007 12:01:14 ===
I am attempting to install the Standard edition on a WinXP pro laptop that apparently had this installed before I got it. I Removed, thru Add/Remove, everything related to SQL Server. When I tried to do a fresh install of DB Services, Integration Services and Client tools, Setup Support and the Native Client seems to install ok, the directories get created and some files are put there. The installer stops and sez that the Databases Services and the Workstation Components are already installed, the Details button tells me that the only available option are thru the Add/Remove Programs. There are no entries for the Server or Client Tools on Add/Remove's list.
When I try to start the server it fails with "can't find the Path" reported in an Error Event, likewise I can't start the Management Studio because it can't find a file.
I think that I need to clean everything out to reinstall. I think that the Services are left over from the previous owner. Any suggestions???
we have problems with our SQL Reporting Service 2012 (SSRS) server . We have setup Kerberos delegation between SSRS and the database server (SQL Server Always-on cluster) so users are authenticated down to the database. The issue occurs from time to time that SSRS loses the ability to delegate the user credentials to the database. At this point in time the Report Server logs contain rejected database connections because of ANONYMOUS logon. After restarting SSRS the problem is gone.
hi, I have an asp.net application which queries an sql server in some other domain and populates a grid with the results. i am using sql server authentication and my connection string is as follows:- Dim connectionString As String = "server=emr01; user id='private'; password='private'; database='NGEMRDev'" i have also used the following tag in web.config:- <identity impersonate="true" /> This works fine on my development pc i.e windows xp with sp2 . but when i tried running the same application in windows 2003 the query gives the following exception:-
Server Error in '/TempDel' Application.
SQL Server does not exist or access denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: SQL Server does not exist or access denied.Source Error:
Line 77: dataAdapter.SelectCommand = dbCommand Line 78: Dim dataSet As System.Data.DataSet = New System.Data.DataSet Line 79: dataAdapter.Fill(dataSet) Line 80: Line 81: Return dataSetSource File: c:inetpubwwwroot empdelemrtempdel.aspx Line: 79 Stack Trace:
Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032
Please help me as to how do i successfully implement my application in the windows 2003 server. i have given the aspnet user on the win2003 admin rights.
I have a question, but first I need to give you some background:
My network works with Active Directory on Windows 2000, and I have web servers running on windows 2003 and SQL Servers 2000 running on Windows 2003.
I wanted to enable account delegation and I found a bunch of information.
Everything seemed "easy", but I tried to test it first on my test servers anyways and this is what happened:
We created the SPN for the SQL Server Account is trusted for delegation check box was selected for the service account of SQL Server. Account is sensitive and cannot be delegated check box was not selected for the user requesting delegation. But when we checked the box Computer is trusted for delegation (and only this box !!) in the server running an instance of SQL Server 2000, the role of this server changed magically (just like this guys, it was magic) from "server" to "Domain Controller".
We were intrigued about this change, but we "trusted" the white paper that we had in front of us.
http://support.microsoft.com/kb/319723
After some hours, the production web servers (of the whole network) and many workstations stopped working:
The IIS on this web servers will show an empty list of websites The network and dial-up connections were missing on the web servers and also on the workstations. The web servers and the workstations affected were "isolated" from the network, the command ping was not finding any of this computers.
Anyway, it was a nightmare, it took a while to fix the mess, we reverted the changes in Active Directory, and this makes me thing that the magical "promotion" of the SQL server to Domain Controller had to do with all this.
the questions is:
Do you have an idea about what could have caused all this? I mean, I still need to enable this account delegation thing. But I would like to know first if someone has done it before in a similar environment or if someone has run into one of the problems described before.
I am trying to implement a linked server that uses integrated authentication on a 64 bit Wndows 2003 SP1 server. I have both Sql Server 2005 and Sql Server installed, and have successfully created database link that is able to use double hop authentiction on the Sql Server 2005 instance. I am unable to do the same usign the Sql Server 2000 instance. Does anyone know if double hop uathentication using Kerberos is supported on Sql Server 2000. The linked server on Sql Server 2005 is created using this syntax
SPN's and domain accounts have been created as documented and those same accounts are used in both the Sql Server 2005 and Sql Server 2000 instances.
