SQL Server Management Studio 2008 Runas user on different domain over VPN - sql

I am currently trying to run SQL Server Management Studio 2008 as a user who is on a different domain. I noticed in other threads that running the following command from a batch script will do this however it doesn't seem to work for me.
runas /netonly /user:DOMAIN\USER "C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"
I am asked for my password, the Login screen appears however the Windows Authentication username and password are still incorrectly the currently logged in impersonated user on the local Domain. Attempting to connect to the database on the other domain is unsuccessful regardless.
This seems to work for most people, the kicker for me is that this domain exists over a VPN connection. I am not able to view the VPN domain network computers in My Network Places, and thus I cannot Add Users in Control Panel.
My OS is Vista Business unfortunately, I cannot help this.
Any ideas would be appreciated.

Try this:
NET USE \\DBSERVER /USER:DOMAIN\USERNAME
You will be prompted for your password. This establishes a NetBIOS session with the database server. You should be able to see the shared folders and shared printers on the database server once you have done that.
If that works you should be able to connect using SSMS as yourself. You may have to specify "named pipes" as the network protocol to usem, if it doesn't work with TCP (but I think it will).
Menu->File->Connect Object Explorer...
Options->Connection Properties->Network protocol
Specify "Named pipes"
Named Pipes inherits your existing NetBIOS session, so provided you can list the shares you are probably good to go.
Update: It looks like in some configurations this does not work with TCP connections, (possibly due to some security update). In these cases you should enable Named Pipes, and set named pipes in your connection string.

Related

Can't connect to Azure sql server or even ping

I can't connect to my Azure SQL Database that I have hosted on MS Azure.I have tried with Visual Studio and MSSM with no luck.
I can't seem to work out how I could possibly be going wrong. I allowed access to the server on all IPs.
I am using the correct login info.
I dont seem to be even able to ping the server, despite it showing no issues in the Azure interface.
The server is located at: kkbpeyaf0t.database.windows.net
I tried to connect to the URL you provided using SSMS and it gave me a login failed (which I expected), so that tells me that the database is running and that you did indeed open up the IP ranges to allow anything (which isn't a best practice, but I'm assuming you did this as part of your troubleshooting). IF the Azure SQL DB firewall was still in the way it would block immediately indicating so.
I would think that if you have the correct username and password combination it should connect. Make sure that your outbound port 1433 isn't being blocked by your own firewall (machine, work, ISP, etc.).
Azure SQL Database won't respond to pings.
Docs can be found on MSDN.

Can't connect to sql server from lan computer using windows authentication

This is the thing, I have a server working perfectly allowing LAN connections, now im setting up a second one for maintenance purposes, but for some reasons I can't connect to him using windows authenticacion, but I still can to the first one, or using sql server login but I dont what to, I want to use Windows Authenticacion... I keep getting error message:
login failed for user "the user is not associated with a trusted SQL connection. (microsoft sql server, error:18452)
UPDATE: Both servers are running under Windows 7 (they are not for buissness use) they both are configure exactly equal.
UPDATE 2: I can connect from the same computer but not from a network one.
After few time, I realize the problem was at the layer eight (me), the best way to use windows authentication for SQL server is configuring a domain server, then add those domains users to sql and give them the desired privileges to connect to a database, and that' all it's that simple (at least for me it was) so after that, I created a System DSN Connection using windows authentication.

Connection string for a localhost SQL Server instance on a different machine in the same network?

I'd like to connect to a local instance of SQL Server on another machine within the same network, and am wondering if it's even possible.
For example, say we have Machine01 and Machine02, both on the same internal network. I have several IIS websites setup on Machine01. If I log onto Machine02 and query the URL of one of the websites on Machine01 in in internet browser (say http://Machine01:9000), the website will load just fine. This has me thinking that it might be possible to construct a connection string to access the local database on Machine01 from Machine02. Is this possible?
I have Allow remote connections to this server checked in SSMS.
I've tried this connection string:
Server=Machine01;trusted_connection=true;Database=MyDB;Persist Security Info=True
Your connection string is correct in that the Server is the target computer name, and the premise of what you're trying to do is certainly correct and quite possible.
However make sure that the firewall on Machine01 is set to allow inbound traffic on the LAN from the SQL Server port (by default, 1433).
Also, the trusted_connection bit may not work, depending on how you have your users set up. If the user account on Machine02 a trusted user account on Machine01? If in any doubt, set up a SQL Server user account on your Machine01 SQL server, make sure you have SQL connections enabled (Server properties -> Security -> SQL Server and Windows Authentication mode), and pass across the SQL user name and password in the connection string instead...
You might try setting up a linked server, I find it to make the queries much easier. Here is some information on how to set it up.

