I am using Uniobject.Net for connection to unidata account. Connection is successful but while using the transaction processing it fails during transaction commit. It says "No Transaction is in progress" in the client side message. We used user with root permission as well but still the get the same issue. If we use telnet connection it works well.
Can anyone help me with this issue? Is there a log created for uniobject.Net call in unidata?
Are you calling a Unidata Basic program on the UD server that includes the instructions begin/commit/end transaction or are you using the uniObjects session transaction class?
If it's in the called basic program, then TP should work the same in .net call or telnet. If calling using the uo.net transaction class, it may well not match the telnet result as the transaction is happening at the .net session level (which can't happen in the telnet session). Check the isActive() class method to see if you do really have an active transaction.
Logging for uniObjects.net is set up in the app.config or web.config file. See the "Administrative Server Settings and Logging for U2 Clients" document for details on how to.
Related
Any ideas wellcome:
HANA 2.0.44 with encryped connection from windows clients using ODBC driver 2.5.105 (with trust to the server): We observer sporadic errors using a DSN-based connection:
[SAP AG][LIBODBCHDB DLL][HDBODBC] Communication link failure;-10709 Connection failed (RTE:[1000013] The system cannot find the file specified. (server:port))
In some situations the errors are correlated to privileges of the user. In some situations the error an be removed by testing the connection within ODBC-Manager. Sometime it looks like there is a correlation to the reuse of the same connection - sometimes this works withour problems. The error can be reproduced within DSN-less (driver-based) connections.
Any ideas how to find a solution?
As the error message is not clear about whether the issue occurs on the client- or the server-side of the communication the investigation should look at both ends.
For the server-side the nameserver and indexserver trace files are the ones to check.
For the client-side I think the best option here is to use the ODBC trace option of the HANA ODBC driver.
The tool to use here is called hdbodbc_cons (located in the folder of the HANA client) and the linked documentation explains the different options in detail.
I have Report Builder 3.0 installed on my local PC. I am creating a new report and adding an embedded data source to a SQL Server Analysis Services database.
When I build the connection string of the data source, choosing the server name and the database name, I click 'Test Connection' and receive a message saying "Test connection succeeded". So far, so good.
I close the connection properties with the OK button, and on the Data Source Properties window I click the 'Test Connection' button. This time I get an error saying "The connection either timed out or was lost".
If I ignore the error then I can successfully add a dataset to my report and add data from the dataset in to the report design, but when I try to run the report (on my local PC) I again get an error connecting to the data source.
My best guess is that the connection that succeeded is running under my credentials, whereas the connection that fails is running as some other credential and so needs to use Kerberos delegation to pass my credentials along, but that is only a guess and even if I am correct I am at a loss to understand how to fix the issue - I don't know what other credentials may be being used and I have already set SPN's for the Analysis Services service account.
So it turns out that it was a Kerberos issue as I suspected, and I was also correct that Report Builder was testing the connection using some process running under another authentication context.
It turns out that when setting up Report Builder (and I had forgotten it) that you specify a default SSRS Report Server (see screenshot). It must be that when testing data sources or running reports that it connects to that default Report Server and does the work from there - I was assuming that everything was running locally!
Once I figured that out it was just a case of finding a good guide on how to configure SSRS for Kerberos and everything started working. In my case the only bit that I hadn't already done was to add the <RSWindowsNegotiate/> setting to the AuthenticationTypes in the rsreportserver.config file
Good day.
I am developing a program that will be used in a corporate environment by the end users. The application will automatically fix certain errors as soon as the user selects the application name, chooses the symptom or error message and clicking on the fix button.
The idea behind is to decrease the amount of calls we receive at the IT Service Desk (The company's personal Call Centre for IT Issues) and at the same time assist the end user by resolving the issue within a minute (versus waiting on the phone for up to 15 minutes or more).
I've am not yet allowed to upload an image of the application, but imagine a small'ish windows form with 2 columns; Aplication name and Synptom. The user will choose the application's name, click on the error message and click on the FIX button. This basically automates whatever we has IT Techs would manually.
The problem I'm facing is that some of the code is supposed to be executed with adminsitartor rights, eg. Stop and Start a given service, adding regsitry entries for Local Machine, etc.
Given the fact that none of the users will be allowed to have elevated rights and the fact that they need to use this application as a sort of "self-help" alternative without the need to call the IT Service Desk, is there a way to give a set of code "administrator permissions"? The application should NOT request the user to enter ANY passwords.
