Cannot Connect After Changed To "Windows NT Only" Security
Jun 12, 2001
WE have an appl testing the SQL security feature, at some point in time
they drop the BUILTINAdministrators group from the login,
changed the security mode to "Windows NT only", but no users have system admin
server role, after the SQL server was restarted, no one can connect to the server. No one has authority to change the security mode back to "mixed"
(all standard logons will not work)
Any comment ?
The way I can think of to fix the problem:
detach all user databases
run rebuildm.exe
reattach all user databases
recreate the required logins
I changed the login password on my computer today, and now I cannot connect to the SQL Server instance I have on that same machine. I am using Windows Authentication. I would think that, if I can log on to my computer, I would be able to connect to the database, since I have been "authenticated" by windows but, that does not appear to be the case. Can anyone offer any advice? Thanks in advance for any help you can provide.
I have a test environment set up at home with a small windows server 2003 Active Directory domain. I created a windows security group on the dc and added myself and another user to the group. I then use this group as a login for SQL Server and add the login to the sysadmin server role. This works exactly as I would expect on the Windows Server computer (which is also the Domain Controller) regardless of which computer I use to connect to this Windows Server computer. However, when I set up the exact same login on the local sql server instance of my client laptop running windows xp pro, the I get an error message (Login failed for user MYDOMAINdgolds...) when I attempt to connect to the local instance of SQL server, even though I am able to connect to the instance on the domain controller with no problems using this same client laptop under the same user account. The only way I am able to connect locally on the laptop under this account (which does not have local admin privileges on any box, for testing purposes) is to add the user account separately as a login, rather than as part of a group. I'm curious as to why being a member of a security group that is part of the sysadmin server role does not allow me to connect to the local instance of SQL Server on this client laptop. The windows server computer is running SQL2k5 Enterprise, and the client laptop is running SQL2k5 developer. Any insight into this would be appreciated.
We had a strange incident with our Database Mail today. We use sp_send_DBMail to send mail from stored procedures in our SQL Server 2012 (11.0.2138). There are 7 profiles available for use by different databases. The actual stored procedures are called by Web apps using a connection string that has a specific SQL user identified.
Last night app 1 was using profile 1 like usual and app 3 was using profile 3 like usual. This this morning (7 hours later) App 3 was sending from profile 1 everytime a call to sp_send_dbmail was made. Not good. App 1 was still correctly sending from profile 1.
We ran a call to sp_send_dbmail from a query window using profile 3 and it sent using the correct profile 3. We used the Database Mail right-click option of "Send Test Email..." to both profiles and they worked as expected.
Our investigation showed that in the Database Mail configuration wizard "Manage Profile Security" section Private Profiles tab... the User name that is used to call the stored procedures from web app 3's sp_send_DBMail did not have access to profile 3 anymore. It did have access to 5 of the other 7 profiles. 1 of the no access profiles was legitimate #7.
The only thing that has been changed lately was, 2 days ago a mail profile was deleted as it was no longer used. We used the Database Mail Configuration Wizard to remove it.
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.
I just upgraded from Windows XP Pro to Windows Vista Bussiness and tried to reinstall SQL Server 2005 Developers Edition. After the installation i downloaded (using microsoft windows update) and installed all the service packs for sql and vista available.
My problem is when i open sql server management studio and try to connect to my default instance using windows authentication and database engine, an 18456 error occurs.
I enabled all the protocols and all the ports I disabled windows firewall and antivirus (eset nod32) I installed all service packs available I have also installed Visual Studio 2005 without installing sqlexpress
But nothing happens!
Please i am very desperate, any information will be gratefully accepted.
This is my installation Information
Code Snippet
Microsoft SQL Server Management Studio 9.00.3042.00 Microsoft Analysis Services Client Tools 2005.090.3042.00 Microsoft Data Access Components (MDAC) 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft MSXML 3.0 5.0 6.0 Microsoft Internet Explorer 7.0.6001.18000 Microsoft .NET Framework 2.0.50727.1434 Operating System 6.0.6001
I wasn't able to connect to my SQL server 2000 database (which reside in the network in a windows 2003 server) after the IP address of the server has changed and the server is shut down, moved and re-started.
I was able to connect to this server by using ADO using VB. I was able to register this server in my EM and was able to create ODBC connection. Just when using ADO.NET, I wasn't able to connect. Any ideas? Will there be any caching within ADO.NET still pointing to the old IP address?
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?
