I have 3 servers:
Server1 - Remote Server
Server2 - SQL Server
Server3 - SQL Server
The SQL Service on both SQL Servers run as a domain user, and I have checked the logs and can confirm they are both SPN registered.
On Server2 I can run locally the following without any problems
Select * from Server3.master.sys.servers
On Server3 I can run locally the following without any problems
Select * from Server2.master.sys.servers
On Server1 if I open SSMS and connect to Server3, I can run the following query without any problems
Select * from Server2.master.sys.servers
But if on Server1 I open SSMS and connect to Server2 and run the following query
Select * from Server3.master.sys.servers
I get:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I have checked:
All Servers are allowed to delegate KERBEROS
Domain user that the SQL Service's are running as are allowed to delegate KERBEROS.
The domain user I am logging into is not marked as 'Account is sensitive and cannot be delegated.
The linked Server has security setting 'Be made using the login's current security context'
I have also tried running the Kerberos Configuration Manager on Server1, connected to both Server 2 & 3 with it and it shows everything as being configured correctly.
Related
I am looking to connect my existing PostgreSQL instance on Azure to PG-Admin. Following the advice here, however I get a Unable to connect to server: could not translate host name error. To the best of my knowledge, the host name should be correct. I am taking it from the overview page on Azure, and can confirm it follows the right format of "servername.postgres.database.azure.com". I have also confirmed that that password and usernames are correct, and SSL Mode is set to require (see screenshot, with dummy variables).
In addition, I have tried this on a seperate database in Azure with the same result. No doubt its a mistake I'm making with the hostname/address field in PG-Admin, but I've no idea how to correct.
Prerequisites for connecting PostgreSQL server
Connectivity method: public if we allow for all traffic, private if we restrict traffic via VNet.
Add the IP address where PgAdmin4 is running to the firewall rule.
Step1:
Created a new PostgreSQL server
Step2:
Updated network firewall setting as fallows and saved
Verification from PgAdmin4
Step1:
copy the server's name, user and password from the server setting
Step2:
Open PgAdmin4 portal and click on register server information
On General Tab, enter
- Name: "Any Name"
On Connection Tab:
HostName : "Server Name from the portal"
User Name: "Server admin login name from portal"
Password: "Enter Admin Password"
Database: "Enter DB name else keep same name"
On SSL Tab:
Keep SSL Mode as "Require" and click on SAVE
Upon Save.
NOTE: Make sure firewall should allow and SSL should be Require.
I am trying to add active directory user group to azure sql databases through PowerShell, but unable to do so. I am using SQL administrator login to achieve it. When i execute my code it gives me below error.
Principal 'abc' could not be created. Only connections established with Active Directory accounts can create other Active Directory users.
When I use my active directory account to create users it then gives me below error.
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Cannot open server "domain name" requested by the login. The login failed..
Azure SQL does not support AD integration, Only supports Azure Active Directory and SQL authentication. If there is need for AD integration then choose one of the following option:
SQL Server on VM - Unmanaged SQL server with full access to SQL instance.
Federated authentication with ADFS infrastructure, refer to the documentation https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
I can't seem to connect to Cloud SQL with Workbench. I keep getting this error.
Failed to Connect to MySQL at CLOUD-SQL-IPv4:3306 with user root
Access denied for use 'root'#'WHITE-LISTED-IP-ADDRESS' (using password: YES)
I have white listed my IP.
I have set an IP for the SQL instance.
I have checked the username and Password several times.
Any idea why this is happening?
It seems you have to create a new user in the Google Cloud Console with the host name set to %(any host). You can't seem to connect using the root user.
Is it possible to connect with the #root user but after you finish the setup you have to restart the sql server.
What is important to set up an SSL certificate if you connect to you production database, but if you only try it out you can allow unsecured connection. Another important thing is to add your IP to the Authorised Networks in the Connection tab.
I am trying to link two SQL Servers (2008R2 and 2014) which are running in two separate (!) Active Directory domains.
The problem is that I can login into the remote server only with a Windows Account from the remote domain. So the challenge is to pass on the credentials to the remote server, but here I am stuck.
Local Domain (local network infrastructure): dom8, Server: dom8\sql2008, SQL (!) Login: localuser
Remote Domain (Microsoft Azure): dom14, Server: dom14\sql20148, Windows (!) Login: dom14\import
Server dom8\sql2008 wants to connect to dom14\sql2014 in order to pull some data.
Here is what I have tried on the local server: (logged into dom8\sql2008 as sa) :
-- Create a credential for the remote Windows login:
create credential cred_import WITH IDENTITY= 'dom14\user14',
SECRET = 'password' ;
-- Alter the local SQL login and add the created credential:
alter login local_user with credential = cred_import ;
-- Create the Linked Server entry:
exec sp_addlinkedserver
#server='dom14\sql2014',
#srvproduct='SQL Server'
-- Add the credential to the linked server:
exec sp_addlinkedsrvlogin
#rmtsrvname ='dom14\sql2014',
#useself = 'FALSE',
#locallogin=local_user,
#rmtuser = [cred_import], -- trying to pass on the credential
#rmtpassword = NULL
However, it does not work. Whenever user localuser tries to connect to the remote server through the local server, then it gets an error login failed.
By the way, I can connect to the remote domain by using SQL Server Studio as follows:
runas /netonly /user:dom14\user14 "C:\...\Ssms.exe"
So obviously I can create a credential of the remote side on the local side. Only a remote server link does not work.
You will need a trust between the two domains in order to log into a domain A machine with a domain B password.
Once the trust is in place, you can then go to the domain A machine and grant permissions to the domain B user ID the permissions needed to do what your wanting to do.
However, it looks more like your trying to use local accounts, not domain accounts based on your script. I suspect the way you have the domain referenced, versus the server it's self may be the cause.
Looking at lines:
-- Create a credential for the remote Windows login:
create credential cred_import WITH IDENTITY= 'dom14\user14',
SECRET = 'password' ;
Is DOM14 the name of your domain? Or the name of the server your trying to connect to?
exec sp_addlinkedserver
#server='dom14\sql2014',
#srvproduct='SQL Server'
A server in another domain would be XYZ.DOMAIN.COM where XYZ is the actual server name, and domain.com is the domain that server is in. Also, you will need to make sure the server has access to read the other domains DNS tables.
From server A, you should be able to go to a CMD prompt and ping the other server by name (FQDN may be needed depending on Suffix Search list). Not concerned if the ping fails, as long as the IP address for the server is returned. If you don't get an IP address back, you have a more basic problem of name resolution between domains (you may need a forwarder in Domain A's DNS server pointing Domain B's name to a DNS server in Domain B), and vice versa (A to B, B to A, etc).
Log shipping fails with the below error. Sql agent on secondary server has access to the folder and files in security. It is not a firewall issue. I created the jobs using the LS scripts as it fails through GUI.
I have done it before on a different server where there were several LS databases. This is a new primary and secondary server and not sure what I am missing. Thanks for the help
* Error: Access to the path '\sqlp\R$\MSSQL10_50.MSSQLSERVER\MSSQL\Backup\Database' is denied.(mscorlib) *
----- END OF TRANSACTION LOG COPY
I'd to set the agent account and sql account of primary server as admin on the secondary server and it worked fine