Workgroup -&&> Domain Impersonation

Jul 8, 2006

In the following scenario, I am getting the message 'Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection'.

I am running a Windows Server 2003 with development environment and Sql Server Management Studio in a workgroup on a virtual PC.

My SQL Server 2000 is running on a domain server.

On the virtual Pc I have setup my user login and password to be the same as my domain login and password. Why is the Management Studio not using impersonation and allowing me to connect to the SQL server on the domain?

View 4 Replies


ADVERTISEMENT

Domain Vs. Workgroup

Jan 31, 2008

My company has a large-ish website and we are migrating to new
servers. There will be a web server (accessible to the world) backed
by a SQL Server 2005 Standard server (only accessible by the web server and
through VPN/Remote Desktop to administrators and our internal
network). We can either put the database server (which is not in a
cluster) on our domain or leave it in a workgroup. My first thought
is leave it in a workgroup simply for security and reliability (i.e.
if the DC goes down or loses connectivity), but people here are
disagreeing with me.

Should I put the database server (which is not used internally at all)
on the domain or leave it in a workgroup?

View 1 Replies View Related

Domain Vs. Workgroup

Jan 31, 2008

My company has a large-ish website and we are migrating to new
servers. There will be a web server (accessible to the world) backed
by a SQL Server 2005 Standard server (only accessible by the web server and
through VPN/Remote Desktop to administrators and our internal
network). We can either put the database server (which is not in a
cluster) on our domain or leave it in a workgroup. My first thought
is leave it in a workgroup simply for security and reliability (i.e.
if the DC goes down or loses connectivity), but people here are
disagreeing with me.

Should I put the database server (which is not used internally at all)
on the domain or leave it in a workgroup?

View 1 Replies View Related

Cluster On Workgroup And Then Domain

Sep 26, 2005

We have a set of client servers which will include a SQL Server 2000 active/passive cluster attached to a SAN. We have all the equipment here (no attachment to client site) to configure. My worry is since it will have to be setup as a workgroup, and then shipped to client to add to their domain, is this a doable option. has anyone had to do this or tried this? Or would we be better off shipping whole thing to client and setting up cluster there?

View 6 Replies View Related

MS Sql Server On Workgroup Not Domain.

Jul 20, 2005

Hi have a small network setup and have MS sql server on workstation.Can access it locally but cannot access it from other work stations.I am assuming it is some sort of logon error, being it is not adomain. Any ideas on getting by this ?

View 2 Replies View Related

Can't Start SQL Server If I Change The Domain To Workgroup

May 8, 2008



Hi folks,

For the past couple of days, I have been trying to get my SQL Server to work with Distributed Views. I am created linked servers, linked server logins, set XACT Abort ON.

I am successful in running a select against the distributed view, but was unable to run an "INSERT"

When I try a simple insert, the query took 3:14 minutes. Then I get an error message like:

Server: Msg 7391, Level 16, State 1, Line 1
The operation could not be performed because the OLE DB provider 'SQLOLEDB' was unable to begin a distributed transaction.
[OLE/DB provider returned message: New transaction cannot enlist in the specified transaction coordinator. ]
OLE DB error trace [OLE/DB Provider 'SQLOLEDB' ITransactionJoin::JoinTransaction returned 0x8004d00a].

I have checked that MSDTC is running and configured under a domain account on both machines - running sQL 2000 and win2K

I have been unsuccessful still after tinkering for several days. I have checked my network configurations and noticed that when I try to ping the other machine by name, I don't get a response. I can only get a response to a ping when I enter the IP address directly.

Could this be a problem? Also, I noticed that for some strange reason, whenever I ping from either machine it is showing an external IP - always the same one no matter which computer name I try to ping. Something like 209.xxx.xxx.xxx instead of the 192.xxx.xxx.xxx that I expect.

Finally, I thought that problem was possibly due to incorrect Active Directory configuration. I tried to remove both machines from the domain by changing them to a workgroup "TEST" instead of the domain.

When I restarted the PC, I am unable to start SQL Server. It shows the Red Stop sign. When I try to start it, it gives an error like: Service could not start because one or more dependencies failed.

When I add the machine back to the domain, SQL server starts working on reboot.

Can anyone help me please.

Thanks.

