I have posted a related question few days back and provided its answer as well.
I am facing a strange issue, I have 2 servers first one is dev server and second is QA
When I execute the below line on dev server it works fine, but when I execute it on QA, it gives me the error Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON', as I posted in my previous question.
EXEC master.dbo.xp_cmdshell ‘sqlcmd -D db_name -S server_name -i sqlfile’
To resolve the above issue I have provided the username and pwd in the above query and it is working fine on both DEV and QA server. But to provide the username and pwd is not a nice approach as if we will change the server or pwd it directly impacts my query. So I want to execute the cmdshell command without using username and pwd on QA as well.
Can anyone please tell me what I am missing on QA. I have already provided the permissions to cmdshell on QA
ANY QUICK HELP
This is because the user the command runs as is NT AUTHORITY\ANONYMOUS LOGON, and this login does not have access to the DB.
Consider this: everything must run under a user context. Every process needs a to have a windows user owning it.
The SQLCMD you are running - who is the windows user running it? it isn't you. It is the SQL Server service. (do some research on xp_cmdshell)
You first need to do some research on windows service accounts and understand what they are.
Then, some possible solutions:
A. Check what your QA SQL Server service is running as (in the logon tab in services.msc)
B. USe a linked server insteadm which can use your logon instead
C. You might also be able to use some kind of proxy (a windows user to override the SQL Service user just for this pupose) but I haven't investigated that.
Related
The Plan
Have HR personnel dump an Excel file of payroll Job Titles to a network share, add that file as a Linked Server in SSMS, use those titles in my ASP.Net web forms. Using a Linked Server instead of importing data to allow HR to update the Job Titles file at their discretion.
The Problem
I can create the Linked Server and query it without issue, so long as I'm in SSMS with Windows Authentication. But, if I try to access the linked server using a SQL account, I first get the error:
Access to the remote server is denied because no login-mapping exists (Error 7416)
The SQL account being used is the same account my web forms use for everything else. The fact that this SQL account doesn't have file permissions isn't surprising though, so an adjustment to the Linked Server's security should do the trick.
The Problem (part 2)
To reduce the number of variables, I moved the Excel file so it's on the same machine as my SQL Server. I'm logged into the machine and logged into SSMS with my domain admin account.
I access the Linked Server's security tab and, to try and cast the widest net possible, I leave the local login (top part) blank and head straight to "Be made with this security context:" and proceed to provide my domain admin credentials. I hit OK, and I get the following:
Not a valid account name or password (Error 7399)
I know the account name and password are good, so what gives?
Other Things
Folks who've ran into similar things have been instructed to change the logon account being used for the SQL Server service, which I've done using my domain admin account (for troubleshooting, atm). This did not fix the problem.
This is what the Linked Server code looks like, although I created it via the GUI (included for sake of completeness):
EXEC master.dbo.sp_addlinkedserver #server = N'ADP_TITLES', #srvproduct=N'', #provider=N'Microsoft.ACE.OLEDB.12.0', #datasrc=N'C:\JOB_TITLE_EXPORT.xlsx', #provstr=N'Excel 12.0 Xml'
EXEC master.dbo.sp_addlinkedsrvlogin #rmtsrvname=N'ADP_TITLES',#useself=N'False',#locallogin=NULL,#rmtuser=N'DOMAIN\username',#rmtpassword='########'
The solution appears to be entering "admin" for the remote login, and leave the password blank.
This only works, however, if the file is stored locally. If it's on the network, I still get a 7399 error, but instead of saying the issue is the account name/password, it now says the issue is unspecified.
I can make my project work with a local file though. Since I'll be moving forward with that, I have no need to solicit additional answers.
i created a software in vb.net 2005. i create a database in sql server 2005. i connect it with window authentication. everything works fine.
but problem started when i replace my database with old database copyed from different computer.
i attach screnshot of both database with attached users.
old database
and new database is
when i try to connect my software with old database with window authentication, it is not connected.
can anyone please tell me what the problem is and how to solve this?
When you restore a Microsoft SQL Server database on a different machine, the user could be no more the same on the previous machine. Even if you see the same username listed.
This user is called an 'orphaned user'.
Meaning that there is no login id or password associated with the user since the original SID identifying the user is no more valid on the new machine.
You could check if you have this situation with
EXEC sp_change_users_login 'Report'
and, you could fix with
EXEC sp_change_users_login 'Auto_Fix', 'Gauntam-PC\Gautam'
I have an issue with logging a Support user into an Application that has a SQL Server backend.
When configuring the application itself, the SQL set-up asked me to assign whether the Security to access the Application would be Windows Authentication or SQL: server Authentication, I chose Windows Authentication, and as I was using a login called
'LabUser1' I have been able to login to the application fine.