Cannot connect to remote SQL server

A client of mine gave me a server name which is fully qualified [servername].somedomain.net
to try to connect to their SQL Server instance over VPN.
So I tried, using the username and password they gave me. No luck. I can ping it but cannot connect, I get the error that the username and password is incorrect.
So I log onto the actual server, verify that my login is in security and has rights and it appears there. Workgroup\mylogin and it appears that workgroup\ actually is the same as somedomain.net\mylogin. Because when I try to add somedomain.net\mylogin, it resorts to saying that it's already added which is workgroup\mylogin.
Not sure what else to check here. I gave myself sysadmin role in SQL Server. I can ping the server's IP.
I looked at how they are authenticating me and they have my user in SQL Server set up to use Windows Auth. Well, the error I get is that it cannot trust cross domain when trying to use windows auth when I try to connect locally here in my management studio. I'm connected tot their VPN so what could be the problem?
They're not available right now to try to troubleshoot it and I'm just curious what else I might try to try and resolve this on my own if I can.
Basically, when you failed to connect to your SQL Server, the issue could be:
Network issue,
SQL Server configuration issue.
Firewall issue
Client driver issue
Application configuration issue.
Authentication and logon issue.
Step 1: Network issue
You might be able to make local connection without a working network, but that's a special case. For remote connection, a stable network is required. The first thing to trouble shoot SQL connectivity issues is to make sure the network we rely on is workable and stable. Please run the following commands:
ping -a (use -4 and -6 for IPv4 and IPv6 specifically)
ping -a
nslookup (type your local and remote machine name and IP address multiple times)
Be careful to see any mismatch on the returned results. If you are not able to ping your target machine, it has high chance that either the network is broken or the target machine is not running. It's possible the target machine is behind a firewall and the firewall blocks the packets sent by ping, though. Windows firewall does not block ping (ECHO) packet by default. The correctness of DNS configuration on the network is vital to SQL connection. Wrong DNS entry could cause of all sorts of connectivity issue later. See this link for example, "Cannot Generate SSPI Context" error message, Poisoned DNS.
Step 2: SQL Server configuration issue
You need to make sure the target SQL Server is running and is listening on appropriate protocols. You can use SQL Server Configuration Manager (SCM) to enable protocols on the server machine. SQL Server supports Shared Memory, Named Pipes, and TCP protocols (and VIA which needs special hardware and is rarely used). For remote connection, NP and/or TCP protocols must be enabled. Once you enabled protocols in SCM, please make sure restart the SQL Server.
You can open errorlog file to see if the server is successfully listening on any of the protocol. The location of errorlog file is usually under:
%ProgramFile%Microsoft SQL Server/MSSQLxx.xxx/MSSQL/Log
If the target SQL instance is a named instance, you also need to make sure SQL Browser is running on the target machine. If you are not able to access the remote SQL Server, please ask your admin to make sure all these happen.
Step 3: Firewall issue
A firewall on the SQL Server machine (or anywhere between client and server) could block SQL connection request. An easy way to isolate if this is a firewall issue is to turn off firewall for a short time if you can. Long term solution is to put exception for SQL Server and SQL Browser.
For NP protocol, please make sure file sharing is in firewall exception list. Both file sharing and NP use SMB protocol underneath.
For TCP protocol, you need put the TCP port on which the SQL Server listens on into exception.
For SQL Browser, please put UDP port 1434 into exception.
Meanwhile, you can put sqlservr.exe and sqlbrowser.exe into exception as well, but this is not recommended. IPSec between machines that we are not trusted could also block some packets. Note that firewall should never be an issue for local connections.
Step 4: Client driver issue
At this stage, you can test your connection using some tools. The tests need to be done on client machine for sure.
First try:
telnet
You should be able to telnet to the SQL server TCP port if TCP is enabled. Otherwise, go back to check steps 1-3. Then, use OSQL, SQLCMD, and SQL Management Studio to test sql connections. If you don't have those tools, please download SQL Express from Microsoft and you can get those tools for free.
OSQL (the one shipped with SQL Server 2000) uses MDAC.
OSQL (the one shipped with SQL Server 2005 & 2008) uses SNAC ODBC.
SQLCMD (shipped with SQL Server 2005 & 2008) uses SNAC OLEDB.
SQL Management Studio (shipped with SQL Server 2005 & 2008) uses SQLClient.
Possilbe command use be:
osql -E -SYour_target_machine\Your_instance for Windows Auth
osql -Uyour_user -SYour_target_machine\Your_instance for SQL Auth
SQLCMD also applies here. In addition, you can use “-Stcp:Your_target_machine, Tcp_port” for TCP, “-Snp:Your_target_machine\Your_instance” for NP, and “-Slpc:Your_target_machine\Your_instance” for Shared Memory. You would know if it fails for all protocols or just some specific procotols.
At this stage, you should not see general error message such as error 26 and error 40 anymore. If you are using NP and you still see error 40 (Named Pipes Provider: Could not open a connection to SQL Server), please try the following steps:
a) Open a file share on your server machine.
b) Run “net view \your_target_machine” and “net use \your_target_machine\your_share” (You can try Map Network Drive from Windows Explorer as well)
If you get failure in b), it's very likely you have OS/Network configuration issue, which is not SQL Server specific. Please search on internet to resolve this issue first.
You can try connection using both Windows Authentication and SQL Authentication. If the tests with all tools failed, there is a good chance that steps 1-3 were not set correctly, unless the failure is logon-related then you can look at step 6.
If you succeeds with some of the tools, but fails with other tools, it's probably a driver issue. You can post a question on our forum and give us the details.
You can also use “\windows\system32\odbcad32.exe” (which ships with Windows) to test connection by adding new DSN for various drivers, but that's for ODBC only.
Step 5: Application issue
If you succeed with steps 1-4 but still see failure in your application, it's likely a configuration issue in your application. Think about couple of possible issues here.
a) Is your application running under the same account with the account you did tests in step 4? If not, you might want to try testing in step 4 under that account or change to a workable service account for your application if possible.
b) Which SQL driver does your app use?
c) What's your connection string? Is the connection string compatible to your driver? Please check http://www.connectionstrings.com/ for reference.
Step 6: Authentication and logon issue
This is probably the most difficult part for sql connectivity issues. It's often related to the configuration on your network, your OS and your SQL Server database. There is no simple solution for this, and we have to solve it case by case. There are already several blogs in sql_protocols talking about some special cases and you can check them see if any of them applies to your case. Apart from that, things to keep in mind:
a) If you use SQL auth, mixed authentication must be enabled. Check this page for reference http://msdn.microsoft.com/en-us/library/ms188670.aspx
b) Make sure your login account has access permission on the database you used during login ("Initial Catalog" in OLEDB).
c) Check the eventlog on your system see if there is more information
Reference: http://blogs.msdn.com/b/sql_protocols/archive/2008/04/30/steps-to-troubleshoot-connectivity-issues.aspx
Sorry for this wall of text, i hope that something from here can help you solve your issue!
Regards.
If you want to access that server you are going to need a domain account from that domain or use SQL authentication. I would recommend just using SQL authentication - it's a lot more straight forward - if they allow it.
I had the same problem, other machines could connect to sql server but one computer was not connecting and displaying the error "a network related or instance specific error...", the problem was solved when I changed the network protocol in the login window of SSMS, in advanced options from TCP/IP to Named Pipes. Please see the below screenshots.
Please note that you should be on the same domain, and your credentials should be valid on the server.

