SQL2K WIN2K3 CONNECTION SECURITY
Jul 23, 2005
Microsoft Security Paradigmes are Irritating. I sure they're fine once
you know what they are, but for the uninitiated it's quite
counterintuitive to work with.
I moving an old SQL Server-backend-IIS5/ASP-frontend application to
servers with windows 2003 standard edition. One server will run the
database the other will run IIS 6.0. Note that i haven't set-up a
domain, which i think requires one machine to be domain controller
which would decrease performance and stuff. I've simply put them on the
same group.
I wan't to restrict access the sql server so only the incomming
connection from the webserver is allowed. I can use either named
pipes(which should be the fastest protocol) or tcpwhich should be
slight slower than named pipes) but i seem to have a problem. If I use
named pipes to connect the IUSR(the user under which IIS is running)
must have access-rights to IPC$ share on the sql server. I can't seem
to set any access-right directly for IPC$ share, but i can reactivate
my guest user and then it works, everyone can now access the ipc$ share
so it's not really what i'm looking for.
I can also connect through TCP( and set up some kind of filter only
allowing incomming connections on port 1433 from the ip of the web
server.
But i don't know how to do this. I've taken a look at the IPSec stuff
but it's all about kerberos authentication and other bull which i don't
think i need. What i need is simply a ip traffick filter, which does
nothing else but reject incomming connection from all other ip's than
my webserver.
My question is how do I do this? Do i need to have a addtitíon
"firewall" service running and if so why, how much extra overhead will
this create for the server. Alternately, is it possible to change the
access right for the IPC$ share manually?
Thanks in advance for any input you might have on this?
Regs Jens
View 2 Replies
ADVERTISEMENT
Jan 7, 2008
Hello All and Happy New Year (I believe that is still allowed by the PC police?!)
Has anyone experienced performance problems (i.e. processes taking a lot longer to connect to the database server) after appyling Windows Server 2003 SP2 to a server that was previously running Windows Server 2003 RTM? The version of SQL Server (2000 SP4) has not changed between OS Service Packs.
To set the scene, we upgraded one node of a cluster to Win2K3 SP2 intending to upgrade the other node the following night if no problems were encountered. However, after failing over to the patched node we experienced something akin to a Denial Of Service attack whereby connections were gradually refused until even existing connections were kicked out.
We resolved that issue by disabling the SynAttackProtect Registry key (details http://support.microsoft.com/default.aspx?scid=kb;en-us;899599), but although connections are no longer being refused they are taking a lot longer, e.g. opening a Query Analyzer window now takes several seconds to connect to the database. The actual time taken by the database engine to execute sql queries has not increased, but is perceived by the users as having done so because of the time taken to return results.
I asked our server team to run diagnostics against both nodes and they found no problems and no differences apart from the OS service pack level.
I am about to reopen the case I logged with Microsoft, but thought I'd see if you guys had experienced anything similar.
Thanks and regards
Lempster :confused:
View 1 Replies
View Related
Jul 20, 2005
After applying security patch MS03-031 (Sql server ver 8.00.818) aquery that used to execute in under 2 seconds, now takes over 8Minutes to complete. Any ideas on what the heck might be going on?I have tested this extensively and can say for certain that installingthis hot fix is what has caused the performance problem. I just don'tknow why or how to fix it.Brian Oster
View 3 Replies
View Related
Dec 4, 2014
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
View 1 Replies
View Related
Oct 12, 2007
The company for which I work did not have a DBA until I started a few weeks ago. Whoever installed SQL2K used the wrong CD so they have been running Personal Edition on their servers. I have installed a new SQL2K standard instance and have restored everything except the jobs and DTS packages. Can the msdb from the Personal edition be restored to the standard instance?
View 3 Replies
View Related
Mar 15, 2007
Is it possible to downgrade SQL from Enterprise to Standard Edition, or do you have to remove the previous installation (uninstall) and reinstall. Meaning you would also have to restore all user databases? Thanks.
View 1 Replies
View Related
Mar 7, 2006
Hello, I have a sql 2005 server, and I am a developer, with the database on my own machine. It alwayws works for me but after some minutes the other developer cant work in the application
He got this error
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.1.140]
and When I see the log event after that error, it comes with another error.
SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.140]
He has IIS5 and me too.
I created a user on the domain called ASPSYS with password, then in the IIS on anonymous authentication I put that user with that password, and it works, on both machines.
and in the connection string I have.
<add key="sqlconn" value="Data Source=ESTACION15;Initial Catalog=GescomDefinitiva;Integrated Security=SSPI; Trusted_Connection=true"/>
I go to the profiler, and I see that when he browses a page, the database is accesed with user ASPSYS, but when I browse a page, the database is accesed with user SElevalencia.
