We recently migrated an application database to a new version from winserv2008/sql2008 to winserv2012R2/Sql2014. A service that pulls on this DB needs to be redesigned to accommodate some minor table/view definition changes.
Running the service code through tests under my personal security context works fine. However, installing and starting the service under .\LocalSystem is problematic. Looking at the service logs in event viewer I see that the service tries to connect to the sql server but gets a ERROR[28000] Login failed for user 'Domain\LocalSystemName$'.
The connection is via ODBC, SQL Server Native Client 11.0. Connection string is like:
"dsn=dsn_name;Driver={SQL Server Native Client 11.0};Database=database_name;Integrated Security=False;uid=accountname;pwd=accountpassword;Connect Timeout=15;ApplicationIntent=ReadOnly;"
Also, through the course of troubleshooting I've discovered/confirmed several things.
The sql server credentials I am using are correct, they are also being used to connect from a SQL2016 instance to the SQL14 server as a linked server.
The original service install on a utility server appears to be hitting the new database fine after the ODBC connection settings were switched.
My questions are:
Have you run into anything like this before?
Am I missing something simple in my connection string?
Are there per machine security settings in sql14 that I'm missing?
Related
I've setup a Service Broker on one of databases to automatically pick up stored procedures in a specific schema (Build) and run them on a daily basis. So far everything has been running fine, however we've now got a need where we need to access a remote sql server which is running SQL Server 2017 and has the latest Machine Learning Service installed.
I've given the service account that runs the primary SQL Server (SQL 2016) access on the remote server, and ensured the Service Broker is executing under the service account, rather than the local SQL account (sa).
Whenever we try to access the remote server, we are getting the following error:
Linked servers cannot be used under impersonation without a mapping
for the impersonated login.
I've tried adding an EXECUTE AS to the process, however this doesn't seem to make a difference. I've also ensured it is running under the service account, and it is.
I can get it to work using a mapped login on the linked server, however this isn't ideal, as we don't want to run the sql server in mixed authentication as this has been determined as an IT risk.
I've run out of ideas or what I can do here, and can't find any other help pieces with this same problem. I did want to roll this process out to more of our warehouse builds, however this is a deal breaker at this stage.
help?
I have a problem connection to a SQL Server 2012 instance running on Windows Server 2012. I have a .NET 4.5 windows forms application installed on a client machine running Windows 7. The error I get is this:
A connection was successfully established with the server, but then an error
occurred during the pre-login handshake. (provider: SSL Provider, error: 0 -
The wait operation timed out.)
My connection string looks like this:
server=SERVERNAME;database=DATABASENAME;User Id=someuser;password=somepassword;Timeout=60;app=LabelMaker
I tried connecting to the SQL Server from the client machine using QueryExpress
and that worked! My app is 64-bit if that is of any help. I've checked every setting I can think of in SQL Server. No force encryptions are enabled on the protocols (shared memory and tcp/ip), the domain firewall is open on the server. I've tried various connection strings with all kinds of unheard off parameters, always the same result, failure.
I'm really confused about why it works with QueryExpress? My app works when connected to a remote instance of SQL SERVER Express on another machine, it also works if I run it on the SQL Server 2012 machine.
I've also tried connecting to the server from the client machine with LinqPad and this is also really weird, with the new version based on net4/4.5 (Version: 4.43.06) it fails but when I use the old version of Linqpad (2.x) based on net3.5 it works!
It seems like Panda Security is causing the problem, I ran
netsh winsock show catalog
and found a few panda entries, I then did a reset
netsh winsock reset
now my application works fine, I then rebooted the machine, ran the catalog command again,
the panda entries were back and my app is having the same problem as before.
Here are the Panda entries in the winsock catalogue: https://gist.github.com/pellehenriksson/5159883
All ideas and suggestions are appreciated.
UPDATE
Panda Security v5 is the cause of this problem, this has been confirmed by Panda support.
The root cause of the problem is explained by Alex below. The customer will do an upgrade to v6 of Panda Security, I will test again after the upgrade.
CONCLUSION
Moving to Panda Security v6.0 fixed this issue.
This seems to be a non-Microsoft related issue: Visual Studio 11 beta installation disabled my abillity to connect remote MS SQL Server but not local databases.
The ticket has been closed as external.
The only workaround available at this time on Microsoft Connect is:
Posted by Lars Joakim Nilsson on 5/4/2012 at 5:03 AM
My machine had this problem. The work around for me was to remove non-IFS LSP installed Winsock Catalog Provider. Se
http://support.microsoft.com/kb/2568167
/Lars Nilsson
The SetFileCompletionNotificationModes API causes an IO completion port not work correctly with a non-IFS LSP installed link gives the resolution:
Not specifying the FILE_SKIP_COMPLETION_PORT_ON_SUCCESS flag or
removing any non-IFS Winsock LSPs installed. Also moving from a
non-IFS LSP to Windows Filter Platform (WFP) can resolve this issue.
So, you should remove Panda Security or, as an alternative, you may try to execute netsh winsock reset as a pre-build command (although I'm not sure if this is effective without a reboot), which would let you develop/debug your application.
[UPDATE]
More information about application compatibility is given here: Application Compatibility in the .NET Framework 4.5:
Data
SQLClient
Feature
Ability to connect to a SQL Server database from managed code that
runs under the .NET Framework 4.5.
Change
The existing synchronous API code path was modified to add
asynchronous support.