The error message going from a Sql Server 2000 or 2005 client, to the Sql Server 2000 instance that has the linked server using the SQLNCLI provider is
Server: Msg 7399, Level 16, State 1, Line 1 OLE DB provider 'SQLNCLI' reported an error. Authentication failed. [OLE/DB provider returned message: Communication link failure] [OLE/DB provider returned message: Named Pipes Provider: No process is on the other end of the pipe. ] [OLE/DB provider returned message: Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.] OLE DB error trace [OLE/DB Provider 'SQLNCLI' IDBInitialize::Initialize returned 0x80040e4d: Authentication failed.].
If I use the Sql Server 2000 OLEDB provider when creating the link I get this error
Server: Msg 18456, Level 14, State 1, Line 1 Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.
The same link using the SQLNCLI provider in Sql Server 2005
works and I am able to use double hop authentication.
My question is , does anyone know if double hop authentication is supported using a Sql Server 2000 linked server?
I am having a problem implementing constrained delegation for SSRS. I have followed the (very good) instructions located here: http://sqlblogcasts.com/blogs/stevechowles/archive/2007/06/08/reporting-services-2005-for-the-dba-iis-security.aspx
I have chosen the option of running the application pool for SSRS under a domain user account. This is the same account that I use to run the SSRS service.
I have the authentication providers for the site set to "Negotiate,NTLM".
I also made sure that the application pool user account has rights on the ReportManager and ReportServer directories.
If browse to the URL while logged on to the SSRS server then I am able to access the site My problem is when I try to access the site from anywhere but locally on the SSRS server:
I get a logon prompt if I try to access the SSRS URL from a different workstation. After three tries to login I get: "You are not authorized to view this page". Even with an account that is local admin on the SSRS Server. If I set the authentication providers for the site to "NTLM" then I am able to access the site from a different workstation but of couse constrained delegation does not work. Have i overlooked something? What could be causing the login prompt?
I have configured Kerberos delegation for several web services. One of the web service calls SSIS packages, but the packages don't run with the expected impersonate user : the package starts with the imporsonate user, but continue with ASPNET user (which is not allowed to execute SSIS and connect to DB).
If the web service is called directly (no delegation), SSIS packages run with the correct user. It looks like than there is an autenthicate issue, but kerberos is configured and web services can run from one to another with the impersonate user. The issue occured only when I call SSIS packages.
Here is a extract of the SSIS log file :
Code Snippet <dtslog> <record> <event>PackageStart</event> <message>Beginning of package execution. </message> <computer>WKS-GE-BRAZILIA</computer> <operator>WKS-GE-BRAZILIAPascal.Brun</operator> <source>ImportMonthlyCSV</source> <sourceid>{D053CB99-FDE4-492D-83BC-821E1B34704B}</sourceid> <executionid>{EA9C1929-4131-4FDD-A6FC-560E01A65536}</executionid> <starttime>09.08.2007 17:31:02</starttime> <endtime>09.08.2007 17:31:02</endtime> <datacode>0</datacode> <databytes>0x</databytes> </record> <record> <event>OnError</event> <message>SSIS Error Code DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER. The AcquireConnection method call to the connection manager "Data Warehouse" failed with error code 0xC0202009. There may be error messages posted before this with more information on why the AcquireConnection method call failed. </message> <computer>WKS-GE-BRAZILIA</computer> <operator>WKS-GE-BRAZILIAASPNET</operator> <source>Import CSV</source> <sourceid>{284D3166-F372-4B03-86C1-75A4D8DC9A5C}</sourceid> <executionid>{EA9C1929-4131-4FDD-A6FC-560E01A65536}</executionid> <starttime>09.08.2007 17:31:02</starttime> <endtime>09.08.2007 17:31:02</endtime> <datacode>-1071611876</datacode> <databytes>0x</databytes> </record> ...
