I took over an ADFS environment when the former ADFS engineer suddenly quit. Before he went he migrated the ADFS from using WID to using a SQL database on a separate SQL database server instead.
But, I can see that the WID service(Windows internal database) still remains on the ADFS servers and that it is still in a "running" state.
Shouldn't these WID components be removed when the migration to a SQL database has been completed?
Shouldn't it be very bad to keep these WID services in place and in a running state, while the ADFS is configured to use the SQL database.?
I thought the last step of a migration to a SQL database included the step to remove the WID(Windows Internal Database) services?
Or do ADFS need to still have the WID service in place to be able to connect towards the SQL database(located on a separate SQL server)?
You need to uninstall the WID DB sources after the migration make sure the event logs has the event:100 after the service or the server restart.
confirm the configuration db connections
Get-WmiObject -namespace root/ADFS -class SecurityTokenService
confirm the current data source- it should be your sql data instance with the db name.
Also confirm your Artifact DB configuration
Get-ADFSproperties | fl artifactdbconnection
It should have similar db source.
Uninstall the WID DB sources once the above steps are confirmed.
https://crmguyblog.wordpress.com/2016/12/16/how-to-delete-adfs-windows-internal-database-without-access-credentials/
Related
Requirement: I wanted to copy data from a specific table/view residing on a on-premise SQL Server to Azure SQL DB.
Infrastructure: As depicted in below picture. Essentially, the Azure network is directly connected with corporate network over Express Route. Thus it's a pure private network connection; as good as the corporate network itself.
Issue/Question: I know there are multiple approaches present to get this operation done and I am not restricted to use ADF copy Data tool only. BUT, for all of these I see some cavets or extra steps needed to be done as below:
ADF Copy Data Tool: Needs a SH-IR and a small MSI package needs to be installed on on-premise machine which hosts the SQL server for registration purpose.
Logic Apps: Needs a Virtual Gateway (OR) ASE
App Service: If the operation is wrapped in a C# application and I choose to deploy to a Azure Web Apps. Then in-order to connect to on-premise SQL Server we need to setup hybrid connection manager and as in #1 we need to install something in on-premise machine.
For my case, none of these extra steps can be done. essentially, the on-premise SQL Server comes under a different BU and thus I don't have any permission there; except they have given grant to a table/view. Thus, none of these extra shitty steps can be done.
Moreover, as mentioned above; since it's connected over express route as direct connection, As can be seen in above picture, both the on-premise and azure SQL are essentially inside the same corporate network. THUS, I should be able to access them directly without configuring any of these extra steps as mentioned above.
Please confirm on these and provide a suggestion.
Thank You.
You can still go with the ADF scenario without a SHIR by creating ADF in a Managed VNET using Private Endpoint. As you already have an ER circuit and have the flexibility to configure the Azure side, can you do this with Azure IR: Access on-premises SQL Server from Data Factory Managed VNet using Private Endpoint - Azure Data Factory | Microsoft Docs
There are 2 solutions which could work for your scenario but even for them to work ,you would need access to on prem SQL server machine access to some extent atleast for one time config and Azure SQL db should be accessible via SSMS installed on on-prem machine.
Using linked server
You can create a linked server ( process explained here https://www.sqlshack.com/create-linked-server-azure-sql-database/ ) on on-prem server and create a agent server job to insert data to azure SQL db table.
Via Python Script
This would need Python installation on on-prem machine. Once installed you can write script to transfer data between on-prem SQL server and Azure SQL db. You can schedule this script again by using an agent server job.
I've setup a Service Broker on one of databases to automatically pick up stored procedures in a specific schema (Build) and run them on a daily basis. So far everything has been running fine, however we've now got a need where we need to access a remote sql server which is running SQL Server 2017 and has the latest Machine Learning Service installed.
I've given the service account that runs the primary SQL Server (SQL 2016) access on the remote server, and ensured the Service Broker is executing under the service account, rather than the local SQL account (sa).
Whenever we try to access the remote server, we are getting the following error:
Linked servers cannot be used under impersonation without a mapping
for the impersonated login.
I've tried adding an EXECUTE AS to the process, however this doesn't seem to make a difference. I've also ensured it is running under the service account, and it is.
