I am doing merge replication between SQL Server CE, 3.5 SP2 and SQL Server 2012 via IIS / Websync. Everything works perfectly when I use DB Authentication to connect with the publisher. If I switch it to NT Authentication, I get the following error in my script:
Initializing SQL Server Reconciler has failed. Try again.
...and the following error is logged on the IIS server sync log:
Command=SYNC Hr=00004818 Login failed for user 'domain\user. 18456
The reason I am trying to change this is because (and correct me if i'm wrong) I don't want to store the credentials in my sync script (powershell). I was hoping that if I was using NT authentication, it would use the credentials this script is running under in task scheduler - or whoever is running it manually. Basically, that is my goal - however it can be achieved - to not store creds in the script.
To use Windows authentication, you must use Basic auth on the IIS Server (maybe protect with SSL), but the client must suply a Windows username and password. You can then set PublisherSecurityMode to NTAuthentication and the Windows account wil then log on to the database server. So you must either store creds in the script or prompt the person running the script for credentials, and then set InternetLogin and InternetPassword properties accordingly.
The only way I got this to work is when I ran the wizard and chose "anonymous" for web access. Only then was I prompted to put in credentials which will be used for NT Auth (stored on the web server). This means that all clients connect anonymously and use the same creds for SQL. They cannot each have their own SQL credentials. They can, however, each have their own IIS credentials.
Related
I have a question relating to SQL Server management studio,
I have downloaded the SQL Server Express onto my PC and was told to expect SQL Server to prompt me for a username and password, which I could use to login as "SQL Server Authentication", and use the login and password function.
I followed every single instance of the Installation but was never propted about any such password and user name setting having to be created.
Big deal however I need to practice methods for loging into SQL Server using password and Username functionality ussing vb.net (Automating login procedures).
What are the steps I need to undertake to make correct this?
The Authentication Mode can be changed at any time. In Microsoft SQL Server Management Studio, right-click on your server, and go to properties.
In the Security page, you have the option to change the Server Authentication mode to Windows or Both (Windows and SQL).
Make sure the "sa" user has a strong password (it may be empty or disabled by default).
Environment
Windows 7 machine running VS2012 Update 2
Server 2008 box running SQL Express 2012
Happily modifying existing Lightswitch application that connects to the SQL Server Express system using SQL Authentication. All of a sudden I start to get all sorts of funny errors (something weird happened at this point) so I stopped what I'm doing and restart both server and Win7 system.
When I now try to run/build my LS application it gets an error stating that login to the SQL Server failed because login is from an untrusted domain and windows authentication failed.
Problem is I am using SQL authentication??? I have triple checked my web.config settings and the connection string is definitely set for SQL auth. I created another "test" application, again using SQL auth and it works fine. (I compared the config files from app to app and the connection strings are identical.
In the VS IDE I have Data Connections defined to the SQL server using SQL auth and it works fine. If I do an "update" of the data source and check connection dialog it uses SQL auth and the update works fine.
But when I try to build/run the app it wants to use Windows Authentication.
(I am not using any application/screen level security in my app).
Got me stumped.
Any ideas?
I'm using IIS 6 in Server 2003 and SQL server 2008 which sits ona seperate box. Now i would like to connect using the Application pool identity of the website to SQL server.
But somehow whenever i display the identity in page_load method it always displays the windows account using which site was browsed. I have given the details below
Server : Windows Server 2003
Database : SQL server 2008 . Web server and DB sit on different machines.
WebSite : Uses a custom app pool that runs using a custom domain account. Website has anonymous disabled and windows authentication enabled. Impersonation is not enabled in web.config.
I'm displaying the credentials using the below code :
Response.Write(HttpContext.Current.User.Identity.Name.ToString());
WindowsIdentity id = WindowsIdentity.GetCurrent();
Response.Write(id.Name);
Now i need a way of using the identity of app pool to connect to database. Please let me know how to do this. If i set the website anonymous account as the app pool identity everything works fine but i dont want to do that. Now authentication just flows as anonymous to the SQL server and it throws exception.