However, when I logon to the server using a different windows login, this time 'Support', SQL keeps giving me the error:
Error accessing the database DSN
Now I know the reason is because the install of SQL happened using the 'Labuser1' profile, but how can I create a script that will allow me to add the 'Support' user to the 'Allowed Logins' so that I can logon to the app server and at least open the Application? (I have seperate logins for when I see the applicatiojn login window, so please don't confuse the matter by thinking it is a simple case of creating a login for Support....I am talking about logging into the server)
The current batch file I am trying to run is:
sqlcmd -S localhost\OCDBB01 -i createSupportlogin.sql
Then I run this batch file after having created the following SQL script:
CREATE LOGIN OCDMW1\Support FROM WINDOWS
GO
Your description of the situation is a bit confusing to me however it appears that the "SQL setup" that is part of the application configuration created a ODBC DSN that uses the credentials of person logging into the machine as the login for SQL Server.
Simply creating a new (correct) login to the SQL instance may not resolve this issue since that does nothing to modify the DSN. If you are tied to using Window Authentication for SQL access it might be necessary to create multiple DSNs for the application to use and find a way to have the correct DSN associated to the right login for the application to use.
Please find all the files I'm refering to at this link:
http://whyisthisinmyfood.com/sql/
I have installed a new copy of "SQL Server 2008 R2 Management Studio Express (x86)" on two Windows 7 computers. The SAME install file for both computers. Installed the same way. (as far as I know, I chose the same options)
One at home and one at work.
The one at home seems to work perfectly I "Execute" this file (ITD132-Inventory Initial with data.sql) and it works fine. When I "Execute" it at work I get:
Msg 262, Level 14, State 1, Line 1
CREATE DATABASE permission denied in database 'master'.
..and a bunch of stuff after that which is caused because the database was not created in the first place.
I have compared the permissions on both computers.
see these files:
home computer : non-networked.jpg
work computer: work-networked.jpg
I read in one post that to create new Logins one must be logged in as the Administrator. I log into the Server Managment studio with my windows credentials and I am the Local Admin for my work computer and I have not been able to find any other place to log in as an administrator for this SQL Server Management Studio (so clearly I'm not sure whats meant by that)
At this point I think my problem is that I need to create a user who is not just the "BUILTIN\User" (because this login does not have permissions) with permissions.
But I have no idea how to login as an administrator to create this user role.
Please forgive me if these are obvious answers as I am just starting with this MS Management studio and am not very familiar with T-SQL.
Thanks,
Diana
If you install SQL Server, you get asked during installation process which user or user group should have the Admin-Privileges. If your computer is part of a domain and you login locally, things might get complicated.
The easiest (but not safest way) to login as a "superuser" if to enable the "sa" user.
this is one user that logs on with a password (not integrated logon) and has all the juice to run every script possible :-) By default it's disabled - googling I found a easy how-to enable it:
http://sudeeptaganguly.wordpress.com/2010/04/20/how-to-enable-sa-account-in-sql-server/
I think you are correct that you need to create another user with enough permission. Generally logging in with "integrated security" using your Windows credentials should have enough permissions (assuming the same user is the user that installed SQL Server). If not, you have better luck logging in as the SQL Server user "sa" (system administrator) which should have full permission. Do you know the "sa" password?
Note: the security mode for SQL Server can be set to "Only integrated security with Windows users", "SQL Server security" or "both". The "sa" account will only work if the SQL Server security is enabled. You may be able to access these settings using your BuiltIn\User account.
Oh yes, the famous error:
Cannot open database "MYDBNAME" requested by the login. The login failed. Login failed for user 'USERNAME'.
Let me explain my situation:
I have a database server, which has a SA account and my user account. The user has the correct mappings to my database (dbowner).
I can open the database with this user, using SQL Management Studio 2008 R2, both on the SQL server itself (using localhost), and on my frontend server.
However, when I run my application, I get the login failed error.
Strange thing is I have a test application and a production application on our frontend server. The test application has test databases on the same database server, and there are no login problems here. The only difference between the two, are the prefix which differs from "TEST" to "PROD". The test application works, the production however, doesn't. The user mappings and seem it should work on both.
Any ideas?
EDIT:
Our connectionstring:
<add key="umbracoDbDSN" value="Server=Websqlsrv01;Database=PROD_Databasename;User ID=umbraco_user;Password=password;Trusted_Connection=False" />
Sql server has a dichotomy login/user
they are 2 different entity:
http://www.akadia.com/services/sqlsrv_logins_and_users.html
maybe your sql login is not associated with an user for database PROD_Databasename but only for TEST_Databasename
another cause could be the user default database or eventually different database schemas
you can easily check if one of those is the problem simply creating a new user for PROD_Databasename and using it in connectionstring.
another way is to execute
exec sp_helpuser
in both databases (PROD and TEST) and see if the username "umbraco_user" is listed.
Anyway it is not a good practice to use same login for 2 different users:
https://dba.stackexchange.com/questions/16374/is-there-any-benefit-to-having-one-sql-server-login-for-multiple-users
Sometimes you need to use servername\instancename in your connection string if you've setup something other than a default instance. Use this link to find your instance name. Give that a try!
right click on you application and run as admin. This should work!