Using SSIS To Access Network Share From Different Domain
Feb 12, 2008
Hey All,
This is my first time using the forums here nor am I a SQL programmer. I'm trying to help a coworker figure out how to access files from a network share (using a UNC path) from a different domain. Right now we have three domains - Production, Development, and the Local. There is a one-way trust setup with the development and local domains, so using cross domain accounts is easy. Unfortunately, we cannot setup one right now with our production domain to any of the other two domains. Is there a way to pass production credentials from our local or development domain servers to a production server share? Am I even approaching this in the right way? Maybe there is a different method, any help would be GREATLY appreciated!
-Andrew
Network Administrator
The SQL Server is installed on SERVER-A. SERVER-A and SERVER-B are Windows 2003 servers on the same Windows 2003 domain. The SQL Server and SQL Server Agent services are running under the domain account SQLSERVICE. SQLSERVICE is a member of the Domain Admins group. The Domain Admins group is part of the local Administrators group on SERVER-B. The SQLSERVICE account has also explicitly been given Full Control to the folder referenced by \SERVER-BSHARE xp_cmdshell use has been enabled on the SQL Server.
If I run the following command in SQL:
exec master.dbo.xp_cmdshell 'whoami'the following is returned: DOMAINSQLSERVICE If I change the command to access the c: drive instead of a network drive, it executes successfully.
Can anyone shed some light on why I still cannot access any of the files in this folder using xp_cmdshell?
I've recently moved an asp.net website from my PC to a network share because another tech it going to be working on it. I finally got the correct permissions on the network share and the correct .NET Framework settings on my PC to be able to run the app. Now I can't access the SQL server which is on a different server. Getting the following error: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. How to I setup access to my SQL server for the app from any given PC on my LAN?
I have SQL Server 2014 (Enterprise) on Server A. The service runs under DomainAAdmin.
The Client machine is B, User credentials DomainBUser.
DomainBUser has a share on B that contains a BCP data file. DomainAAdmin has full access to this file.
If I log onto A (the server machine) with either DomainAAdmin or DomainBUser credentials, and run SQL Server Management Studio with Windows Authentication I can run BCP sucessfully using the following:
BULK INSERT [MyTable] from 'Bsharedatafle.tsv' WITH ( KEEPNULLS , KEEPIDENTITY ) However, if I log onto B, (the client machine and the machine hosting the share) and try to run the same bcp command, I get "Access is Denied".
Somehow I have an impression this can be done. Somehow I tried myself by modifying MsDtsSrvr.ini.xml to point it to network UNC share, but it didn't work for me. It gave me an error
"Failed to retrieve data for this request (Microsoft.SqlServer.SmoEnum) Additional Information: The storage localtion for the folder 'File System' cannot be accessed. (MsDtsSrvr)"
I checked my UNC permission, and I even allow full access from "everyone", but it still does not work.
I paste my MsDtsSrvr.ini.xml here too, and any help is greatly appreciated!
I'm trying to access an SQL server 2005 database over the network. I'm at a client location plugged into their network, but when I log into my laptop I'm not logging into their domain. I have to access their network by typing in the name and password they gave me.
I cannot seem to access the database from my computer. I try to create an ODBC data source in the administrative tools, but the drop down list of detected SQL servers does not show the server I am trying to connect to. The weird thing is, it does show many other SQL servers on their network... just not the one that I'm trying to connect to. And I know that the one I want to connect to is working correctly because if I remote desktop into one of their machines (which is logged onto their domain), I can see it fine in the drop down.
Does anybody know how I can get a connection to this database from my computer, even though I'm not on the domain?
I am developing a package to restore a database from backup file on a remote server. I am having problems accessing the remote backup file when it is addressed via the admin share, in this case N$. It runs okay if a specific share is created but for some unknown reason fails via the adminshare.
I am executing the package job with a proxy account that is a member of the local administrators group on the remote server.
It appears that access via a remote admin share isn't possible from within a SSIS package. Is this the case?
I would like to backup my databases to a network share (NAS) instead of local disk using Maintenance Plans created by Enterprise Manager. I have successfully used a UNC path to target the destination network share but have not been to figure out how to submit a logon to the network share before the backup is executed.
The SQL Server instance is running in the context of the local system account.
Can I insert a step in the SQL SQL job that is created by the Maintenance Plans that changes the Windows account that the backup runs under? If yes what command syntax would I use in the inserted step or is there another way to accomplish that I'm attempting to do?