Regards,
Willem
No way, AFAIK: the model in common operating systems is process-centric, so that the process is given permissions that are then inherited by its code. You can elevate such privileges at some point, but that will be for the whole future life of the process (or as long as the authentication token for it ceases to be valid).
In windows the right way to do that is to employ a back-end service: at boot, you start the service called IT_Auto_Fixer_Back_End with high permissions (try to avoid Administrator, NetworkService or LocalService could be enough for you). When the app IT_Auto_Fixer_Front_End is started with USER privileges, it operates until it needs something with high privileges. At that point it sends a request to the service, that will do it.
If you choose this way, some important advices:
The IT_Auto_Fixer_Back_End must not become a backdoor! If you use TCP as form of communication with IT_Auto_Fixer_Front_End, make it listen localhost only and use SSL (yes!) to encrypt local traffic
It must not be possible to invoke arbitrary commands using IT_Auto_Fixer_Back_End. You need to enumerate the possible requests that could be made (i.e. a command like stop_mysql_service rather than accepting directly the string net stop mysql - the application logic will translate your string into the real OS command)
Every input from the user could be used to perform command injection. To prevent this, use the Windows API that requires an array for the command - this way if the user adds options to a command (i.e. the name of the service in net stop) they won't be interpreted as another command (common scenario: when accepting the name of the service as a parameter, a malicious user that tries to execute something like net start mysql ; net user /add hacker t00E4sy). Authentication and encryption will not help you against this, you must escape any user input that goes inside the command.
Sanitize your ENVIRONMENT by using the API that executes commands setting the PATH (and other relevant variables), so that the user will not be able to taint the PATH, executing C:\temp\net.exe instead of C:\Windows\System32\Net.exe
IT_Auto_Fixer_Back_End service should be authenticated: it should check every time if the request comes form the user by checking if the Kerberos token is valid (Windows => you get a very nice Kerberos environment for free!). This will prevent someone else to break into the machine, use SSL to connect to the localhost port and elevate privileges through your service
The above (authentication) still stands when something else (i.e. shared memory, windows sockets, a file, etc...) is used as communication channel between IT_Auto_Fixer_Back_End and IT_Auto_Fixer_Front_End
Life gets harder when you want to properly implement something dealing with multiple level of permissions...
Using classic ASP on Windows 7pro or Windows 8.1pro, I connect to a Microsoft Access 2003 database with the connection string "Provider=Microsoft.Jet.OLEDB.4.0;Persist Security Info=False;Data Source=D:\INetPub\KN2014\Databases".
This works fine until I call for user authentication with the code:
sAccount=Request.ServerVariables("LOGON_USER")'NT challenge
if sAccount="" then
Response.Status="401 Unauthorized"
Response.End
end if
The authentication is forced on a different page. If I do this in the same window and then return to the page which connects to the database a 80004005: Unspecified error occurs. Only resolution is to close the window and reopen it. If I manually open a second window (same sessionID!) I get the same problem in the second window. The first keeps working fine, even after a refresh.
I've tried to open that second window with program code, but then I get the error in the first window also.
Searching this site, I have done the trick granting read access on sysWOW64/inetsrv. Also: If I do a clean install for Windows 7, it works fine for a while than "Something happens" (maybe installing VS of Office) and the old problem occurs again. Tricks like using basic authentication, using Kerberos or changing the order of authentication protocols seem to have no effect.
I'm an "old school" developer. I hope someone can help me by providing the most simple classic ASP code to do authenticate using windows verification and read/write access to a Microsoft access db.
With Access you need to make sure that your database working in multi-user mode (available on 2010 and later) and you need to detect when user leave your page to close connection to Access upon exiting/closing your site/page.
That is a curse of Access since earliest versions of it.
Or make sure that you open database without locks. IN SQL server that could be achived by executing following upon opening your SQl statement:
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;
But I am not sure if this even possible in Access, better option just to switch to SQL Express.
I have a COM outproc server written in ATL that registers itself using
_Module.RegisterClassObjects(CLSCTX_LOCAL_SERVER, REGCLS_SINGLEUSE)
and it results in an HRESULT error code 0x80004015 (which means CO_E_WRONG_SERVER_IDENTITY). What causes this error code, and how can I work around this error?
Do you have any specific DCOM permissions set on the server? Alternatively, check the identity of the caller that causes the server process to be launched against the default DCOM permissions. It might be that the caller is service running under particular account and the process is launched as Interactive User.
Here's an article with more info that can help you figure out the problem.