View 7 Replies View Related

Domain Group Logins Failing On SQL 2k5 Workgroup

Dec 27, 2006

This question is regarding a brand new out-of-the-box SQL Server 2005 Workgroup Edition install. The old SQL Server 2000 server is working properly with regard to the issue we're having:




We are using Windows Authentication, and have created SQL logins for about


40 different groups on our domain. We've given those logins the appropriate


permissions on the databases they're supposed to be able to access.
The SQL Server is not a domain controller, but is a member of the domain, and domain logins do work for Windows-login purposes on this box.




The problem is that when users try to connect to the SQL server, they are denied access. An error 18456 is thrown, and logged in the Application event log


stating "Login failed for user OURDOMAIN heuser" (example values). The

domain user is properly a member of group added as a login to SQL Server, and we've
confirmed that there are not conflicting permissions that would deny those


users access via another route. These same groups are working fine on the SQL Server 2000 box.




This is only a problem for domain-based groups. If we create a local group


on the SQL server machine, through Computer Management -> Local Users and


Groups, then make the same domain users a member of THAT group, and finally then
follow the same process to add that local group to SQL Server Logins and set


the database privileges, it works!!





Our group memberships change frequently, and are used for a lot more than


just SQL server permissions. So, using local groups and maintaining


membership in both places is not really feasible. Any ideas why a local


machine group containing domain user accounts would work fine, but a domain


group containing the same accounts would not?





Thanks in advance.

View 20 Replies View Related

Move SQL 2000 Server From Workgroup To A Domain

Aug 24, 2006

I have been asked to move a system running MS SQL 2000 Server from a workgroup to a domain. The SQL server is running in SQL Authentication and the services are running as local system.

Will SQL Server break after the move?

Any advice will help. I thought I remember this being the case, but possibly only with Windows Authentication.

View 3 Replies View Related

Client On Domain Cannot Access SQL Server On Workgroup

Oct 12, 2007

Hi,

I have a quick question regarding domains and workgroups.

Currently I am working on an issue in the office of a small business. Right now there are 3 client computers that connect to a dell server running windows std. server 2003. The server has sql running on it that takes care of the invoicing system. Two out of the three work stations are able to use the database fine, but there is one that is unable to connect to the database. The only different that I could find is that the two workstations that DO work are currently set to use a workgroup, whereas the one workstation that does NOT work is set to use a domain...... I tried switching that computer to workgroup, but then I was unable to login as the normal user that I had always logged in as before.....

What can I do to solve this dilemma?

Any help would be greatly appreciated!

I apologize if this is the wrong forum for this, and if it is, if someone would point me to the correct one I would appreciate it.

Thanks
-steve

View 4 Replies View Related

SQL 6.5 Connection From Domain Server To Workgroup Server

Jul 22, 1999

I'm trying to establish connection between two SQL servers, one on a Domain and one on a Workgroup. When I log as the local administrator to the Domain machine, everthing is fine and both machines can register each other (both machines have the same local admin user name & password.) When I log back into the Domain on the Domain machine, I cannot register the Workgroup server but I can register Domain server from the Workgroup server. Putting the Workgroup machine on my Domain won't work because I'm going to be using a firewall. Do I need to set up another domain for the Workgroup machine and configure a trust on the Domain machine? Any suggestions?

View 2 Replies View Related

How To Connect Domain SQLSERVER2005 To WORKGROUP SQLSERVER2005

May 12, 2007

hi



COMPUTER-1



IP ::::: 129.100.100.5

COMPUTER NAME IS ::::: HASH

MEMBER OF DOMAIN

in this computer sqlserver express edition is installed, i want to remove this express becoz in configuration manager it show two SQLSERVER'S are running. when i browse from COMPUTER - 2 for network servers it show server name as HASH/SQLEXPRESS, but not the main SQLSERVER.





COMPUTER -2



IP::::129.100.100.142

COMPUTER NAME::: FEROZ

MEMBER OF WORKGROUP



can anyone help me how to connect these two computers and remove this express edition



iam new to sqlserver configuration



thanks in advance



waiting for eager reply

View 1 Replies View Related

Impersonation W/SQL CLR

Nov 7, 2007

I want a user to be able to call a stored procedure, that will call an assembly, that will logon on to another SQL Server, perform some functions (calculations), and return the results. I want the user's credantals passed, NOT the SQL Server Account. So in some research, I created this:

Imports System.Data
Imports System.Data.SqlClient
Imports Microsoft.SqlServer.Server
Imports System.Security.Principal