I am trying to backup a database with a command like:
BACKUP DATABASE my DataBase TO DISK = '\bkSystemkDiskBackup1.bak'
but I get the error 'Cannot open backup device '\bkSystemkDiskBackup1.bak'. Device error or device off-line. The bkDisk folder is shared, with Everyone full-control access (it's a test environment)
Hi,I am not able to execute following command from computers other than the SQLserver itself.select * from openrowset(bulk N'\ImageServerModelCam_05.dwg',SINGLE_BLOB) as docI get following error message:Msg 4861, Level 16, State 1, Line 1Cannot bulk load because the file "\ImageServerModelCam_05.dwg " couldnot be opened. Operating system error code 5(Access is denied.).If I use local file path and keep the file on the SQL server then it worksfine from any computer.select * from openrowset(bulk N'D:ModelCam_05.dwg', SINGLE_BLOB) as docThe network share has read access for everyone.What should I do to make it work? I am not allowed to move the files and theapplication which loads them to the SQL server.ThanksSachin G
how can Share may sqlexpress 2005 on network that other can access my databasess on their pc and edit update and insert recored into my table please tell me how can do this ?
Hello All, I 'm trying to attach a database to my sql server 2005 using the following syntax:
Code Snippet
DBCC TRACEON(1807, -1) GO EXEC sp_attach_single_file_db 'MyNetworkDB', '\leaf7dbsMyNetworkDB.mdf' GO
Also, the folder dbs and the mdf file MyNetworkDB.mdf has full permission for Everyone.And when executing the above statement, i get the following error:
Code Snippet
DBCC execution completed. If DBCC printed error messages, contact your system administrator. Msg 5133, Level 16, State 1, Line 1 Directory lookup for the file "\leaf7dbsMyNetworkDB.mdf" failed with the operating system error 5(Access is denied.).
Can a SQL Server 2005 Compact Edition database file be deployed on a file share and be accessed by multiple (5-10) concurrent users? This is a current scenario being implemented at several sites using MS Access databases.
Each client would have the SQLce engine installed on it and would only access the database via a managed C# application.
I have developed a Windows App in VS.NET 2005 which connects to a SQL 2005 Express database.
Now I want to install the app and database on the network and I am getting an error "File 'file_name' is on a network device not supported for database files"
SQL Agent will not successfully execute my package as a job. Bids executes the package correctly as well as when I run the package manually (right click, run package) through SQL Server Management Studio. This is a permissions issue with the flat file any help will be much appreciated.Background Information:OS: SQL 2005 on Windows Server 2003Flat File Connection: \servernamefolderfile.txt (If I change the flat file location to a local file the package will run as a job successfully)Domain: The package is running on a Windows machine that is not on any domain. The network location is a Windows machine on a domain.Security: The network location folder (\servernamefolderfile.txt) has no security, namely anyone can access any file to read/write/delete/etc. I can manually add and delete files as well as add and delete files when the package runs through BIDS or when I manually run it through management studio.Permissions: I have created a login, security credential, and proxy which I am using to run the package. The security credential is tied to the Administrator account on the local machine. Error Message: Executed as user: COMPUTER-NAMEAdministrator. Microsoft (R) SQL Server Execute Package Utility Version 9.00.3042.00 for 32-bit Copyright (C) Microsoft Corp 1984-2005. All rights reserved. Started: 12:05:37 PM Error: 2007-06-19 12:05:39.25 Code: 0xC001401E Source: DataTransfer Connection manager "FILECONNECTION.FileConnection" Description: The file name "\servernamefolderflatfile.txt" specified in the connection was not valid. End Error Error: 2007-06-19 12:05:39.25 Code: 0xC001401D Source: DataTransfer Description: Connection "FILECONNECTION.FileConnection" failed validation. End Error DTExec: The package execution returned DTSER_FAILURE (1). Started: 12:05:37 PM Finished: 12:05:40 PM Elapsed: 2.297 seconds. The package execution failed. The step failed. (note: I replaced the fileconnection strings with FILECONNECTION and the serverpath with "servernamefolder" for privacy reasons. Any help would be greatly appreciated. This is some sort of security issue with SQL Agent. But, the error claims that the user is running as localmachineAdministrator. Isn't this how the package would run if I manually execute it?
In the "Choosing Between SQL Server 2005 Compact Edition and SQL Server 2005 Express Edition" white paper, i can read that: "SQL Server 2005 Compact Edition support data file storage on a network share" and "Number of concurrent connections = 256"
But when i try to connect with two different PC at the same time to a .sdf file store on a network share, i have an error message : "File is locked by an other processus"
The firsth PC is connected but the secondth can't
";Mode=Read Write" in the connection string don't change anything.
I am experiencing an issue with SQL Server 2000 Maintenance Plan. DB Backup job fails to delete old backup files from the file server (I am backing up to the network share - actually, a DFS). Backup part of the maintenance plan/job succeeds, but then cleanup part fails.