Thats strange.
The only way that the other developer can work again on the project is to restart the whole machine. He has windows xp profession, I have windows 2000.
If you want me to send logs please tellme
View 20 Replies
View Related
Sep 19, 2007
I have a win2k3 server that i am going to need to upgrade to servicepack 2. It is running sql server 2000(sem reports version 8.0 - ithink that is sql server 2000). It has profiler and query analyzerrunning as well. Are there any caveats i need to be concerned aboutbefore installing win2k3 sp2 on a server with sql server 2000. Thanks
View 1 Replies
View Related
Nov 1, 2005
Does anyone know where to find a comprehensive step by step build document for clustering SQL2000 on win2k3
View 3 Replies
View Related
Feb 20, 2008
Hey there I am an SQL noob, our bank has no real SQL Admin, we had onw that left but never had a good knowledge transfer. We have 2 SQL servers clustered. IBSQL1 and IBSQL2 they make up cluster IBSQL. We have 2 other servers IBIIS1 ans IBIIS2 and we noticed when installing apps on them that they could not see the database. Yet it can ping IBSQL. The problem is on IBSQL1 and 2 port 1433 is not listening or open. Thus on IBSQL it isn't either of course. I have read of all kinds of people having this issue and most have said you need to manually add a connection string "Provider=sqloledb;Data Source=machineName,1433;Initial Catalog=xx;User ID=xx;Password=xx" Problem is I do not know how to add a connection string.
I need step by step instructions since im new to this. Start/programs/etc..... Apparently it is not enough to open the properties of tcp/ip in the config util and say 1433. You need to reenforce it by adding that string.
As it stands I cannot "telnet ibsql 1433" it tells me to take a hike basically.
So is the connection string the likely cause? or could it be something simpler? Thanks in advance.
View 20 Replies
View Related
Mar 27, 2008
For a SQL/2005 DB Server do I need the /3GB switch or not? I will have IIS running on the server; however, it won't be doing very much as the SQL Database is the main thing:
Windows 2003 R2 Enterprise w/16 GIG RAM 4 CPU (Virtual Machine)
SQL/2005 Enterprise Edition
Hardware: Dell Server 8 CPU w/32 GIG RAM running VM ESX V3
I know I need the /PAE switch to utilize Memory over 4 GB - the question is do I need the /3GB switch along with the /PAE switch?
DeWayne
View 1 Replies
View Related
Jul 23, 2005
Hi all,I have MSDE installed on an HP server as some of the utilities requireda database. I have also subsequently installed SQL 2000 onto thisserver which is a windows 2003 box. I know it complains at the startof the installation but I was under the impression that it would stillwork ok, especially with SP3 applied.I have tried to apply SP3 but it tells me that it is not a SQL2000instance ad setup will exit?Also I have noticed that in the directory structure it has used thedollar sign i.e. mssql$machinename its the same in Enterprise Manager\machinename$InstanceName. Whats that all about? Its not like that onany other server!My plan is to uninstall sql 2k, uninstall HP apps and MSDE andreinstall SQL 2k. Can anyone explain the above though?ThanksGary
View 2 Replies
View Related
Mar 22, 2007
We are planning a SQL Server 2005 install on VMware ESX, as thebackend to a Sharepoint Services 3.0 web front end..Do I gain anything at all by installing SS 2005 on Win2k3 ENTERPRISEas the OS instead of Standard??Thank you, Tom
View 1 Replies
View Related
Aug 30, 2006
I am attempting to install MS SQL 2000 SP2 on a Windows Server 2003 Enterprise SP1 box. The only installer I can find on the disc is in the MSDE directory and when I run it it immediately gives me this error:
"This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package."
I have tried copying the install files to my local hard drive for install, I have checked the version of my Windows Installer (3.1.4000.1840). I have the SP4 updates ready to go once it's installed, but I just cannot get past that point. I know that the same software version has been installed on other Windows 2003 systems, so why would it have a problem on this one machine?
Thanks
View 2 Replies
View Related
May 13, 2008
Hi,
I am currently working on with the ASP encryption of my application. I've tried to test the encryption of the connection string using the capicom.dll in my local, and it works successfully. However, I am not quite sure if this will still work after my OS is upgraded to WIN2K3 (my current OS is WINXP). Will this dll component be impacted after the OS Upgrade? or will there be no impact at all?
Any inputs from you guys would be much appreciated.
Thank you.
