I have virtual server in a LAN that has Active Directory and some of the users are members of this domain. I have installed SQL Server 2008 R2 on this server. Then in the "Security > Logins", I created a new user that is AD user. But when that user wants to log in to SQL Sserver, an error occurs. What should I do?
Related
I am trying to add active directory user group to azure sql databases through PowerShell, but unable to do so. I am using SQL administrator login to achieve it. When i execute my code it gives me below error.
Principal 'abc' could not be created. Only connections established with Active Directory accounts can create other Active Directory users.
When I use my active directory account to create users it then gives me below error.
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Cannot open server "domain name" requested by the login. The login failed..
Azure SQL does not support AD integration, Only supports Azure Active Directory and SQL authentication. If there is need for AD integration then choose one of the following option:
SQL Server on VM - Unmanaged SQL server with full access to SQL instance.
Federated authentication with ADFS infrastructure, refer to the documentation https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
I have 3 servers:
Server1 - Remote Server
Server2 - SQL Server
Server3 - SQL Server
The SQL Service on both SQL Servers run as a domain user, and I have checked the logs and can confirm they are both SPN registered.
On Server2 I can run locally the following without any problems
Select * from Server3.master.sys.servers
On Server3 I can run locally the following without any problems
Select * from Server2.master.sys.servers
On Server1 if I open SSMS and connect to Server3, I can run the following query without any problems
Select * from Server2.master.sys.servers
But if on Server1 I open SSMS and connect to Server2 and run the following query
Select * from Server3.master.sys.servers
I get:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I have checked:
All Servers are allowed to delegate KERBEROS
Domain user that the SQL Service's are running as are allowed to delegate KERBEROS.
The domain user I am logging into is not marked as 'Account is sensitive and cannot be delegated.
The linked Server has security setting 'Be made using the login's current security context'
I have also tried running the Kerberos Configuration Manager on Server1, connected to both Server 2 & 3 with it and it shows everything as being configured correctly.
I am trying to link two SQL Servers (2008R2 and 2014) which are running in two separate (!) Active Directory domains.
The problem is that I can login into the remote server only with a Windows Account from the remote domain. So the challenge is to pass on the credentials to the remote server, but here I am stuck.
Local Domain (local network infrastructure): dom8, Server: dom8\sql2008, SQL (!) Login: localuser
Remote Domain (Microsoft Azure): dom14, Server: dom14\sql20148, Windows (!) Login: dom14\import
Server dom8\sql2008 wants to connect to dom14\sql2014 in order to pull some data.
Here is what I have tried on the local server: (logged into dom8\sql2008 as sa) :
-- Create a credential for the remote Windows login:
create credential cred_import WITH IDENTITY= 'dom14\user14',
SECRET = 'password' ;
-- Alter the local SQL login and add the created credential:
alter login local_user with credential = cred_import ;
-- Create the Linked Server entry:
exec sp_addlinkedserver
#server='dom14\sql2014',
#srvproduct='SQL Server'
-- Add the credential to the linked server:
exec sp_addlinkedsrvlogin
#rmtsrvname ='dom14\sql2014',
#useself = 'FALSE',
#locallogin=local_user,
#rmtuser = [cred_import], -- trying to pass on the credential
#rmtpassword = NULL
However, it does not work. Whenever user localuser tries to connect to the remote server through the local server, then it gets an error login failed.
By the way, I can connect to the remote domain by using SQL Server Studio as follows:
runas /netonly /user:dom14\user14 "C:\...\Ssms.exe"
So obviously I can create a credential of the remote side on the local side. Only a remote server link does not work.
You will need a trust between the two domains in order to log into a domain A machine with a domain B password.
Once the trust is in place, you can then go to the domain A machine and grant permissions to the domain B user ID the permissions needed to do what your wanting to do.
However, it looks more like your trying to use local accounts, not domain accounts based on your script. I suspect the way you have the domain referenced, versus the server it's self may be the cause.
Looking at lines:
-- Create a credential for the remote Windows login:
create credential cred_import WITH IDENTITY= 'dom14\user14',
SECRET = 'password' ;
Is DOM14 the name of your domain? Or the name of the server your trying to connect to?
exec sp_addlinkedserver
#server='dom14\sql2014',
#srvproduct='SQL Server'
A server in another domain would be XYZ.DOMAIN.COM where XYZ is the actual server name, and domain.com is the domain that server is in. Also, you will need to make sure the server has access to read the other domains DNS tables.