We have a Job that calls a SSIS package 2005 that does some processing and execute a BAT file. This Job is being called by a web application.The BAT file creates a folder and named it based on the current date ( YYYY_MM) e.g 2015_07
It was working okay in the SQL Agent 2005 server until we moved to the new server SQL Agent 2012 using the same package SSIS package 2005. Now the issue is, instead of creating the folder based on YYYY_MM, it's now being created as YYYY_DD.I've checked the Regional settings of both server and they have the same "ENGLISH (United States) format. I even ran the code below and they're returning the same output echo %date:~ 10,4%_% date :~4,2%
I know the BAT file can be improved by not depending current locale in WINDOWS, but I just want to understand how this issue occurs and how does the regional setting being overridden?
What's the better security to use? Currently I'm always registering using the Windows authentication. When I'm trying to register using SQL authentication I always get "Login failed for user 'sa'" error....
Can we implement a table level (object) security on the groups of the windows NT domain using the integrated windows NT security so that one group has the permission over one table to update ,select ,delete the information and other group has permission has for some other table.
In my architecture I have a Domain Controller with Active Directory (DOMAIN_A), IIS 6.0 (WEBSERVER) and SqlServer 2000 (SQLDBSERVER).
The WEBSERVER has a .NET application with windows authentication. The .NET application interacts with the database server. I want to use Integrated Security to pass in the users login credentials to the database to run any database calls so that I can audit who is making what calls on the database.
The connection string I am using for this is as follows:
The problem arises after I login to the web application (I use the user DOMAIN_ASomeUser where SomeUser is a user who has permissions set up to make all of the database calls). After logging in however, when I go to a page that makes a database call I get the following error:
System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN_AWEBSERVER$'. It seems that for some reason, .NET is not passing the login name SomeUser, but instead is passing SERVERNAME$. Would anyone pls have any ideas how I can implement this. Any guide or references would be much appreciated.
We use local server windows groups to allow or disallow use of our SQL databases. We are now being asked to move off of our current server. My thoughts are to dettach and attach the database. What is going to happen to all my permissions based on the user groups of our old server? I intend to create the same group names on the new server but they will be newservergroupname as opposed to oldservergroupname. Is it just a case of scripting the database user, roles and object level permissions an manually changing oldserver to newserver?
I am having a problem in applying subscription to a report.
Here is my case:
I have a datasource with 'Windows integrated security ' authentication, yes....I am using windows domain authentication, so login info is not stored in DB but its authenticated from domain. Now the report I want to use subscription on is using this DS. I read it somwehere that I can use rsconfig -e -u -p option to assign user to unattended reports.
I think, this is the unattended report. I tried with rsconfig and then clicked on 'new subscription option'...and i got error (again) saying 'Subscription can not be created because the credentials used to run the report are not stored...or if linked report.....blah blah...'
I want to use subscription to this report but with 'Windows integrated security', is there any way I can do it ?? How can I assign some user to this report without changing authentiation method and use subscription ?
Help me ...I am stuck, this is the last milestone in my project !!!
We're using windows server 2012 R2 and sql server 2014 standard with mixed mode authentications. When we connect to other windows server using windows authentication and hit the following error:"the target principal name is incorrect cannot generate sspi context"..is the above err related to mixed mode authentications at installation?
I have a set of reports that read from an Analysis Services cube. Permissions are managed at the cube level since different users should look at the same report but different data. This is why for those reports, the data source has Windows Integrated Security set.
Those same users should be able to subscribe to those reports, the problem is that for subscriptions to work, the data sources must store the credentials. This means the filtered reports are lost since the stored account will show all the reports for all users.
Is there any way of generating "filtered subscriptions"?
Dear mems, I have a problem, and i don't khow how to resolve, pls help me:
My server is Windows XP (not domain), I work with SQL Server 2005, installed on my server, I configurate my SQL SERVER connection is "Windows Authentication mode", I add user "MyComputerguest" to MyServerSecutityLogins to accept connections from local network I have many databases: Db1, Db2, Db3...
But, I don't know to configurate my SQL Server to achive these: 1) My clients using "SQL Server Managment Studio" connect to Databases Db2, Db3... on my Server, they can expand, modify, add new all Tables, Sp, functions of Db2, Db3. 2) My clients are not allow to access Db1. 2) My clients can add new Databases Db4, Db5, Db6... in the future and they have full permission on every Database which they create without my interfere.
if you run the following script it takes access from the windows admin from getting into sql server through windows auth. The issue is that the files that are attached logging as SA after that are read only. Is there any solution? When you try and switch the file to read write sql server gives an error saying that it cant read the mdf and ldf--gives a windows access error....