View 1 Replies
View Related
Oct 23, 2007
I apologize for a dumb question, but where could I find an example of making a VB 6 (not .NET) connection to a SQL 2005 server using the current user's NT security properties? I don't want our users to use ODBC, nor have to hard code a SQL login. I wish to control access via their presence/absence in an active directory group. I think this means I want the VB to use the current user's NT security context to help with the connection. I will pass the server and the DB, but I do not want to pass the password. I am pretty sure there is a method for this, but I cannot find one. All my examples show a sql login and a password as part of the string.
Thanks for any pointers.
View 3 Replies
View Related
Jun 24, 2005
My DTS package, deployed and run from the file system, works just fine for me, but fails when someone else runs it. The only explicit error from the dtexec command is:
View 11 Replies
View Related
Apr 17, 2002
I have a user who has some ODBC connections that use SQL Authentication (through a generic id)to connect to SQL Server that work fine. What worries me is the user can access the same SQL Server throught NT authentication and connect through QA, EM (registering a server) or ODBC, even though she is not listed in the security of that SQL Server as a SQL user or and NT user. Worse is that she seems to have full rights to the server. I had her log in on another box and the same thing happened. I am on SQL 2000 SP1. Anyone have any ideas to is it time to call MS?
View 2 Replies
View Related
Sep 10, 2006
My company gave me their old Windows 2000 server. I installed mydatabase on it and the ODBC connection works perfectly on the server.When I go to my client machine I go the the ODBC Connections in it andit fails. It refuses connections and will not reply to pings. It is nota network issue, as I can telnet to the server just fine. It's strictlya security issue. I just have no clue where to look. Any suggestionswould be appreciated. Thanks
View 1 Replies
View Related
Oct 17, 2007
I have an app that queries the same SQL Server, instance and database. In one execution of the app, it makes multiple queries against the database in two different runs, each run being approx. 10 seconds apart. The app app does remote logins to the SQL Server using Standard Security. Each run makes twenty (20) connection attempts and all connection attempts between the two runs are using the same SQL account/password€¦(when successful) there is a .5 second delay between each attempt. So, here is a visual description:
Run 1
- connection attempt 1 (.5 sec delay), account1/password
- .
- .
- .
- connection attempt 20, account1/password
(10 second delay)
Run 2
- connection attempt 1 (.5 sec delay) , account1/password
- .
- .
- .
- connection attempt 20, account1/password
The problem I€™m seeing is: All connection attempts in Run 1 are successful in connecting to the SQL Server. All connection attempts in Run 2 are UNSUCCESFFUL when connecting to SQL Server (error message is €œSQL Server cannot be found or Access Denied€?). Remember, ALL connection attempts are using the same SQL account and password.
As an added note: When I switched from using SQL Standard Security to Windows Security, ALL connection attempts in each Run was successful.
Does see anything wrong with this? Is Standard SQL Security limited in the number of simultaneous connections or in some other kind of way?
View 1 Replies
View Related
Apr 9, 2008
I am using windows impersonation in a CLR that is retrieving folder structure. In order to use impersonation I need to pass the windows credential to the SQL server so I am trying to use "integrated security=SSPI" and I also tried "integrated security=true" as well with the same result...I get the error: Login failed for user ''. The user is not associated with a trusted SQL Server connection.
The SQL Server and IIS are located in different un-trusted domain. I am however able to connect to the SQL Server using user id and password. In my web.config file:
<add name="ConnectionName1" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;Integrated Security=true;persist security info=False; Trusted_Connection=Yes;" providerName="System.Data.SqlClient"/> à Doesn’t work
<add name="ConnectionName2" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;uid=user;pwd=password;" providerName="System.Data.SqlClient"/> Ã WorksBased on the error message it looks like there is no user passed to the SQL server.
What am I missing? At this point I am thankful for any input…
View 5 Replies
View Related
Aug 16, 2005
Does anybody know if it is possible to establish a connection to an sql express instance only with integrated security when this express instance is running on XP which is NOT part of a domain?
View 1 Replies
View Related
Apr 27, 2008
Hi,A person from my company's IT department approached me a few days ago saying that they followed some instructions on a recent security vulnerability in IIS whereby they where told to turn impersonation off in IIS. I'm afraid I don't know the exact procedure, but I do know that it took down all of my applications with the following error:"Failed to generate a user instance of SQL Server"I do NOT have impersonation enabled in my web.config, however all of my connection strings look like the following:<add name="myConnectionString" connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|myDatabase.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>From what I've read, this type of connection string, which VWD 2005 generates by default, is not the correct way to go about connecting to a database. Could this be my problem??Thanks!
