I have create a windows service which access SQL db. The connection string is grabbed from the app.config file .
The Following is the format of the connection string
connectionString="Integrated Security=SSPI;Persist Security Info=False;server=xxxxx\SQLEXPRESS;database=Sample;uid=sa;password=xxxxx;Trusted_Connection=False"
The Windows Installer Account Type is LocalSystem.
This service is running of some system successfully, but on some system's its showing login failure for 'SA'.
Please suggest a solution.
It's quite straightforward: login failure for 'SA' refers to the fact that the login sa exists, but the password is not. Particularly, sa is a system default login that always exists, but you have probably set the password differently on different servers.
Another thing to check is whether or not there are multiple instances on the machine. It could be \SQLExpress on one, but the default instance on another that you are meant to connect to.
Related
I have a .Net Core 2.0 application that I host in IIS 7.
With IIS Express the application works fine and I'm able to connect to the database successfully. With IIS I get this error:
Cannot open database "Books" requested by the login. The login failed. Login failed for user 'DOMAINNAME\PCNAME$'.
My connectionString in appsettings.production.json file looks like this :
"ConnectionStrings": {
"BooksDatabase": "Server=PCNAME\\SQLEXPRESS;Database=Books;user id=iisAccess;password=iisPassword;Trusted_Connection=True;ConnectRetryCount=0;MultipleActiveResultSets=true"
};
What am I doing wrong and why does it say that the "login failed for 'DOMAINNAME\PCNAME$'" when I put the credentials user id=iisAccess;password=iisPassword; in my JSON file?
You are asking for Windows Authentication:
Trusted_Connection=True
Remove this part of the connection string and give it another try.
The reason for the error goes along these lines:
IISExpress runs as a normal process in your logon session. So it runs with your Windows Credentials. When your app is running inside IISExpress it is actually running under your credential, and when you connect to the database using Windows Authentication, is your login that SQL Server will receive.
The full IIS on the other hand runs as a service under a different session and a different user account. There are the application pools that also play a part and run under yet another account. But the main thing is that those default IIS accounts are local accounts, so they have no "visibility" to another computers. Hence when your app tries to connect to SQL Server, SQL "sees" the machine account, which goes by the name DOMAIN\MACHINE$.
Most likely, ASPNETCORE_ENVIRONMENT is not set correctly on the server (i.e. either not set at all or not set to Production).
On your server, edit the system environment variables and add one (if it doesn't already exist) with the name ASPNETCORE_ENVIRONMENT and the value Production. Also, edit the advanced settings of your app pool in IIS for the application and ensure that the key Load User Profile is set to True.
I have found the answer of this issue;
the answer is to right click on the service / properties and logon tab then you should change the password;
but when I change the password and click apply my password does not work and it changes automatically to old one;
what you think I can do now?
This is the wrong forum to ask this question, but your issue is either you're putting in the wrong password for the service account.
OR
The user account you are using with the service does not have correct SQL permissions.
You should read up on SQL Permissions:
https://msdn.microsoft.com/en-us/library/bb669084(v=vs.110).aspx
https://msdn.microsoft.com/en-us/library/bb669065(v=vs.110).aspx
If you tried to update the password the SQL service uses via Windows Services, try instead via SQL Server Configuration Manager. Doing it via Windows Services will not work correctly.
And if you are not 100% sure you are typing the correct password, you may need to update the logon account's password first.
I'm just in the process of trying to properly configure asp.net 4.5 on our IIS servers.
I have been able to navigate and launch an ASPX page that contains no data conenctions sucessfully so I know that the application pool authentication to the local directories is working as it should.
Now though I have a seperate SQL server that is connected to the domain and have a connection string stored in the code that connects the ASPX page to the server using a trusted connection. When running in visual studio debug mode, the connection works fine - but at that point I assume it is using my login credentials.
My question is, when a user calls the aspx page via the browser when hosted on the new IIS7 server, which account is used to call the SQL server when using a trusted connection? - Is it the end users or is it a local account from the IIS server?
When I call a page with data connections embedded I get the error: Login failed for user ADMIN\PCNAME$ ... which is an indication that this is the account that it is using. However this account doesn't exist on the domain that I'm aware of. - Or does it ?!
Thanks in advance,
It will use the account that ASP.NET is running under, as you've worked out. What you usually should do is create a Domain Account (with the right privileges) and run your ASP.NET AppPool under that account. Then a Trusted Connection will use that account for connecting to the database, and as long as you've given it access (which as a Domain Account you can do) it should all work.
Added:
After some back and forth on comments, lets go back to the start: set the new AppPool to run with the domain users account, and recycle the AppPoolo. What is it that says the password is wrong? If it's IIS trying to start the AppPool, then it is extremeny likely that the Password you gave the AppPool IS wrong, or else that the password is set to change on first logon.
