I have installed a SQL Express 2008 Server on my Desktop for some local work. This has mixed authentication. I have enabled TCP/IP connection so that one colleague can connect to this server. However, this exposes the server to everyone in the network. How do i keep track of which PC in the network connected to this server and when ? This would just help me audit the usage of the server.
Well you can get information about current users, sessions, and processes in an instance by using
sp_who;
MSDN Documentation
Related
I have a client that has some data that I need to process. This data is in a closed server that can only be accessed by a Windows Server 2008 server instance, via a specific port on the closed server.
My idea is to create a tunnel that forwards whatever comes from that port to me, although I have no idea of the feasibility of my plan.
Windows Server 2008 instance connects to closed server via socket.
Windows Server 2008 exposes a port that forwards the received data.
I connect to this newly exposed port.
Constraints: I cannot install anything on the Windows Server 2008 instance, so I am left with configuration tweaks and PowerShell scripts.
Is it possible to do this?
I have a lot of experience with Linux servers but none with Windows, I am researching ways to do this, but maybe someone can light the path on what I should look into.
How can I connect my SSMS client to a remote SQL Server 2008 R2 instance using SQL browser AND with Windows firewall enabled?
I find that that with the firewall turned off, I can connect fine (without specifying the instance name). Now when I turn the firewall (domain profile) back on, my connection attempts time out. So, to begin my troubleshooting, I created an 'AnyAny' firewall rule however it still failed with a timeout error.
Naturally I can connect fine either way (firewall turned on/off) when I specify the instance name and port. SQL browser is running and listening on UDP 1433. SQL Server is running Windows 2008 R2.
What is getting blocked? And why won't a custom 'AnyAny' rule bypass it?
The information on this SQLCAT blog might be helpful to you. By default, the SQL Browser service runs on UDP port 1434. If you have a firewall configured on your SQL server, you should open up port 1434 for inbound connections from SSMS.
If you need help setting remote connections to your SQL Server, this guide is spot on.
I have an application that can connect to the Principal, but can't connect to the Mirror during a failover.
(Note to moderator: please let me know if this question is more appropriate for serverfault. I posted it here because I found more questions similar to this issue than on serverfault.)
This is the error I receive when my application attempts to connect to the Mirror after a failover:
Named Pipes Provider: Could not open a connection to SQL Server [53].
Cannot open database "MY_DB_NAME" requested by the login. The login failed.
I am familiar with the fact that when initially connected to the Principal, the name of the Mirror server is cached to be used during the failover and that the failover partner I specify in my connection string is only used if the initial connection to the Principal fails.
This clearly describes the problem I'm having:
http://blogs.msdn.com/b/spike/archive/2010/12/15/running-a-database-mirror-setup-with-the-sqlbrowser-service-off-may-produce-unexpected-results.aspx
...but the SQL Browser Service is running and I can't figure out why the name won't resolve when connecting to the mirror.
I'm assuming there is a service that must be running to enable NetBIOS name resolution that is not running, because this is what I see in WireShark consistently without a response from the Mirror:
Source Destination Protocol Length Info
10.200.3.111 10.200.5.255 NBNS 92 Name query NB SQL-02-SVR-<00>
Question 1: What could be causing the problem? ;-)
Question 2: I really don't want to enable NetBIOS (for security reasons) and I'm using IP addresses (no FQDNs) in the mirror configuration and in the connection string. Given the caching behavior of the mirror partner when connecting to the Principal, is there a way to force TCP/IP to be used so the value that is cached is the IP address and not the name? Do I need to run the SQL Server Browser/Computer Browser services?
The configuration:
App Is Delphi XE2 using SDAC 6.5.9 (I don't think this is relevant to the component I'm using because it works in other installations with mirroring and has no issues)
SQL Server 2012 Enterprise installed as a default instance on Principal, Mirror and Witness in a non-domain configuration using certificate authentication.
Windows Server 2008 R2 SP1 64-bit on all machines
Firewalls disabled on Principal, Mirror and Client (where app is running)
TCP/IP and Named Pipes enabled on Principal and Mirror
SQL Server Browser service running on Mirror
Computer Browser service running on Mirror
Mirroring is configured for automatic failover with a witness and works properly (I can fail back and forth between mirror and principal without issue)
SQL Native Client 2012 installed on Client machine
Same app login (with same SID and user rights) exists on both Principal and Mirror
Correct server, failover partner, database name, user name and password verified in my app log
In connection string, principal server is 'tcp:10.200.3.15,1433' and failover partner is 'tcp:10.200.3.16,1433' using the SQL Native client
I can ping both servers from the Client machine
NetBIOS over TCP/IP has been enabled in the adapter under the WINS tab (on the Mirror and Client machines)
I've been able to get the application working with mirroring on several other installations, but this one is baffling me.
I found the problem, which was that the customer had the Principal and Mirror in one VLAN and the Client(s) in another. Although the IP addressing scheme was the same, the policy for communication between the VLANs prevented broadcast messages, which is why the NetBIOS query was failing on the client. A WINS or DNS server will be implemented to resolve this issue.
However, I am still interested in an answer to my Question #2, above.
I have an instance of SQL Server 2008 and SSRS 2008 running on a desktop PC for to be used for development. This PC is registered under my user id and I can remote desktop into it and connect to SSRS just fine from my laptop (also registered under my user id). Also, I can access the website from my laptop when I am NOT logged into the PC (i.e. after a reboot and before logging in).
When another team member tries to connect to SSRS via the web (SSRS is running on port 8080) he cannot connect. I have tried different options like adding his as a user on the PC and granting permissions for him on the Home folder in Report Manager. Nothing seems to work. He CAN connect to the PC over remote desktop so I know that the connectivity is there and since I can access port 8080 from my laptop he should be able to access port 8080 as well.
Anyone have any thoughts on how to grant access to this team member? I am open to all ideas that do not involve writing custom code (which i really should not have to do to fix this issue). This used to work with SSRS 2005 but I know that it used IIS then and now it uses http.sys directly.
Thanks!
Your colleague needs permissions at the file system level to the SSRS folders:
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportManager
and
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer
in addition to access granted to the website in IIS.
Are these computers in a domain?
What operating system?
Without more information about your network it seems difficult to diagnose this issue. He cannot connect to port 8080 at all, as though the port was blocked? Or is SSRS replying with an error page?
If he can't connect to port 8080 at all it is almost certainly a packet filtering or firewall issue. What happens if you use a telnet application to send an HTTP GET request from his computer to the server on port 8080?
If there are error messages describing them would be quite helpful in finding a resolution.
Recently we got a new server at the office purely for testing purposes. It is set up so that we can access it from any computer.
However today our ip got blocked from one of our other sites saying that our ip has been suspected of having a virus that sends spam emails. we learned this from the cbl http://cbl.abuseat.org/
So of course we turned the server off to stop this. The problem is the server must be on to continue developing our application and to access the database that is installed on it. Our normal admin is on vacation and is unreachable, and the rest of us are idiots(me included) in this area.
We believe that the best solution is to remove it from connecting to the internet but still access it on the lan. If that is a valid solution how would this be done or is there a better way? say blocking specified ports or whatever.
I assume that this server is behind a router? You should be able to block WAN connections to the server on the router and still leave it open to accepting LAN connection. Or you could restrict the IPs that can connect to the server to the development machines on the network.