I can get it to work using a mapped login on the linked server, however this isn't ideal, as we don't want to run the sql server in mixed authentication as this has been determined as an IT risk.
I've run out of ideas or what I can do here, and can't find any other help pieces with this same problem. I did want to roll this process out to more of our warehouse builds, however this is a deal breaker at this stage.
help?
We are trying to evaluate possibility of migrating our in-house SQL DB server to Azure SQL as a PaaS.
Our legacy windows application which is written in VB6 and now running on VB.NET Framework 4.5
Clarifications I need if I migrate only DB server to Azure:
We use both trusted / credential based SQL connection from our desktop application to connect to SQL DB. If we migrate to Azure SQL, will it support trusted connection which should authenticate current organizations NT user?
We have lot of cross DB queries, do we need to face any challenge to use the queries as it is?
Run time we take a DB backup / restore for some business cases. Does this work?
Are there any restrictions on number of admin users on Azure DB?
Probably yes if you sync your local AD with an AAD (See: Use Azure Active Directory Authentication for authentication with SQL Database, Managed Instance, or SQL Data Warehouse)
Azure SQL Database (PaaS) doesn't support cross DB queries by default - you have to setup / use Elastic Query for that.
Yes, you can take a DB backup at runtime and also restore it. There is also a point-in-time restore feature available. See: Learn about automatic SQL Database backups.
I think you can only specify one server administrator (at least within the portal) but I doubt you will reach any limit on db users.
Instead of using the single database SQL Server PaaS service you should also consider using Managed Instance (preview)
You will have to extend your active directory to Azure active directory to keep using trusted connections. You will learn how to do it on this documentation and this one.
On Azure SQL Database you have elastic queries that allow you to run cross database queries. Learn how to create elastic queries here.
You can create bacpacs (export your databases) to Azure Storage or to on-premises location very easy.
You can configure one Server Admin or one Azure Active Directory Admin (it can be a group) for your Azure SQL Server. However, at the database level you can add many database users to the dbmanager role. You can have more information about this topic here.
I have a database I've created on my local machine that I can't seem to correctly deploy to SQL Azure. I'm deploying two databases, including the one that provides user membership.
Every time I attempt this, when I try to login and access to the database is attempted, I receive a The system cannot find the file specified error:
I've tried deploying the database every way I could from Microsoft SQL Management Studio - by right clicking my databases and "Deploy Database to SQL Azure", by generating drop and create data only SQL scripts and running these against an existing target database, by creating a bacpac and importing this and all of these have the same result.
I've double checked connection strings in my .NET MVC applications web.config and these are all correct.
Interestingly, if I run my website locally with connection strings that pointed to my updated Azure SQL db, everything works fine - but on my Azure Website I always get the same results.
Your issue actually looks like a connection string issue but if anyone else ends up here thanks to Google you can resolve orphaned users on Azure SQL Db using:
ALTER USER <user_name> WITH Login = <login_name>;
I am not a AZURE expert, but when moving DB's from one server to another sometimes user's get orphaned making the DB not accessible.
Can you run this command on the AZURE DB via SQL MANAGEMENT STUDIO?
exec sp_change_users_login 'Report'
It will tell you what username and UserSSID may be orphaned. If indeed there is a returned record run
EXEC sp_change_users_login 'Auto_Fix', '[[UserName_goes_here]]'
I have a powercenter 9.1 installation on windows server 2008 R2.
The repository is on the same box, hosted on sql server 2012. I have configured a new user (with sql server authentication) and have the repo db owned by that user. (it has the owner role)
The core problem : I am not able to run a simple test workflow on this setup.
Here's what I have been trying
The windows firewall has been taken down now for about an hour or so.
The repository service and integration service are running in trace/debug mode respectively.
The integration service log complains that it cant find a certain session for a certain workflow in certain folder (with ids for all of them).
When I log into sql server mgmt console, and try to query the repository tables for those exact items (since i have the ids from logs), all the data is present...
I fail to understand what is that I am messing up...
Disclaimer - my knowledge of sql server is really low.. may be 1 or 2 on scale of 10, since I have been living on the other side of fence (with oracle) for all of my career...
Did you try keeping the sql server login/user name and the associated default schema name as same?