I made sure that service account under which SQL Server Agent is running, has sufficient privileges over the network share by logging in and successfully deleting files in question.
I was not able to locate any log entries either on the SQL Server machine or on the file server machine that would indicate the root of the problem. Even though I turned on auditing for Delete operations for the destination folder, its subfolders and files, I could not find anything in the Security event log.
I would appreciate any ideas on how to troubleshoot and correct this problem.
I am running Microsoft SQL Server 2012 SP on a Windows Server 2008 R2 Standard SP1 box. The SQL Server service is running as a simple windows domain user (nothing special, no admin rights, etc.) I am having some issues with using Bulk Insert when the data file is on a network share when using Windows Authentication. What is known is that the SQL Server service account has access to the network resource, which is shown by logging into SQL Server with a SQL account and doing the Bulk Insert. I also have rights to the files on the share, as shown by the fact that I put the files there. My SQL is in the form of:
Bulk Insert [table name] From '[server][share][filename]' With (FirstRow = 2, FormatFile='FormatFile.xml')
Now, when connecting to SQL Server with Windows Authentication and running the Bulk Insert I get the following error:
Msg 4861, Level 16, State 1, Line 2 Cannot bulk load because the file "[server][share][filename]" could not be opened. Operating system error code 5(Access is denied.).
I found this snip at
BULK INSERT (Transact-SQL)Security Account Delegation (Impersonation), which says, in part (emphasis mine):
To resolve this error [4861], use SQL Server Authentication and specify a SQL Server login that uses the security profile of the SQL Server process account, or configure Windows to enable security account delegation. For information about how to enable a user account to be trusted for delegation.
How to Configure the Server to be Trusted for Delegation, and we tried the unconstrained delegation and I rebooted the SQL server, but it still does not work. Later we tried constrained delegation and it still does not work.
I have verified the SPNs:
C:>setspn adsvc_sqlRegistered ServicePrincipalNames for CN=SVC_SQL,OU=Service Accounts,OU=Users,OU=ad domain,DC=ad,DC=local: MSSQLSvc/SQLQA.ad.local:1433 MSSQLSvc/SQLDev.ad.local:1433 MSSQLSvc/SQLQA.ad.local MSSQLSvc/SQLDev.ad.local I have verified that my SQL connection is TCP and I am getting/using a Kerberos security token. C:>sqlcmd -S tcp:SQLQA.ad.local,1433 -E1> Select dec.net_transport, dec.auth_scheme From sys.dm_exec_connections As dec Where session_id = @@Spid;2> gonet_transport auth_scheme------------- -----------TCP KERBEROS(1 rows affected)1>
If I move the source file to a local drive (on the SQL server), all works fine, but I must be able to read from a file share?
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
I need some advise/help how to deploy a small sql server compact 3.5 database on networkshare where about 8 people have access to it(install de client ) and can modify the database with aprox 3000 records. I'm using visual basic 2008 and created a compact database and filled it with one table of an export of an access database done with data port console. And created a new windows forms application and saved the project. Publish is not the problem but how too set it up...... There is not much info to find on how to get a sql server 3.5 database running on a network share. Who can help ???
I've been trying to workout how, without impersonation, I can allow an application running under the default ASPNET user to access a network resource (SQL Server/ADAM) not on the same physical machine.
It seems that because the ASPNET user is a local user not a domain user I can't setup windows authentication on the network resource. That seems to leave impersonation which MS et al say is unwise.
We have 2 node sql 2012 cluster and we have a scenario where domain,IPs,Hostanmes and SQL network name are changing.
1> Can SQL cluster role be brought online by changing the sql network name and its IP once windows team reconfigure the OS cluster or there will be any challenges.
2>should I uninstall sql cluster on both nodes then windows will destroy OS cluster and they then they need to change IP,hostname and domain and then fresh installation of sql cluster
I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success. - Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server ------------------------------
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
I had been trying to solve this error with no success :
One or more of the server network addresses lacks a fully qualified domain name (FQDN). Specify the FQDN for each server, and click Start Mirroring again.
The syntax for a fully-qualified TCP address is: TCP://<computer_name>.<domain_segment>[.<domain_segment>]:<port>
I had installed three instances on my local machine to test Data base mirroring :
Principal : running SQL Developer Instance
Mirror : running SQL Developer Instance .
Witness : Running SQL Express.
Database mirroring already enabled using startup flag : -T1400
i even tried to configure it with out a witness but still have the same error .