I'm having trouble trying to access a network share that comes via a UNIX server running SAMBA. In the first case, I'm running on my local workstation (A), connected to a remote server (B), and attempting to access directory information for a path like:
\a0amsimmsworkseaborg argets11as2981
This path is fully accessible by me from the workstation (A) and the server (B). The files and directories below "work" in the above path are also wide open on the UNIX side (meaning r-xr-xrwx permissions). However, if I attempt to do something like this:
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path)
at StoredProcedures.mdcinfo(Int32 sim_id, String mdc_base)
CWD is: C:WINDOWSsystem32
User is: amsimms
Initial is: dbserver
Interestingly, if I run the procedure directly on the server (B), I do not get the exception. So this seems to be more of a delegation problem. The server B's sql server instance is running as a domain account (dbserver), which has been enabled for delegation and an spn has been set up. Is there something beyond this either with the impersonate or delegation configuration that I need to do in order for this to work?
There is a DTS package that fails to run for one user. The DTS runs for other users. The DTS even runs when the user signs onto another Server.
The error message that the user gets is the following:
The number of failing rows exceeds the maximum specified. TransformCopy 'DTSTransformation_1' conversion error: Conversion invalid for datatypes on column pair 1 (source column 'F1' (DBTYPE_WSTR), destination column 'PostDt'(DBTYPE_DBTIMESTAMP))
As previously stated, if the user signs onto another Server with SQL Server on it, the DTS performs a successful transformation.
Has anyone seen this error. I've been looking over all roles and security and have not been able to find any differences between user setup.
I've just installed SQL 2005 SP2 Rollup 3 Package (Build 3186) on a 2 node X64 W2K3 Cluster. Everything went fine, although after the install, the SQLAgent Services of my instances started to complain about delegation not enabled for the domain account used for the SQLAgent Service.
SPN's were already registered, so I've enabled unconstrained delegation & no errors anymore..
Apparently we're obliged to enable delegation as soon as this hotfix is installed
(maybe due to fix 938086 included in it ?)
To make this setup more secure, we would like to enable constrained delegation. This does not seem to work, as soon as we choose constrained delegation by adding the SPN of the clustername to the domain user account we're running with & restart the sql agent, it fails with the same error as when no delegation was configured:
! [298] SQLServer Error: 22022, CryptUnprotectData() returned error -2146892987, 'The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.' [SQLSTATE 42000] ! [442] ConnConnectAndSetCryptoForXpstar failed (0).
Summary: With Unconstrained delegation enabled for computer account & user account, everything goes fine. As soon as constrained delegation is chosen, by adding the SPN's to the domain user account of SQL Agent, SQL agent fails to start.
We use a domain account for the SQL Agent. This account has an 2 SPN registered on it
I am getting the standard "Subscriptions cannot be created because the credentials used to run the report are not stored -".I tried to store them in the Stored Data Source in the Visual Studio Project and then deployed. I cannot find in any documentation a reference where to go to STORE CREDENTIALS for a Report Server subscription. I would really appreciate any help on this. I did look at the existing threads, but they don't specifically address where to create the credentials. Thanks for any help you can provide.
I want to e-mail a user when a Stored Proc fails, what is the best way to do this? I was going to create a DTS package or is this too complicated?
Also, the Stored Proc inserts data from one table to another, I would like to use Transactions so that if this fails it rolls back to where it was, I'm not sure of the best way to go about this. Could anyone possibly point me in the right direction? Here's a copy of some of the stored procedure to give an idea of what I am doing:
-- insert data into proper tables with extract date added INSERT INTO tbl_Surgery SELECT SurgeryKey, GETDATE(), ClinicianCode, StartTime, SessionGroup, [Description], SurgeryName, Deleted, PremisesKey, @practiceCode--SUBSTRING(SurgeryKey,PATINDEX('%.%',SurgeryKey)+1, 5) FROM tbl_SurgeryIn
INSERT INTO tbl_SurgerySlot SELECT SurgerySlotKey, GETDATE(), SurgeryKey, Length, Deleted, StartTime, RestrictionDays, Label, IsRestricted, @practiceCode FROM tbl_SurgerySlotIn
INSERT INTO tbl_Appointment SELECT AppointmentKey, GETDATE(), SurgerySlotKey, PatientKey, Cancelled, Continuation, Deleted, Reason, DateMade FROM tbl_AppointmentIn
-- empty input tables DELETE FROM tbl_SurgeryIn DELETE FROM tbl_SurgerySlotIn DELETE FROM tbl_AppointmentIn