USE [master] GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'BUILTINUsers') EXEC sp_dropsrvrolemember [BUILTINUsers], sysadmin DENY CONNECT SQL TO [BUILTINUsers] CASCADE GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'BUILTINAdministrators') EXEC sp_dropsrvrolemember [BUILTINAdministrators], sysadmin DENY CONNECT SQL TO [BUILTINAdministrators] CASCADE GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'NT AUTHORITYSYSTEM') EXEC sp_dropsrvrolemember [NT AUTHORITYSYSTEM], sysadmin DENY CONNECT SQL TO [NT AUTHORITYSYSTEM] CASCADE GO
When logged onto a server and connecting using windows authentication (either by server name or localhost) I am getting in fine, but when I connect using the IP I get the following error.
I can log in using SQL Server authentication with the IP.
We have a SQL Server Reporting Services instance running SP2. I have attempted to add a domain group in a trusted domain to the server to enable regular users to access reports. I have added this group to the instance folder as a SYSTEM USER and home as BROWSER. I am allowing those settings to be inherited down through the folders (reports and data sources) to the reports. My test user in this report receives:
The permissions granted to user 'DOMAINuser' are insufficient for performing this operation. (log shows HTTP 500)
when the user attempts to use the URL to go directly to the report. If we try to navigate from HOME and walk the folders the user sees a blank HOME page.
I have used other groups with no problem.
Is there something I am missing in setting up the security environment? Any help would be greatly appreciated.
I've actually used these users/objects successfully dozens of times on a seperate server with many clients...I am just re-scripting the objects here on this new server. The new remote machine is an image of one of the original machines that was working fine (with new broker GUIDs).
Server: Windows 2003, SQL 2005, on a domain Client: Windows 2008 Beta, not on any domain
I created an account with the same user name as the domain user on the client machine. And then I logged in as that user and went to Manage Network Password. I entered the correct domain credentials. Verified that this worked for file shares. However, SQL does not appear to be recognizing this and it tells me:
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
I have verified that this domain account is working properly with SQL when the client is also on the domain.
How can I get this Windows authentication scenario to work where the client is not on the domain and the SQL server is on the domain?
We are seeing login failures for windows accounts. Below is the error message.
Description: In our env most logins are windows accounts. Initially we thought it is an UAC issue and we tried to launch the SSMS using "Run as Administrator". However, we are seeing login failures.
Enviroment: Microsoft SQL Server 2014 - 12.0.2402.0 (X64) RTM Enterprise Edition (HyperVisor)
Error Message in Error Log :
2015-08-10 22:36:45.290 Logon Error: 18456, Severity: 14, State: 11. 2015-08-10 22:36:45.290 Logon Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx] 2015-08-10 22:41:23.470 Logon Error: 18456, Severity: 14, State: 11. 2015-08-10 22:41:23.470 Logon Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
Troubleshooting done: - Recreated the windows login in sql server. Doesn't work. - ran sp_valdidatelogins. it doesn't return any rows. - I belong to sysadmin role and when I say, getting below error message.
xp_logininfo 'domainloginname' /* Msg 15404, Level 16, State 19, Procedure xp_logininfo, Line 64 Could not obtain information about Windows NT group/user 'domainloginname', error code 0x5. */
We tried dropping this account and re-creating the windows account with same permissions but still result is same.It throws same error message. Login failure message !!!
I am running SQL Server 2000 (clustered server) with Windows 2003. For some reason MSDTC is failing on distributed transactions. I can run code that begins and commits a transaction from query analyzer, or run a stored procedure from Query Analyzer with the same code in it and both work great, but if I call the stored procedure from a DTS job, then the job fails with the following error:
DTSStep_DTSExecuteSQLTask_1, Error = -2147217900 (80040E14) Error string: The operation could not be performed because the OLE DB provider 'MSDASQL' was unable to begin a distributed transaction. Error source: ...... Error string: OLE DB error trace [OLE/DB Provider 'MSDASQL' ITransactionJoin::JoinTransaction returned 0x8004d00a]. Error source: Microsoft OLE DB Provider for SQL Serve. The step failed.
