I'm not sure why I'm unable to scan a particular Azure SQL Database with Azure Purview.
This is puzzling as I'm able to scan other Azure SQL Databases
From the image I have added a new database 'encrichmentdb'.
I can scan all of the existing databases e.g curationdb, originationdb, but I don't have the permission to scan 'encrichmentdb'.
Can someone please let me know what could be causing this, as I clearly have permissions to scan the other Azure SQL Databases
The error that I get when I click on Test connection is as follows:
I have selected 'Allow Azure Services and resources to access the server
I created Microsoft Purview account and registered the source:
I tried to scan the Azure SQL server by giving required credentials I got below error:
I enable below option
I set managed identity name as SQL server admin by clicking set admin
I tried again testing the connection, it successfully tested
Related
App Service dev, staging and prod deployment slots and SQL DB all have system assigned managed identities.
Contributor roles have been assigned to managed identities at the subscription level.
SQL Server Contained users have been created and roles assigned for the App Service dev, staging and production slots:
SQL Server Contained Users
appsettings.json connectionStrings:
connectionStrings
AD DB Admin User created and added to SQLServer as a contained user.
Permissions added to AppService managed identity for dB1 and dB2 to SQL Server AppService Managed Identity Permissions
msi-validator returns success for token based connection from the web app to two different databases on the same sql server instance.
msi-validator success
Local and Azure deployment slot both return: SQLException Login failed for token-identified principal
Walked through https://social.technet.microsoft.com/wiki/contents/articles/53928.azure-ad-managed-identity-connecting-azure-web-app-and-slots-with-azure-sql-db-without-credentials.aspx and many other tutorials.
Still missing something...
Attempts to run the application using the managed identity connection string is consistently failing with the token-provider principal login failure error.
Confirmation of settings:
Confirmation of Settings
Please make sure the Azure Active Directory user is created on the Azure SQL Database. Please make you create the user in the Azure SQL Database following the steps mentioned here.
To create an Azure AD-based contained database user, connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:
CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
CREATE USER [bob#contoso.com] FROM EXTERNAL PROVIDER;
CREATE USER [alice#fabrikam.onmicrosoft.com] FROM EXTERNAL PROVIDER;
Make sure you are connect to the Azure SQL database and not to the master database on the Azure SQL logical server.
As per my understanding you are facing an error stating login fails for token-identified principal when trying to connect your Azure ap service managed identity with your Azure SQL Database.
Could you please try the below in order to mitigate the issue.
Make sure System managed Identity status is showing on your app.
on your app service Verify that your connection string under application settings is set to "Server=tcp:.database.windows.net,1433;Database=;"
Allow Azure services and resources to access this server” should be set as Yes in Firewalls and virtual networks settings in your Azure SQL DB, in case it was not set earlier during Azure SQL setup.
Please do let me know if that help mitigate the issue. If not, we will keep working on the same to get you unblock.
I have a database running on an on-premise SQL Server instance. I've set up a SQL agent to backup the database every night and store in a container in Azure. However, I'm seeing the following error after the job runs:
Message
Executed as user: NT SERVICE\SQLSERVERAGENT. Cannot open backup device 'https://mystorageaccount.blob.core.windows.net/mystoragecontainer/20200102/MYDATABASE_0.bak'. Operating system error 50(The request is not supported.). [SQLSTATE 42000] (Error 3201) BACKUP DATABASE is terminating abnormally. [SQLSTATE 42000] (Error 3013)
The Azure storage account is Storage (general purpose v1).
SQL Server 13.0.5233.0
Microsoft SQL Server Management Studio 14.0.17213.0
Microsoft Analysis Services Client Tools 14.0.1016.232
Microsoft Data Access Components (MDAC) 10.0.14393.0
Microsoft MSXML 3.0 6.0
Microsoft Internet Explorer 9.11.14393.0
Microsoft .NET Framework 4.0.30319.42000
Operating System 6.3.14393
Is there a way of configuring NT SERVICE\SQLSERVERAGENT to connect to the Azure storage container?
All the comments are valid to a certain extent. I finally fixed (term used loosely) backing up my SQL Server database to an Azure storage container using SAS (shared access signature) credentials.
Deleted the existing credential in SQL Server (under Security > Credentials)
In Azure, created an access policy under Storage Account > Container. It's important to define start and expiration dates/times, and time zones along with read, write level.
In Azure, Generate a SAS token for the container. Ensure you set the appropriate start and expiration dates/times along with the timezone. Don't rely on just UTC.
Upload a file to the container to make sure it's all ok.
In SQL Server, create the credentials. The secret should be the SAS token without the preceding ?, so just "sv=...." .
IF NOT EXISTS
(SELECT * FROM sys.credentials
WHERE name = 'https://mystorageaccount.blob.core.windows.net/mycontainer')
CREATE CREDENTIAL [https://mystorageaccount.blob.core.windows.net/mycontainer]
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'sv=_my_sas_key_without_?';
Backup the database. The URL and container must match with the credentials - in this case, https://mystorageaccount.blob.core.windows.net/mycontainer .