Public Class SomeName
<Microsoft.SqlServer.Server.SqlProcedure()> _
Public Shared Sub LinkedServer()
Dim cmd As SqlCommand
Dim dr As SqlDataReader
Dim clientId As WindowsIdentity
Dim impersonatedUser As WindowsImpersonationContext

clientId = SqlContext.WindowsIdentity
impersonatedUser = clientId.Impersonate()



Try
Try
impersonatedUser = clientId.Impersonate()

If impersonatedUser IsNot Nothing Then

' as usual, connection strings shouldn't be hardcoded for production code
Using conn As New SqlConnection( _
"Data Source=SERVER1; Initial Catalog=master; Integrated Security=SSPI")
conn.Open()

cmd = New SqlCommand( _
"SOME QUERY", conn)

dr = cmd.ExecuteReader()

SqlContext.Pipe.Send(dr)

End Using
End If
Finally
If impersonatedUser IsNot Nothing Then
impersonatedUser.Undo()
End If
End Try

Catch ex As Exception
SqlContext.Pipe.Send("Error: " & ex.Message)
End Try
End Sub
End Class

Now the issue is that I get this message when I execute this code with the Impersonation code.

Msg 10312, Level 16, State 49, Procedure spr_SQLServerAccess, Line 0

.NET Framework execution was aborted. The UDP/UDF/UDT did not revert thread token.


When I exclude the impersonation code, everything works, BUT executes under the SQL Server Account.

I have used this code to create the Assembly and Stored Procedure:

-- Register the assembly

CREATE ASSEMBLY SQLServerAccess

FROM 'c:linkedserver.dll'

WITH PERMISSION_SET=EXTERNAL_ACCESS

GO

-- Register the stored-procedure

CREATE PROCEDURE spr_SQLServerAccess

AS

EXTERNAL NAME SQLServerAccess.SomeName.LinkedServer

Any idea's on the error message that is being thrown by SQL WITH the Impersonation code?

View 3 Replies View Related

Wanting To Use Impersonation

May 2, 2007

Hi,

I like to use impersonation using multiple databases and a user with no login.



I'm working with Powerbuilder 10. I can change users using the command Execute Immediate "EXECUTE AS USER = 'username'". Unfortunately, I can't execute the command 'REVERT' from Powerbuilders Execute Immediate command. The Execute Immediate command prefixes the 'REVERT' command with a exec. ie. exec REVERT.



I thought I could encapsulate the REVERT command in a procedure and run the procedure using Execute Immediate. But, I'm new to SQL Server and I'm not sure if I can.



Does anyone know how to solve this problem? Thanks.



TF

View 3 Replies View Related

User On Trusted Domain Does Have Permission To Access Linked Server On AD Deployed In Another Domain

Sep 28, 2007

Hi,
We have the followoing:

-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master)
-A sql server 2005 on a win server 2003 in "sub domain" AD
-A linked server to "sub domain" AD
-A linked server login using a "sub domain" admin acccount
-A view to this linked server
-A grant on masterDomain/Domain Users to the database
-A grant on subDomain/Domain Users to the database
-We want all connections done through "Windows Authentication" not "Database Authentication".

Queries on the view work fine using "sub domain" user accounts.
Queries on the view fail using "master domain" user accounts (including master domain admin accounts)


"Msg 7399, Level 16, State 1, Line 1

The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."

All connections are done through "Windows Authentication" not "Database Authentication".

Can we establish cross domain connectivity with "Windows Authentication" ?


Below are details of the implementation:

SELECT TOP (100) PERCENT *
FROM OPENQUERY(ADSI,
'SELECT displayname, givenName, sn, cn (etc...)
FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com''
WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')

EXEC sp_addlinkedsrvlogin @rmtsrvname ='ADSI', @useself='false',
@rmtuser='subDomainAdminAccnt', @rmtpassword='sunDomainAdminAccntPassword';

In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:

"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'

Error:
Msg 7399, Level 16, State 1, Line 1

The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.

Msg 7320, Level 16, State 2, Line 1

Cannot execute the query "SELECT displayname, givenName, sn, cn

FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'

WHERE

objectCategory = 'Person'

AND objectClass = 'user'

" against OLE DB provider "ADsDSOObject" for linked server "ADSI".

