I have strange problem.
I wrote app which connects to SQL database and fetch data from it. 2 days ago at one of my computers (when I login on user account) it stoped to fetch data but it is connecting to server. When I login on same computer on admin account it is working normally. I tried to block the Windows Defender on the user account but nothin changes. Any ideas what could be wrongly changed on that account?
So finally what I did is I deleted the user and setup it again.
After it it was working normally.
Related
I've an Access application located on a server with backend tables.
The application recorded the users sessions; login if they started the app & logout if they closed it.
Sometimes the user lost the connectivity with the server and the application been restarted, the user remains login on the previous session because recording logout from a normal exit not occurred.
Is there a way to check on the backend file if a user is disconnected to record him as "signed out"?
I think your referring to the *.laccdb file that access creates when someone is logged in to the BackEnd table.
Usually if it does list the same PC twice, once all PCs eventually logs out of the BE the *.laccdb should disappear if not, you can delete this file manually however, if the user looses connection ie the VPN goes down and doesnt log back in, then the BE will show that the PC is connected, in this case usually you can delete the *.laccdb.
If at any time you can not delete *.laccdb file Ask the user with the listed PC to log out. Worst Case if a user is not logged in but the *.laccdb exists the listed PC needs to reconnect and disconnect cleanly.
If the FE needs to check for connection to the BE it can be done but will not solve your issue, if the users PC crashed or VPN goes down whilst in the application then there very little that can be done because its too late, the damage is already done.
I have a simple VB.net console application that displays the current user, waits for key input, and then exits. It uses the following call to display the information:
System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString()
If I create a remote app hosting this application, and create an azure user that has rights to run the remote app such as;
thisisa#test.onmicrosoft.com
When this user connects to the remote app the output of the line of code above would look something like;
YLSDAAYU0007\thisisa_000
Is there anyway of reading the user running the remoteapp at the time? in this case, I am looking to obtain thisisa#test.onmicrosoft.com ?
Catalin from the RemoteApp team here. You have stumbled across one of our implementation details here :)
Windows does not allow automatic login with Azure Active Directory (AAD) users: they only allow users that have Microsoft Accounts or domain accounts in case the collection is domain joined. We are working around this limitation by creating a local user on the VM and logging in with that user instead of the AAD user.
If you have any more questions about this, feel free to contact me: catalda @ microsoft com
I'm just in the process of trying to properly configure asp.net 4.5 on our IIS servers.
I have been able to navigate and launch an ASPX page that contains no data conenctions sucessfully so I know that the application pool authentication to the local directories is working as it should.
Now though I have a seperate SQL server that is connected to the domain and have a connection string stored in the code that connects the ASPX page to the server using a trusted connection. When running in visual studio debug mode, the connection works fine - but at that point I assume it is using my login credentials.
My question is, when a user calls the aspx page via the browser when hosted on the new IIS7 server, which account is used to call the SQL server when using a trusted connection? - Is it the end users or is it a local account from the IIS server?
When I call a page with data connections embedded I get the error: Login failed for user ADMIN\PCNAME$ ... which is an indication that this is the account that it is using. However this account doesn't exist on the domain that I'm aware of. - Or does it ?!
Thanks in advance,
It will use the account that ASP.NET is running under, as you've worked out. What you usually should do is create a Domain Account (with the right privileges) and run your ASP.NET AppPool under that account. Then a Trusted Connection will use that account for connecting to the database, and as long as you've given it access (which as a Domain Account you can do) it should all work.
Added:
After some back and forth on comments, lets go back to the start: set the new AppPool to run with the domain users account, and recycle the AppPoolo. What is it that says the password is wrong? If it's IIS trying to start the AppPool, then it is extremeny likely that the Password you gave the AppPool IS wrong, or else that the password is set to change on first logon.
If its not IIS, but opening a Database connection, are you sure that the database allows this Domain Account access to the database and the tables within it it will need? What roles have you assigned to this account? Also, what SQL statement is it trying to execute (if it's got far enough to try and execute a statement at all)?
I suggest you put any response in you original question - comments get to be a drag if there are too many of them.
i created a software in vb.net 2005. i create a database in sql server 2005. i connect it with window authentication. everything works fine.
but problem started when i replace my database with old database copyed from different computer.
i attach screnshot of both database with attached users.
old database
and new database is
when i try to connect my software with old database with window authentication, it is not connected.
can anyone please tell me what the problem is and how to solve this?
When you restore a Microsoft SQL Server database on a different machine, the user could be no more the same on the previous machine. Even if you see the same username listed.
This user is called an 'orphaned user'.
Meaning that there is no login id or password associated with the user since the original SID identifying the user is no more valid on the new machine.
You could check if you have this situation with
EXEC sp_change_users_login 'Report'
and, you could fix with
EXEC sp_change_users_login 'Auto_Fix', 'Gauntam-PC\Gautam'
I am trying to figure out what is going on. Here is our setup:
We have four SQL servers that are in replication with each other.
We add a new user to Windows Active Directory and add them to a group that is in SQL Server that we have been using for ages.
The new user, when trying to authenticate using Windows authenication returns that error in the subject line. But, any users that were previously in Active directory work fine.
At one point I had gotten SQL Server "caught up" becauuse we had a group of users that could not log in because of this error. I did some changes to the SPNs and ended up making it so no one could log in. Then I realized how the SPNs were supposed to look and fixed it. Then I guess some magic happened and those users were able to authenticate. I thought it was fixed, but it is obviously not as we had to add one new user and they cannot authenticate.
What is interesting is that the user can authenticate with three out of the four SQL Servers. It is only this one server that is working incorrectly. I set up two SPNs for the SQl Service on this sql server.
They look like -
MSSQLSvc/[servername].[domain].local:1433
MSSQLSvc/[servername]:1433
These are actually registered to the Service account that we use for the SQL Servers. What is interesting is that I can't find the SPNs for the servers that are working anywhere.
Any help would be appreciated!
Edit: Also, another point to note is that if I try to add the user directly as a login into SQL server. I right click Logins and click Add Login then click search. I then type in [Domain]\[Username] and click check names. It validates the name as being correct. Then I click OK. And then OK again, and it gives the Error Windows NT user or group '[Domain]\[Username]' not found. Check the name Again.
I thought it was fixed, but it is obviously not as we had to add one
new user and they cannot authenticate.
The user has to relogin in order to pick up the new group. Otherwise, it's kerberos ticket is still using the old group membership information in its PAC
These are actually registered to the Service account that we use for
the SQL Servers. What is interesting is that I can't find the SPNs for
the servers that are working anywhere.
I think what happen is that you have one SQL Server with SPN setup properly while the other three SQL Servers with no SPN setup at all. So, you are going to use Kerberos on this particular server while NTLM on the other three.
As mentioned before, when you are using Kerberos, you have to either purge the ticket using some tools or you have to relogin in order to pick up the new group membership. You can also try to lock the screen and then unlock it. If I remember correctly, this should also refresh the ticket.
Unlike Kerberos, NTLM doesn't carry the group memberhsip data. After SQL Server authenticated the user using NTLM, it will find the authenticated user's group membership, including the new group you just added.