From server A, you should be able to go to a CMD prompt and ping the other server by name (FQDN may be needed depending on Suffix Search list). Not concerned if the ping fails, as long as the IP address for the server is returned. If you don't get an IP address back, you have a more basic problem of name resolution between domains (you may need a forwarder in Domain A's DNS server pointing Domain B's name to a DNS server in Domain B), and vice versa (A to B, B to A, etc).
I have been using this connection string with no problem on a number of databases and MS operating systems. Windows Server 2003, 2008 R2 and 2012 R2 Eval, all Express versions.
I am now trying to deploy to a new Windows Server 2012 R2 installation and I am getting some errors. I have the SQL Server 2008 R2 installation on the Windows Server 2012 R2 machine.
My con string:
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\myDB.mdf;Integrated Security=True;User Instance=False" ProviderName="System.Data.SqlClient"
I think this must have something to do with the installation sequence of the components on the new server.
I have in the past been able to simply copy myDB.mdf to basically any web server and open or access the DB tables. This DB includes an ASP membership for the web site that it is tied to.
Here is the error:
CREATE DATABASE permission denied in database 'master'. An attempt to
attach an auto-named database for file
C:\inetpub\techTran\App_Data\myDB.mdf failed. A database with
the same name exists, or specified file cannot be opened, or it is
located on UNC share.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: CREATE
DATABASE permission denied in database 'master'.
I thought I understood what this error was. I have checked permissions and they match the other servers where this database has been deployed. My SQL Server installations are basically all the same. The only difference here is that this is Windows Server 2012 R2 on a VM. Or I did not install the SQL Server 2008 R2 the same way I have done in the past 5 servers I have set up. (Which I am guessing is probably the case.)
UPDATE: Uninstalled and reinstalled SQL Server and SSMS.
I know there is only one database name on the server called myDB.mdf, so I don't believe the "same name" portion of error. I have added security to the db so that it can be opened and I even installed Visual Studio 2012 on the server to be certain that the db could be opened. I can run the full app on the localhost (server 2012) but I can not access it over a web connection.
I believe the specific error message relating to
CREATE DATABASE permission denied in database 'master'
is the issue.
I have never seen this error before.
I typically assign NETWORK SERVICE account to the database to allow access and this is how this one is set up as well. I also thought this might be a connection string issue. But this same string has worked on 4 different servers now with no changes. Server 2003, 2008 R2, and 2012 (demo platform)(all Express versions), now in production this is failing.
The home page loads and then the login throws the above error.
Your connection string says AttachDbFilename=|DataDirectory|\myDB.mdf. Well, your path must have changed in one place (SQL Server) and not the other (app configuration). AttachDbFilename will try to create a new DB if it can't find that file. That's probably your error.
As an aside, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 all have differences, especially with security and in particular with how SQL Server behaves, but you keep using them interchangeably. That makes it very confusing to tell what's going on. Also, your connection string says Data Source=.\SQLEXPRESS. Is this SQL Server Express? Because that has important differences with most other editions of SQL Server, too. More recent editions are very similar to Standard edition, but the older the edition, the more quirks it has. They're generally considered different beasts.
SOLVED: I am not sure how this happened or perhaps why it didn't happen. But for some reason the installation of SQL did not add the NETWORK SERVICE account to the sysadmin Server Role. I cross referenced this with the SERVER 2003 installation where SQL 2008 R2 is also running, and discovered that the sysadmin SQL Server Role included NETWORK SERVICE in my correctly functioning environment. So once I added the user account to this role, everything came up fine.
I believe this might have been an issue during the installation of SQL 2008 R2. I did specify NETWORK SERVICE, but for some reason it was not provided the role.
I'm working on a legacy software and sundenly it became a requirement to run interbase server (Interbase 2007) logged with a restricted user.
We tried this here (not me) but no client is able to connect to the server, including IBConsole, like no Interbase server were instaled. Even whether both running in the same computer.
Is it possible to run Interbase 2007 server with a windows user with restricted access?
The client can connect as a restricted user, but the server is a Windows service, and you need to be the Administrator to install that. You should configure InterBase to start automatically.