If its not IIS, but opening a Database connection, are you sure that the database allows this Domain Account access to the database and the tables within it it will need? What roles have you assigned to this account? Also, what SQL statement is it trying to execute (if it's got far enough to try and execute a statement at all)?
I suggest you put any response in you original question - comments get to be a drag if there are too many of them.
I have WebLogic 11G (10.3.6) on Linux Server and SQL Server 2012 on Windows 2012. I would like to create the connection pool to SQL Server from WebLogic using Windows Active Directory Kerberos authentication.
I am looking for steps to accomplish the above. I found information in bits and pieces but looking for clear steps. Any help is greatly appreciated.
I have access to WebLogic 10.3.3. So all version numbers are according to that. But the principals are the same.
Login through the console
Lock and Edit. If this isn't a production mode server, you won't need to do this.
Go to Services > JDBC > Data Sources and click "New".
Give it a name and JNDI name. I probably don't need to mention that the JNDI name is the important one. Also, choose the "Database Type" as "MS SQL Server".
Next you'll have to choose the driver. I didn't observe anything about distribute transactions in your question. Thus, I'm assuming you won't need an "XA" driver.
Again, I didn't see anything about Global Transactions in your quesiotn. So in the next step, disable it.
Next is the information about your Database; its name, Host's IP, and Port. If you have a named instance, add the name after the IP like this: \\instance_name. Since you want to use Kerberos, don't enter the Username and Password.
In the next step, you need to tell your datasource to use kerberos. Add ";AuthenticationMethod=kerberos" to end of the URL field. Connection properties are separated with a ";". For example, jdbc:sqlserver://192.168.10.56:17888;AuthenticationMethod=kerberos
Next, specify which Servers in your Domain will have access to this DataSource. Basically, specifying the DataSource's target servers.
Side notes and other important settings:
When you specify the "AuthenticationMethod" connection property with the value of "kerberos", any username or password will be ignored.
Your database server must be administered by the same Domain Controller that administers the Weblogic server.
Under $WL_HOME/server/lib find krb5.conf (Kerberos configuration file containing values for the Kerberos realm and the KDC name for that realm) and open it in a text editor. Specify the system properties java.security.krb5.realm and java.security.krb5.kdc. In Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.
The application and driver code bases must be granted security permissions in the security policy file of the Java 2 Platform. Something like this:
grant codeBase "file:/WL_HOME/server/lib/-" {
permission javax.security.auth.AuthPermission
"createLoginContext.DDTEK-JDBC";
permission javax.security.auth.AuthPermission "doAs"
permission javax.security.auth.kerberos.ServicePermission
"krbtgt/your_realm#your_realm", "initiate";
permission javax.security.auth.kerberos.ServicePermission
"MSSQLSvc/db_hostname:SQLServer_port#your_realm", "initiate";
};
where:
WL_HOME is the directory in which you installed WebLogic Server.
your_realm is the Kerberos realm (or Windows Domain) to which the database host machine belongs.
db_hostname is the host name of the machine running the database.
SQLServer_port is the TCP/IP port on which the Microsoft SQL Server instance is listening.
I must say though I don't think you searched hard enough. Because almost everything I wrote here came from the online documentation:
http://docs.oracle.com/cd/E12839_01/web.1111/e13753/mssqlserver.htm
I have an issue with logging a Support user into an Application that has a SQL Server backend.
When configuring the application itself, the SQL set-up asked me to assign whether the Security to access the Application would be Windows Authentication or SQL: server Authentication, I chose Windows Authentication, and as I was using a login called
'LabUser1' I have been able to login to the application fine.
However, when I logon to the server using a different windows login, this time 'Support', SQL keeps giving me the error:
Error accessing the database DSN
Now I know the reason is because the install of SQL happened using the 'Labuser1' profile, but how can I create a script that will allow me to add the 'Support' user to the 'Allowed Logins' so that I can logon to the app server and at least open the Application? (I have seperate logins for when I see the applicatiojn login window, so please don't confuse the matter by thinking it is a simple case of creating a login for Support....I am talking about logging into the server)
The current batch file I am trying to run is:
sqlcmd -S localhost\OCDBB01 -i createSupportlogin.sql
Then I run this batch file after having created the following SQL script:
CREATE LOGIN OCDMW1\Support FROM WINDOWS
GO
Your description of the situation is a bit confusing to me however it appears that the "SQL setup" that is part of the application configuration created a ODBC DSN that uses the credentials of person logging into the machine as the login for SQL Server.
Simply creating a new (correct) login to the SQL instance may not resolve this issue since that does nothing to modify the DSN. If you are tied to using Window Authentication for SQL access it might be necessary to create multiple DSNs for the application to use and find a way to have the correct DSN associated to the right login for the application to use.