I used the follwoing server name in the mirroring wizard(not localhost) :
I've big problems with my SQL Server 2005 Std. merge replication/snapshot share
I want to create a mobile application based on a ms sql 2005 mobile database running on a pocketpc 2003se.
for this task i installed iis, sql server 2005 std. and the sql server mobile tools.
i created a dedicated user for making snapshots in the new created and functionable publication, but when i start the web sync wizard, i alwas get the failurmessages
snapshot share "......" cannot be accessed, please specify a new share
the access permissions based on the share an based on the ntfs area are set right.
the user, i chose for the anonymus access (the same, as for creating snapshots), has enough rights on the folder. also when creating a new share, with different share name, and using another user for anonymus access (standard iusr_machine_name) i get the same message
I have found SSIS is showing some strange behaviour when dealing with share names for file connections.
I have been using Package configurations and file connections to pick up excel files are using the name of the Share as the path to the file location.
What is strange is that SSIS appears sometimes to successfully see the file and other times fails with the error "....does not exist"
eg I have run a package successfully picking up these excel files using the share name. I have then run the same package IMMEDIATELY again using the exact same files from the same share location and it will then fail with the above error.
I'm new to SSIS. I'm looking for basic pointers to return temp table created by a proc to be written to file shares. Any pointers/examples appreciated.
Get a filestream download link with only access to read and with folder navigation
I need a link with the path to get the file stream blob, that path could be used to download a document using any windows app like windows explorer, etc. the requirement is that path does not allow customer to navigate in filesstream share folders or see other files and only can read the file of the path,
Checking :
[file_stream].GetFileNamespacePath(2)
Allow you navigate in folders.
NON_TRANSACTED_ACCESS read_only, resolve the requirement to disable the save in file table, but allow you navigate and see other files.
I have a Windows Server 2012 R2 2 node cluster with SQL Server 2014 FCI installed. Data files are on a separate Windows Server 2012 R2 file server. Data files share has been permissioned to the SQL Server service and SQL Server Agent service accounts as Full Control. NTFS Permissions are Full Control.
When I try to attach a database CREATE DATABASE AdventureWorksDW2012 ON (FILENAME = 'apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATAAdventureWorksDW2012_Data.mdf') FOR ATTACHI get this error: Msg 5120, Level 16, State 101, Line 4 Unable to open the physical file "apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATAAdventureWorksDW2012_Data.mdf". Operating system error 5: "5(Access is denied.)".
If I log into the file server (called APRICOT) and look at the NTFS permissions they all look good. I have also reapplied the NTFS permissions from the root folder down.
EDIT If I log on to one of the nodes in the cluster as the SQL Server service account and navigate to apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATA and copy and paste the data file, it works fine.
EDIT2: If I log on to the file server and Enable Inheritance at the root level, then Replace all child objects with inheritable permission entries from this object, I get this error:
User Account Control settings on all nodes and the file server are set to Never notify
Hi I am trying to schedule a job to copy an MDB data file from Unix server to Windows 2003 server (Accfp1_data2_server). I have created a file copy SSIS package and tested it in the SSIS Visual Studio environment where it runs ok. The package was created while logged in as a domain administrator.
I then created a job to run this package (which is stored on a folder) using the credential of the same domain administrator who has full access privilege to both of these servers. However, the job fails whenever it is run manually or scheduled? The error message displayed is given below --------------------------------------------------------------- Message Executed as user: FORTIESABCITYG. Microsoft (R) SQL Server Execute Package Utility Version 9.00.3042.00 for 32-bit Copyright (C) Microsoft Corp 1984-2005. All rights reserved. Started: 14:26:07 Error: 2007-09-13 14:26:12.56 Code: 0xC001401E Source: CommunityContact - Copy MS Access Database Connection manager "CONTACT.mdb On Accfp1_data2_server" Description: The file name "\Accfp1_data2_serverDATA2Arts&recAppsContactsCONTACT.mdb" specified in the connection was not valid. End Error Error: 2007-09-13 14:26:12.56 Code: 0xC001401D Source: CommunityContact - Copy MS Access Database Description: Connection "CONTACT.mdb On Accfp1_data2_server" failed validation. End Error DTExec: The package execution returned DTSER_FAILURE (1). Started: 14:26:07 Finished: 14:26:12 Elapsed: 5.297 seconds. The package execution failed. The step failed. ---------------------------------------------------------------
Please note that the job runs without problem when I change the source file to a Windows 2000 server share . How bizzare? Hope this is not a Microsoft's Trick?
Is there a way to access a SQL Server running on a different domain? I can access the same SQL Server from my machine, which is on a different domain using the ODBC connection, but when I try to access it using an application written in VB6.0 then I get the SQL Server does not exist error. I'm using the SQL Authentication method.