View 7 Replies View Related

Problems With Change Sql Permissions After Migrating Domain User/group Accounts Into Root Domain

Apr 5, 2007

I have a root domain and child domain.



After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.



This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.



Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?



I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.



I believe it is something to do with the SID not matching.



Any ideas on how to fix this ?

View 1 Replies View Related

SQL Security :: Domain Migration Altered SA Or Domain Admin Access To DBs

Jun 19, 2015

we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any  password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.

View 6 Replies View Related

How Do You Setup Impersonation && SqlExpress

Mar 3, 2008

What's the correct way to set up impersonation & SQLExpress 
Here's the error I'm getting:Cannot open database "aspnetdb" requested by the login. The login failed. Login failed for user '***ASPDATA'.
SQL Express in installed on C:       aspnetdb was set up from aspnet_regsql.exe, on IIS manager - asp.net tab - edit configuration this string is there:     data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true     The aspnetdb is located in C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLDataThe ASP.Net web is on D:     webconfig file has:  <add name="LocalSQLServer" connectionString="Server=.SQLEXPRESS;Database=aspnetdb;Trusted_Connection=Yes;" />                                 <authentication mode="Windows" />                                <identity impersonate="true" userName=aspdata@xxx.org password="xxx" />
Should I take a copy of aspnetdb and put it in the web app_data folder?Jess

View 1 Replies View Related

Linked Server Impersonation

Sep 29, 2007



I am having a Linked server from SQL 2005 to SQL 2000. Linked server is configured with Local account and remote account "remote_user".

When application hits the linked server, it fails with message "login failed for remote_user".

Any idea how to solve this, i don't have access to remote server.

Regards

View 2 Replies View Related

Impersonation Through EXECUTE AS Failing

May 21, 2008

Hello all-
Before I go any further, I have followed http://msdn.microsoft.com/en-us/library/ms188304.aspx as best possible. I am attempting to send mail through a DML trigger. We'll call the database 'DB', and it is owned by a domain account named 'DOMAINAcct'. The trigger simply blocks any CUD operations on a table which we'll call 'Tbl', and sends an email. Hence, it looks something like...

CREATE TRIGGER [dbo].[TR_Tbl_BlockChanges]
ON [dbo].[Tbl]
WITH EXECUTE AS OWNER
INSTEAD OF INSERT,DELETE,UPDATE
AS
EXEC [msdb].[dbo].[sp_send_dbmail] @profile_name = 'AcctMail', @recipients = 'foo@bar.com', @subject = N'CUD operations not allowed on Tbl', @body = N'Blocked'

AcctMail is a valid profile and operates correctly. I have created the DOMAINAcct user in msdb, given it the AUTHENTICATE permission, and added it to the DatabaseMailUserRole. When the trigger fires, according to the article, the security context should switch to dbo (DOMAINAcct), then be successful when attempting to execute the msdb sproc. Instead I get the usual:
Msg 229, Level 14, State 5, Procedure sp_send_dbmail, Line 1
The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo'.

Thoughts?

View 4 Replies View Related

Using Windows Authentication With Impersonation

Dec 12, 2007



I am installing an application that is a WCF service host running as a windows service under the Network Service account. As part of its configuration I am creating a connectionstring in a config file that will allow the WCF services to access SQL Server. I would like this access to be done using windows authentication not sql server authentication.

connectionString="Server=MYSQLServer;Initial Catalog=MyDatabase;Integrated Security=True;"

So since the windows service is running Logged in under the Network Service account using the above connection string would try to connect to sql server using Network service account. Instead I would like to impersonate another domain account which has has a sql server login and is a user in the database.

Is there a way to configure the connection string to use integrated security but to impersonate another domain user?

Thanks

-- Steven

View 1 Replies View Related

Impersonation Failing In CLR Proc

Jul 16, 2006

This is driving me nuts, below is the C# for the proc as well as the runtime error upon calling EXEC on it. Any help would be appreciated. Using UNSAFE Permission Set.

using System;

using System.Data;

using System.Data.SqlClient;

using System.Data.SqlTypes;

using Microsoft.SqlServer.Server;

using System.Security;

using System.Security.Principal;

public partial class StoredProcedures

{

[Microsoft.SqlServer.Server.SqlProcedure()]

public static void uspExternalConnection()

{

WindowsIdentity newIdentity = null;