View 1 Replies
View Related
Jul 23, 2005
Hi , I am trying to connect to MS Sql server 2000 from Java (1.4.2 /1.5 ). I installed my Sql Server(8.00.382) from the one supplied withVS.NET 2001. When I installed it on my laptop it did not ask me for auser name and password. After install when I re-started my machine Isee the server started up with a green light. Now when I connect to theserver from VS.NET it works fine. This is because VS uses windowsintegrated security. I now need to connect using Java , so I downloadedthe microsoft drivers for SQL2000-JDBC sp3 from the microsoft site. Iadded the jar files to my Java project classpath. I manage to registerthe driver in java :Class dbClass = ClassLoader.getSystemClassLoader().loadClass("com.microsoft.jdbc.sqlserver.SQLServerDriver");DriverManager.registerDriver((Driver) dbClass.newInstance() );Connection conn =DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;_integrated security=SSPI");but cannot seem to get a connection as it gives an SQLException sayingthat it is unable to connect:java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Errorestablishing socket.I cant seem to figure it out.Can some one help ??I am a newbie to sqlserver so couldnt quite figure out how to changeadmin password or create a new user with the tools provided with thisversion of sql (SQL Server Desktop Engine).Any help will be appreciated.Ebby
View 3 Replies
View Related
Sep 10, 2007
hello. after deployment my SSIS code to a different server - I get the following error:
"The file name "C:\Documents and Settings\Administrator\Desktop\filename.txt" specified in the connection was not valid.
"
This is a flat file connection - and the file does in fact exist - but the difference is that I'm running the DTS package under a different account.
I would like to set the flat file connection to run under a different account - can I do that? Is that the "Creator" property?
View 1 Replies
View Related
Feb 6, 2007
Hi,
Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server.
2. The first time I run the app eg. www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Thanks very much!
View 1 Replies
View Related
Jun 19, 2015
Any way to find out who's causing "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." error in SQL Server error logs?
View 7 Replies
View Related
Oct 20, 2006
Hi,
I have a piece of Java code that needs to connect to SQL 2000 (SP4) using Windows Authentication. It's running on Windows Server 2003 SP1.
I tried JDBC v1.1 and followed the code from the following blog:
http://blogs.msdn.com/angelsb/default.aspx?p=1
But still get this error as shown below. Any help appreciated.
I am using JDK1.4.2, "sqljdbc_auth.dll" is located under "E:SQL2005JDBCDrvsqljdbc_1.1enuauthx86", also made a copy under "E:JavaTest" and "C:WindowsSystem32" but still won't work.
Cheers
Allan
===========================================================
E:JavaTest>javac -classpath ".;E:JavaTestsqljdbc.jar" TestW2.java
E:JavaTest>java -classpath ".;E:JavaTestsqljdbc.jar" -Djava.library.path=E:S
QL2005JDBCDrvsqljdbc_1.1enuauthx86 TestW2
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user '(null)'.
Reason: Not associated with a trusted SQL Server connection.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError
(Unknown Source)
at com.microsoft.sqlserver.jdbc.IOBuffer.processPackets(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.processLogon(Unknown
Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(Unknown Source
)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(Unknow
n Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.loginWithoutFailover
(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Sour
ce)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at TestW2.main(TestW2.java:7)
===========================================================
The code is simple (TestW2.java):
import java.sql.*;
public class TestW2 {
public static void main(String[] args) {
try {
java.lang.Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection conn = java.sql.DriverManager.getConnection("jdbc:sqlserver://VMW2k3ENT003.TESTCBFPOC.COM.AU;integratedSecurity=true");
System.out.println("Connected!");
conn.close();
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
==============================================================
View 27 Replies
View Related
Jul 23, 2005
I am using Windows 2003 Server English Version. I wanna store the big-5data so I install the sql server 2000 as if i install it in the Windows2000 with Server Collation of the Chinese_Taiwan_Stroke_CL_AS.However, the data are stored into the database server in unicodeinstead of big-5 in that of windows 2000 OS.I would like to ask how i can set so that the Sql Server 2000 can storethe big-5 data
View 6 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Jul 31, 2007
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
View 1 Replies
View Related
Apr 26, 2007
hi i want to know what is the differance between
Persist Security Info=False;Integrated Security=Yes;
View 1 Replies
View Related
Nov 30, 2001
Hi,I am having a problem in moving data from execl to sql2k.
The data looks like 16.70% , 12.5% etc and when I move it it changes to 0.16700000000000001 etc..
any idea what datatype I should use so that it don't changes it's mode...
Thanks in advance
View 1 Replies
View Related