Using MS Access 2003 to connect to SQL Server 2005

My dad built an MS Access Database to do property management. Now he wants to share it with other users over the internet. So I got a hosted SQL Server account at Network Solutions. Now I'm trying to connect the Access 2003 client to a test SQL database using these guidelines from MS:
http://office.microsoft.com/en-us/access/HP052745861033.aspx
However, the error message I get is "Connection Failed because of an error initializing the provider. Server does not exist or access is denied".
I've run the MSComponentChecker to make sure I have MDAC 2.7 or above. Mine is 2.8 SP1 on XP.
It sounds like either:
(1) your workstation is unable to connect to the SQL server instance because
(a) the hostname isn't resolving correctly
or
(b) a firewall in your network or on your workstation is preventing the outbound connection on the needed port
or
(2) you can connect and have the correct username and password but don't have sufficient privileges to get to the database you're attempting to use. Access gives a different error than what you received if you have a bad username or password ("Login failed for user 'xxxx').
You can check the networking by running "telnet example.com 1433" (whatever hostname and port you were given to use; if you weren't given a port, use 1433) and making sure you can connect (the command window will go to a blank screen). If that works, you can then confirm with your provider that the account you're using has been granted the needed permissions. If you can't telnet to the address you need, check you have the right hostname and the existence of any firewalls.
After a little more research, I figured it out.
In MS Access 2003, you have to enter the server name in this format:
serverName\instanceName,portNumber
This is a BackSlash, not a ForwardSlash. Thank you MS.
Not sure why I had to specify the port number when it's the default.
Special thanks to this post:
http://dbaspot.com/forums/sqlserver-server/251219-error-connecting-remote-server.html
It should be noted that you can't do much design work in Access 2003 once you are connected. So I needed to upgrade to 2007 to change the SQL schema. Hopefully, 2003 users will still be able to connect and use the app.