WindowsImpersonationContext newContext = null;

try

{

//impersonate the caller

newIdentity = SqlContext.WindowsIdentity;

newContext = newIdentity.Impersonate();

if(newContext != null)

{

using (SqlConnection oConn =

new SqlConnection("Server=.\sqlexpress;" +

"Integrated Security=true;"))

{

SqlCommand oCmd =

new SqlCommand("SELECT * FROM AdventureWorks.HumanResources.Employee", oConn);

oConn.Open();

SqlDataReader oRead =

oCmd.ExecuteReader(CommandBehavior.CloseConnection);

SqlContext.Pipe.Send(oRead);

}

}

else

{

throw new Exception("user impersonation has failed");

}

}

catch (Exception ex)

{

SqlContext.Pipe.Send(ex.Message.ToString());

}

finally

{

if (newContext != null)

{

newContext.Undo();

}

}

}

};

Msg 6522, Level 16, State 1, Procedure uspExternalConnection, Line 0

A .NET Framework error occurred during execution of user defined routine or aggregate 'uspExternalConnection':

System.InvalidOperationException: Data access is not allowed in this context. Either the context is a function or method not marked with DataAccessKind.Read or SystemDataAccessKind.Read, is a callback to obtain data from FillRow method of a Table Valued Function, or is a UDT validation method.

System.InvalidOperationException:

at System.Data.SqlServer.Internal.ClrLevelContext.CheckSqlAccessReturnCode(SqlAccessApiReturnCode eRc)

at System.Data.SqlServer.Internal.ClrLevelContext.GetCurrentContext(SmiEventSink sink, Boolean throwIfNotASqlClrThread, Boolean fAllowImpersonation)

at Microsoft.SqlServer.Server.InProcLink.GetCurrentContext(SmiEventSink eventSink)

at Microsoft.SqlServer.Server.SmiContextFactory.GetCurrentContext()

at Microsoft.SqlServer.Server.SqlContext.get_CurrentContext()

at Microsoft.SqlServer.Server.SqlContext.get_Pipe()

at StoredProcedures.uspExternalConnection()

View 1 Replies View Related

RS2008: Cannot Create Connection When Using Impersonation

Apr 9, 2008

I am testing RS2008 CTP6.
When I view a Adventureworks sample report (e.g. company sales) I get this errormessage when I use the option "Impersonate the authenticated user after a connection has been made to the data source" :


Cannot create a connection to data source 'AdventureWorks'.

Must declare the scalar variable "@ImpersonatedUser".


All other connection options without impersonate works fine.
Any idea what can cause this problem?

Thanks in advance.

View 1 Replies View Related

How To Use CLR Security ..Impersonation To Access External Resources?

Jul 28, 2006

I want to Access External resources inside the CLR Code... But I am getting Security Exception

I have marked Assembly with External Access... here is the way I am doing..

I read articles and MSDN .. everywhere is written to use impersonation like

using (WindowsIdentity id = SqlContext.WindowsIdentity)

{

WindowsImpersonationContext c = id.Impersonate();

//perform operations with external resources and then undo

c.Undo();

}

In above case .. I tried both Windows Authentications and SQL Authentications ...

In case of Windows.. I am have a domain login to logon to my pc, while sql server is at another machine and Active directory is at different machine .. when connect to Database .. it says cannot find user Domainnameuser

and the SqlContext.WindowsIdentity is always null or it has exception User.Toked thew Security exception.



After that .. I tried to user custome Identity .. using IIdentity =GenericIdentity("UserName","Windows");

But there is now difference .. still same exception .. as given below..

[Microsoft.SqlServer.Server.SqlProcedure]

public static void MyProcedure()

{

Process[] p = Process.GetProcessesByName("YPager"); //Yahoo messanger exe .. a process

p[0].kill();

}

A .NET Framework error occurred during execution of user defined routine or aggregate 'MyProcedure': System.Security.SecurityException: Request failed.

System.Security.SecurityException:

at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)

at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)

at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)

at System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Assembly asm, SecurityAction action)

at DatFileGenerator.StoredProcedures.'MyProcedure'()

.

No rows affected.

(0 row(s) returned)

@RETURN_VALUE =

Finished running [dbo].['MyProcedure'].



How could I go ahead... what I should do to accompilsh the task...

Kindlly .. suggestions and ideas..