Impact
The presence of non-IFS Winsock Base Service Providers (BSPs) or Layered Service Providers (LSPs) may interfere with the ability to
connect to SQL Server. For more information, see
SetFileCompletionNotificationModes API causes an IO completion port
not work correctly with a non-IFS LSP installed on the Microsoft
Support website.
I hate to say it, but restarting Visual Studio and my Microsoft SQL Server Management Studio solved this problem.
I had built an application to connect to MySQL DB and SyBase - SQL Anywhere DB using VB.NET and appropriate ODBC connections. This was working fine until we had to make this application a service which keeps running in the background irrespective of any users logged in.
I built the application into a service and after installation, the service was able to successfully connect to MySQL DB, but I am getting the following error when connecting to SyBase (please note the connection string is exactly same as used in the application)
ERROR [08001] [Sybase][ODBC Driver][SQL Anywhere]Database server not found
The project installer - service process installer 1 is configured as localsystem.
The creepiest thing here is, mysql connection is successful, when the same application was not a service, connecting to sybase was successful. Once it was made into a service it started failing. I have a Windows 7 64-bit workstation and VS 2010.
I have been trying to do every single thing for the last one week to fix it but nothing seems to be working. Any advice would be highly appreciated.
Looks like you are using a DSN to connect to SQL Anywhere.
First, make sure that you have configured it as a System DSN. Then, verify that you are using a TCP/IP connection protocol (ODBC Admin -> Select System DSN tab -> Select DSN in list -> Click Configure -> Goto Network tab) and NOT Shared Memory.
Using Shared Memory will NOT work from a Win Service that tries to connect to a SQL Anywhere DB Server.
I suspect that is the issue since you are able to connect from a desktop app using the same connection string.
One way to make this work is to start your SQL Anywhere db as a network server (Start -> All Programs -> Sql Anywhere 12 (or 11, depending on your setup) -> SQL Anywhere -> Network Server.
That should run the dbsvr12.exe, which will start listening for connections on a TCP port.
Then, add a Links=tcpip, or a Host=localhost to your Win Service connection string and give that a try!
Take notice that simple win app is running with credentials from logged user, while windows service is running on system account (in your case). You have two options, change connection string to connect with specific user (if you are now using trusted connection) or change windows service logon user to your user.
OK, I'm stumped. I am trying to create a .NET Winforms app to talk to a database via Entity Framework. I originally created a ASP.NET MVC3 app (with a seperate DAL layer) that can talk to the database after initially failing. SO the first time that it tries to open the connection, it times out. If I then hit F5 in the browser, it connects fine!
I referenced this DAL in my Winforms app.
I can connect to the database via SQL Auth in SQL Management Studio fine.
I can create the ADO.NET Data classes in VS2010 (it connects, gets the tables and stores the connection string in the app.config).
However, once I run the Winforms app, I am unable to connect. I get the mentioned exception with an InnerException of "Timeout expired."
I copied the connection string from the web.config to the app.config.
The SQL database is hosted on my Windows Home Server called SERVER. I am in a Workgroup (no Domain). I uses SERVER\SQLEXPRESS in Management Studio and VS to successfully connect to it.
Things I've tried:
Disable the firewall on the client machine.
Enabled DTC on the server and added msdtc.exe to the exclusion list on the server.
Made sure Named Pipes in enabled on the SQL server instance.
Tried different SQL users.
Tried different ways of constructing the connection in C#.
Generated a new ADO.NET Data class local to my WinForms project (not referencing the DAL). VS connects fine, reads the tables, generates the code. But the running app causes a "Timeout Expired" SqlException.
So running the app is unsuccessful in connecting. When I watch the app in ProcessExplorer I can see an entry in the TCP window when it tries to Connect on remote port 4845 with a SYN_SENT message. Not sure if that's right.
I've google'd and bing'd this for the last few days, I've read all the articles and replies here on Stackoverflow that mention this exception, but I have hit a wall.
This is the ConnectionString that VS generated after reading the DB:
<add name="LLDBEntities" connectionString="metadata=res://*/LLDB.csdl|res://*/LLDB.ssdl|res://*/LLDB.msl;provider=System.Data.SqlClient;provider connection string="data source=SERVER\SQLEXPRESS;initial catalog=LLDB;persist security info=True;user id=sa;password=sapwd;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
Any help appreciated, even any hints on how to figure out what's happening.
Your connection string looks more like a connection string to an SQL Server, rather than SQL Express.
Have a look at this for a connection string to SQL Express: SQL Server Express connection string for Entity Framework Code First
Ok, solved.
I noticed that it would actually connect on the second attempt with the same app and connection. At that point I found this link: http://kromey.us/2011/06/microsoft-sql-server-2008-times-out-on-first-connection-attempt-447.html
So I opened the firewall port listed under IPAll Dynamic Port in SQL Server Configuration Manager on the TCP/IP Properties for the instance and now it all works fine. I still don't know why it would get through on the second attempt....
I'm using the sqlxmlbulkloadlib to perform an xml bulk load. When integrated security=SSPI, the process completes fine inside a workflow hosted on my local machine in a wcf service. However, when that workflow is hosted on our server and kicked off from a service reference on an aspx page, the bulkloader produces an error connecting to the data source. I have tried using sql server authentication instead, but that fails even on my local machine with the same error connecting to data source.
My connection string looks like:
"provider=SQLOLEDB;data source=Myserver;database=Mydb;User ID=Myuser;Password=Mypassword"
Ok, so after creating the sql account for the bulkloader, the policy required that I change the password. Didn't catch that till I tried logging in with the account in management studio.
I am curious, though, what I would have to do differently for integrated security to work from the production server.