BACKUP DATABASE [mydatabase]
TO URL = 'https://mystorageaccount.blob.core.windows.net/mycontainer/mydatabase_03012020120400.bak'
WITH FORMAT,
COMPRESSION,
STATS=5,
BLOCKSIZE=65536,
MAXTRANSFERSIZE=4194304;
GO
This seems like access related issue.To be able to back up to Azure Blob Storage, your backup command must have a valid credential that has access to the blob storage. This can be done in two ways:
Review your credentials, make sure your access key is correct and, if you’re using SAS, make sure that the access policy is defined and you are pointing to the correct container that it has access to. For more information on URL backups as well as script samples, please refer:
https://learn.microsoft.com/en-us/sql/relational-databases/backup-restore/sql-server-backup-to-url?view=sql-server-2017
Shared Access Signature
Identity and Access Key
Additional reference:
https://blog.pythian.com/how-to-fix-sql-backup-to-url-failure-operating-system-error-50/
Hope it helps.
We are trying to evaluate possibility of migrating our in-house SQL DB server to Azure SQL as a PaaS.
Our legacy windows application which is written in VB6 and now running on VB.NET Framework 4.5
Clarifications I need if I migrate only DB server to Azure:
We use both trusted / credential based SQL connection from our desktop application to connect to SQL DB. If we migrate to Azure SQL, will it support trusted connection which should authenticate current organizations NT user?
We have lot of cross DB queries, do we need to face any challenge to use the queries as it is?
Run time we take a DB backup / restore for some business cases. Does this work?
Are there any restrictions on number of admin users on Azure DB?
Probably yes if you sync your local AD with an AAD (See: Use Azure Active Directory Authentication for authentication with SQL Database, Managed Instance, or SQL Data Warehouse)
Azure SQL Database (PaaS) doesn't support cross DB queries by default - you have to setup / use Elastic Query for that.
Yes, you can take a DB backup at runtime and also restore it. There is also a point-in-time restore feature available. See: Learn about automatic SQL Database backups.
I think you can only specify one server administrator (at least within the portal) but I doubt you will reach any limit on db users.
Instead of using the single database SQL Server PaaS service you should also consider using Managed Instance (preview)
You will have to extend your active directory to Azure active directory to keep using trusted connections. You will learn how to do it on this documentation and this one.
On Azure SQL Database you have elastic queries that allow you to run cross database queries. Learn how to create elastic queries here.
You can create bacpacs (export your databases) to Azure Storage or to on-premises location very easy.
You can configure one Server Admin or one Azure Active Directory Admin (it can be a group) for your Azure SQL Server. However, at the database level you can add many database users to the dbmanager role. You can have more information about this topic here.
How to load my SQL database created in MySQL Workbench on Azure cloud?
I created a database which consists of some tables - for now, there is now data in them, it's just a small script created by MySQL Workbench. I also created a database on Azure cloud, created login & password and when I want to use 'automated export' option (I have Storage account, I enter valid login with password) I have error:
'Could not find any bacpac files in the specified storage account.'
I tried google this phrase but I completely do not understand the idea behind these bacpac files and I do not know what to do with it. Can anyone describe me step-by-step how to put my database on Azure cloud?
I want to connect to this DB on Azure in the future because I would like to do a webapplication and android app which will use a remote DB available online.
Azure SQL Database is a custom SQL Server, so if you want to use MySQL you should create a Clear DB (which is a Microsoft partner that offers MySQL on azure). Other option, you can create a Virtual Machine and install by yourself a MySQL.
After that, you can import your tables / records.
I have a database I've created on my local machine that I can't seem to correctly deploy to SQL Azure. I'm deploying two databases, including the one that provides user membership.
Every time I attempt this, when I try to login and access to the database is attempted, I receive a The system cannot find the file specified error:
I've tried deploying the database every way I could from Microsoft SQL Management Studio - by right clicking my databases and "Deploy Database to SQL Azure", by generating drop and create data only SQL scripts and running these against an existing target database, by creating a bacpac and importing this and all of these have the same result.
I've double checked connection strings in my .NET MVC applications web.config and these are all correct.
Interestingly, if I run my website locally with connection strings that pointed to my updated Azure SQL db, everything works fine - but on my Azure Website I always get the same results.
Your issue actually looks like a connection string issue but if anyone else ends up here thanks to Google you can resolve orphaned users on Azure SQL Db using:
ALTER USER <user_name> WITH Login = <login_name>;
I am not a AZURE expert, but when moving DB's from one server to another sometimes user's get orphaned making the DB not accessible.
Can you run this command on the AZURE DB via SQL MANAGEMENT STUDIO?
exec sp_change_users_login 'Report'
It will tell you what username and UserSSID may be orphaned. If indeed there is a returned record run
EXEC sp_change_users_login 'Auto_Fix', '[[UserName_goes_here]]'