Thanks,

Muna

View 14 Replies View Related

DB Engine :: Linked Servers Cannot Be Used Under Impersonation Without Mapping

Nov 11, 2015

I have a user who is trying to run a job (call an Stored Procedure) which connects to a Linked Server. He can run it OK using EXEC SP_Name but when he runs from the SQL Jobs it gives him the error: Linked servers cannot be used under impersonation without a mapping for the impersonated login.[SQLSTATE 42000] (Error 7437).  The step failed.The Linked Server was setup using another account. Would this be fixed if I add the new user to the Security section of Linked Server without breaking the current configuration? 

View 6 Replies View Related

Executing Stored Procedure Impersonation Question

Jan 29, 2007

As a bit of background first, I'm trying to write a CLR stored proc that will start/stop a Windows Service using the ServiceController class.

The problem I'm having is that the stored proc gets run as NT AUTHORITYNETWORK SERVICE - ie the user the SQLServer Windows Service runs as. This user doesn't have adequate permissions to start/stop a Windows Service (the user only has permission to view the service's status).

The Window's user who is connected to the db - executing the stored proc, does however have adequate permission to start/stop the Windows Service. I'd like to have someway of running the code in the stored proc as if it were this user. If someone could point me in the right direction I'd appreciate it.

View 1 Replies View Related

Accessing Network Shares Using Impersonation And Configuring Delegation

Oct 29, 2007

I'm having trouble trying to access a network share that comes via a UNIX server running SAMBA. In the first case, I'm running on my local workstation (A), connected to a remote server (B), and attempting to access directory information for a path like:

\a0amsimmsworkseaborg argets11as2981

This path is fully accessible by me from the workstation (A) and the server (B). The files and directories below "work" in the above path are also wide open on the UNIX side (meaning r-xr-xrwx permissions). However, if I attempt to do something like this:




Code Block
WindowsIdentity newID = SqlContext.WindowsIdentity;
WindowsImpersonationContext impersonatedUser = newID.Impersonate();
bool sim_dir_exists = false;

try
{
impusername = Environment.UserName;

Directory.GetFiles(mdcfullpath);
}
catch (Exception e)
{
impersonatedUser.Undo();
SqlContext.Pipe.Send("Exception getting data: " + e.ToString());
SqlContext.Pipe.Send("CWD is: " + Directory.GetCurrentDirectory());
SqlContext.Pipe.Send("User is: " + impusername);
}
finally
{
impersonatedUser.Undo();
}




The "GetFiles" fails with the following exception:


Exception getting data: System.UnauthorizedAccessException: Access to the path '\a0amsimmsworkseaborg argets11as2981' is denied.

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)

at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)

at System.IO.Directory.GetFiles(String path)

at StoredProcedures.mdcinfo(Int32 sim_id, String mdc_base)

CWD is: C:WINDOWSsystem32

User is: amsimms

Initial is: dbserver

Interestingly, if I run the procedure directly on the server (B), I do not get the exception. So this seems to be more of a delegation problem. The server B's sql server instance is running as a domain account (dbserver), which has been enabled for delegation and an spn has been set up. Is there something beyond this either with the impersonate or delegation configuration that I need to do in order for this to work?

Thanks,

--Andrew

View 5 Replies View Related

Impersonation Error With File Share Subscriptions In RS 2005

Apr 9, 2008

When publishing to a file share using Reporting Services (no service pack 2 yet) the following error occurs:

Failure writing file NewFile.mhtml : An impersonation error occurred using the security context of the current user.

I have tried publishing to both Windows XP and Server 2000.
The Reporting Services box is Server 2003.
Publishing account is Local Administrator on both Reporting Services and target boxes.
Logon Locally has been granted on both Reporting Services and target boxes.

Any thoughts?

View 7 Replies View Related

Trusted SQL Connection Impersonation And Login Failed For User '(null)'.

May 24, 2006

Hello All,
Login failed for user '(null)'.
I know this issue is all over the forum, however i have not found any posts that help me resolve the issue.
Situation:
I have an ASP.NET 2.0 application hosted currently on XP pro(will be moving to 2003 Server) which connects to a SQL 2000 database that resides on a different server. I have taken the following step to implement my security.
Given my account permissions to the database
Put the following in my web.config
<add name="MyName" connectionString="Data Source=MyServer;Initial Catalog=MyDatabase;Integrated Security=SSPI" providerName="System.Data.SqlClient" />
<authentication mode="Windows" />
<identity impersonate ="true" />
I have set IIS to use integrated authentication and removed anonymous.  The application works when run from the web server but not when run from a remote machine.
Thank you for any asistance,
George 

View 1 Replies View Related

Impersonation Mode Issue: Multiple Analysts Requiring Separate AS DBs For Security Model

Nov 15, 2006

Hello--

We have a current situation where analysts will be modeling a variety of problems, all stemming from the same source data (stored in a SQL-Server 2005 relational database).