I'm not sure about IIS6, but in IIS8... In the advanced settings for the application pool in questions, there is an identity section. Set this to the windows credentials you want to use. Also set 'Load application profile' to true.
Then in your application, you just need to setup your connections string to use a trusted_connection instead of an SQL server username and password.
Just remember to set the windows account to have a password which never expires, unless you'll remember to update the app-pool when it does change (or the pool will stop.)
Dave
This sounds like you have Windows Authentication enabled and are using IE to connect to the site? In this case the Windows Identity is passed through to IIS.
I'm trying to migrate a legacy application we have to Windows Server 2008 x64 and IIS7. It's written in Classic ASP and connects to a SQL Server 2005 database.
However, when the page runs, I receive the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
The connection string I'm using is: Driver=SQL Server; Server=SERVERNAME; Initial Catalog=DBNAME;
I can't see any reason for it to be using the anonymous logon as when it was running on my 32-bit Win2k3 server, it accessed the SQL Server using DOMAINNAME\SERVERNAME$.
I have the following settings.
SQL Server 2005 - running in mixed mode.
IIS7 Application Pool - Allow 32-bit applications set to True.
I've also added the server as a user on the SQL Server.
I've tried a few things now and I'm starting to run out of ideas.
There are some solutions.
use SQL authentication, instead of SSPI. It will work since your database is in mixed mode.
If for any reasons you won't change the authentication.
The NT AUTHORITY\ANONYMOUS LOGON is strange, by the way, just as if the database server and the app servers are not on the same domain. Please check this until proeding further.
1) Create an user in Active Directory
2) Create a application pool on IIS7 and as "Identity" , the user you've created
3) Grant this user the rights and roles you want on the DB
I think I've fixed it. Moving to Win2k8 means that I needed to change the connection string driver to SQL Native Client;.
Set the Anonymous Authentication credentials to be your Application Pool Identity.
(default is Specific User --> IIS User). Then you can use a Trusted Connection in your connection string as it will now use the AppPoolIdentity account.
Well, that failed login attempt is a classic example of code running under the "Local Service" account, rather than (what you had on Win2K3), where it was running under the "Network Service" account. Now you just need to find where that setting is.
For either the OP or future readers, you can:
1) Either use a dedicated service account, as suggested by Johan above, or
2) Use the AppPoolIdentity account and go to "Authentication", then select "Windows Authentication" and enable "ASP .NET Impersonation".
If you still get the same result after #2, you likely have the "double hop" issue cited by Damien - this is where the web server can authenticate you, but it does not allow you to pass those credentials on to the database for security reasons without using Kerberos. You would then need to set the server as "Trusted for Delegation" in AD and set up Kerberos as the authentication provider in IIS. This site helps with that: http://technet.microsoft.com/en-us/library/ee675779.aspx
I just created a new database in "Microsoft SQL Server Management Studio Express" and now I'm in "ColdFusion Administrator" and I'm trying to add my database as a Data Source. How do I do that? I believe the servername is .\SQLEXPRESS but I'm not sure what the default username and password are. I've tried creating a new login through Management Studio with an actual username and password, but those aren't working either. The error I'm getting is:
Connection verification failed for data source: xxx
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The requested instance is either invalid or not running.
The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The requested instance is either invalid or not running.
I can see that the service is running, and I can connect to it through management studio. I've tried following a couple tutorials online, but they don't seem to be working for me. Ideas?
Server name can be any resolvable hostname or domain name, in case of having SQL Server and CF server on same box localhost should work for you.
Also make sure that user you created has access to the particular database and needed operations. Look into the database permissions for this. This check is not required when using master account (often login is sa), but this is not recommended practice because of the security reasons.
Also make sure SQL Server and Windows Authentication mode is checked. I had an issue with permissions as well when I only had Windows Authentication enabled under:
right click on server (localhost) -> security
Then restart SQL Server Services to save changes. After that I was able to connect my ColdFusion datasource to SQL Server.
For testings sake use the same credentials that you are connected with in Management Studio, likely the "sa" user and password. Once you have it working with "sa" then go back into Management Studio and create an application level user for your CF app and then update the data source to use your new user / password.