Hi , I am trying to connect to MS Sql server 2000 from Java (1.4.2 /1.5 ). I installed my Sql Server(8.00.382) from the one supplied withVS.NET 2001. When I installed it on my laptop it did not ask me for auser name and password. After install when I re-started my machine Isee the server started up with a green light. Now when I connect to theserver from VS.NET it works fine. This is because VS uses windowsintegrated security. I now need to connect using Java , so I downloadedthe microsoft drivers for SQL2000-JDBC sp3 from the microsoft site. Iadded the jar files to my Java project classpath. I manage to registerthe driver in java :Class dbClass = ClassLoader.getSystemClassLoader().loadClass("com.microsoft.jdbc.sqlserver.SQLServerDriver");DriverManager.registerDriver((Driver) dbClass.newInstance() );Connection conn =DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;_integrated security=SSPI");but cannot seem to get a connection as it gives an SQLException sayingthat it is unable to connect:java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Errorestablishing socket.I cant seem to figure it out.Can some one help ??I am a newbie to sqlserver so couldnt quite figure out how to changeadmin password or create a new user with the tools provided with thisversion of sql (SQL Server Desktop Engine).Any help will be appreciated.Ebby
In my DB (SQL 2012) one windows authentication is created automatically and a schema is created exactly automatically that this user is owner of this schema. (e.g the user is domainx and schema exactly domainx).
I created a DDL Trigger on my DB to find out who and how it is created , but I didn't get any useful information.
I change the owner of schema that I can delete the schema and after that delete the user, and sometimes because the user is owner of a service , I have to alter the owner of the service to DBO and delete the user , but again and again exactly this user and schema (e.g domaninx ) are created as soon as I delete it.
I have read these topics : [URL] .... and [URL] .... but can't solve my problem.
I have two SQL Server machines - RPTPROD and DATAPROD.
I wanted to create a linked server from RPTPROD pointing to DATAPROD using Windows Authentication. When I tried to create this linked server, I keep getting this error
"Login failed for user 'NT AUTHORITYANNOYMOUS LOGON' (Microsoft SQL Server,Error: 18456)".
On the "Security" page, I chose "Be made using the login's current security context". I'm sysadmin on both SQL Server machines.
I am trying to connect SQL database through code but I get this error,I have spent days to solve it but unfortunately I couldn't...Here is my code in VB express(OP:windows 2000 with SP4)I am new to VB,so it makes the situation more difficult for me.
my code is:
Public Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim conn1 As SqlConnection = _
New SqlConnection("Data Source=.SQLEXPRESS;" & _
"Integrated Security=SSPI;" & _
"database=deneme3_database;")
'Open connection
conn1.Open()
MessageBox.Show("Connection succeeded.")
'Close connection
conn1.Close()
MessageBox.Show("Connection closed.")
End Sub
The error message is,it is in german but it is clear I guess:)
" Die von der Anmeldung angeforderte "deneme3_database"-Datenbank kann nicht geöffnet werden. Fehler bei der Anmeldung. Fehler bei der Anmeldung für den Benutzer 'ADPLANatalay'. "
I have a scenario where I want to make a linked server query and report using windows service account credential. I can able to do link query if I RDP into the Server where linked server established using the service account and run query successfully but local client SSMS with my credential fails connecting linked server or querying. Looks to be a sql double hoping problem if so configuration each client domain account to enable delegation will be challenging as mentioned in the following articles instead service account only might work if possible.
I am trying to connect to an SQL database with a Java program compiled in NetBeans IDE. I have copied the proper .dll in the auth folder to the same folder as the .jar file required. I have tried a lot of things for a lot of hours, and am still coming up with the message "Driver is not configured for integrated security and "could not load the xxxxx.dll
Has anyone come up with a solution or a workaround to this problem. Please help. I have read the documentation until I am blue in the face. Please only respond if you have a 64 bit machine.
I have verified that the following services ARE running.SQL Server (SQLEXPRESS)SQL Server Browser SQL Server VSS Writer.This one however will not start ... For some reason it starts then automatically turns off.SQL Server Agent (SQLEXPRESS).When I try to connect using my <machine name>/instance and Windows Authentication I get the following error ...
"A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server)".The connection specified in the "Connect to Server" box was working perfectly fine before I upgraded. I thought it might have been my Norton 360 Premier but I uninstalled it.I AM having issues with the adapter frequently dropping the internet connection but I just disconnect and reconnect and that resolves itself.The other technique I tried was to replace the server name with the IP address ... <192.168.0.22>/Instance ... This actually seemed to find the SQL Server but rejected the Windows Authentication ...
"Login failed. The login is from an untrusted domain and cannot be used with Windows authentication." I have several databases on here and would hate to have to reinstall SQL Server and manually hook them back up.
When attempting SQL Replication I am getting an error that the user I setup for connecting to the Distribution database was unable to connect. I have setup a domain administrator user on our Domain (Active Directory) with the name of SDP. In order to test the SDP login I attempted to connect as DOMAINSDP, and it failed. If I login to Windows (2000) as SDP I can connect to the Server using Windows Authentication without any problem.
Why can I not connect using SQL Server Authentication as DOMAINSDP when I am logged into Windows as kblum? Is there some sort of setting that I need to establish to allow this?