Analysts that work on the same problem will only have access to:

- A sandbox relational database (which contains views into the same source database). The analyst is db_owner of the sandbox database, so she/he can create data transformations required, etc. The sandbox database contains views to the source database, but the analyst only has read-access to the specific data elements needed from the source DB. So, they are very restricted w.r.t. the source database, but are db_owners of their sandbox relational databases. Note that the analyst will connect to the database via Windows Authentication.

- An Analysis Services sandbox database to use for their modeling, etc. In this AS sandbox db, we've created a role called "Administrator" and checked the permissions: Full control (Administrator), Process database, and Read definition. The analyst's windows account is the "user" associated with this role.

Also, in this situation, the SQL Server 2005 Relational Engine and Analysis Services are running on a single machine. The goal of this security model is to provide analysts with the ability to work in their "workspaces" (both SQL and AS), but not to see other analysts work, etc.

I'm running into a problem when trying to build models using this security model by doing the following:
- Running Visual Studio
- Selecting File -> Open -> Analysis Services Database and choosing the AS DB that I have access to (this is the only one that appears in the drop-down, after specifying the AS server).
- I've created a data source pointing to the relational sandbox DB.
- I've created a data source view choosing the table/view needed for the case table.
- I created a mining structure with a decision tree model

When I process the mining structure, I'm getting the following errors:

- If the data source Impersonation is "Default" -- the error is "The datasource, '<DS name>', contains an ImpersonationMode that is not supported for processing operations."

- If the data source Impersonation is "Use the credentials of the current user" -- the error is the same as "Default" above -- "The datasource, '<DS name>', contains an ImpersonationMode that is not supported for processing operations."

- If I change the data source Impersonation to "Use the service account" and select "OK" in the "Data Source Designer" window, and error comes up with message: "The ImpersonationInfo for '<DS name>' contains an ImpersonationMode that can only be used by a server administrator.

Any suggestions or pointers to help implement this security model to provide analysts with AS and SQL Relational resources for their modeling?


Thanks,

- Paul

View 1 Replies View Related

None-Domain Server Cannot Access SQL2005 Data On Windows 2003 Domain Server

Sep 26, 2006

I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.



- I have try following the KB265808 - no success.
- Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:

TITLE: Connect to Server
------------------------------

Cannot connect to ardsqldatawh.

------------------------------
ADDITIONAL INFORMATION:

An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476


Question: Could Windows 2003 security be blocking access? I'm using sa account to access.

Also, sa account does not seems to work for remote access. It is ok when accessing locally.

Any help would be appreciated.
949jc

View 1 Replies View Related

NON DOMAIN AND DOMAIN CONNECTION

Jul 20, 2005

Hi all,it happen to me a strange problem:i have a mdb file (in Access 2K) with SQL Server 2K linked tables whoruns on a workstation which is on a different domain that the SQLServer. It works.If i create a mdb file from a workstation which is a the domain of theSQL Server and then i run it a my non-domain workstation i have errormessage:Login failed for user '(null)'. Reason: Not associated with a trustedSQL Server connectionBut if i reattached my tables it works.If someone have an idea....PS: same ODBC on both machines

View 1 Replies View Related

Migrating SQL 2000 From A 2000 Domain To 2003 Domain

Mar 2, 2006

Currently running a SQL 2000 server in 2000 domain and want to migrate it to a new 2003 domain of the same name.

How do I go about it and is there any problems with this plan?

View 1 Replies View Related

How To Set Access Workgroup

Jan 20, 2006

My package is to copy data from an Access 97 db into a SQL2k5 table.

Problem is that the 'mdb' is subscribed to a 'mdw' workgroup and I have been unable to workout / read how to get the SSIS manager to join the workgroup. Connection fails because "...you don't have necessary permission..."

I was able to do this previously for SQL 2k by messing with the registry, but I'm now on unfamiliar teritory.

Any answers? Cheers.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved