I have a timeclock database setup on a Windows 2008 server, SQL Server. It has been working for MONTHS. Today, all of a sudden, it seems like some peoples' logins are working and some peoples' logins are not working.
SQL authentication works fine, however the Windows authentication is not working. I checked the log files and it seems like SQL Server 2008 is just not liking the passwords!
Does anyone know what could be going on here?
Windows auth relies on the SIDs contained in the login token generated when folk log in to Windows: not the actual windows password or even username
If it's failing, then you have issues witg Active Directory or some underpinnings such as Kerberos.
Saying that, there are some common issue I've seen over time:_
password changes: invalidate the login token in some circumstances. If you have a policy for password changes then simply sking folk to lock/unlcok their PCs will cause a "re-login" against AD
use FQDN + port: If you use named instance, the client must query port 1434 to get the actual port of the instance. If you have a lot of firewalls or remote clients then sometimes this handshake fails. IIRC something to do with Kerberos. We found using server.domain.tld\instance, port fixed all our issues (I'm talking USA or Hong Kong to Europe based server)
You may solve this problem by assigning user rights to the user: "NT AUTHORITY\SYSTEM".
Follow these steps:
Open "SQL Server Management Studio".
Open "Security, and then Logins".
Rightclick on user: "NT AUTHORITY\SYSTEM >> Properties".
Select "Server Roles" tab, and check the "sysadmin" server role.
You are done.
u can also try right click on the user u wanna grant the privilegies and click on all of them in server roles
Related
I am trying to install DNN using Web Platform Installer. It tries to connect to .\SQLEXPRESS, which I have installed along with SQL Server, and wants me password for sa. When I provide it
with a password, it says "password invalid or cannot connect to database".
I thought to myself there might be a problem with the sa account. I opened SSMS 2012. There is a red arrow downward sign on the sa account. Whenever I am trying to change login status to Granted it opens up an error message:
error 15151
Cannot alter the login 'sa' because it does not exist or you don't have permission.
Nonetheless I tried it with administrator account and also by disabling UAC. None worked. Screen shot follows:
Details:
SQLEXPRESS version: 10.0.2531
SQL Server version: 11.0.2100
Update: Following some guidelines I tried to change authentication in SQL Server Management Studio from Windows Authentication to Mixed Authentication, but it failed with the following permission error:
Make sure you're connecting with a server login that has the sysadmin server-level role. You'll need that permissions level to do what you're trying.
Check the server authentication mode. If it is or was Windows Auth only, the sa account is automatically disabled. Note that if SQL Authentication was disabled and later turned back on, the sa account will still be disabled.
If you find that nobody is in the sysadmin server-level role, you'll need to stop the server and restart it in single-user mode so you can add at least one login to the sysadmin server-level role. In single-user mode, the Administrators group has sysadmin access, but you'll have a limited subset of commands to manipulate data in tables (single user is for fixing servers, not running applications). NB: Only one connection is allowed in this mode, so if you have a broker or service that's trying to connect you'll need to disable that or it can take the session you were planning to use with SSMS.
I have been trying to run debugging within SQl server management studio and for some reason the debugger has just stopped working.
This is the message I get:
Unable to start the Transact-SQL debugger, could not connect to the
database engine instance 'server-sql'. Make sure you have enabled the
debugging firewall exceptions and are using a login that is a member
of the sysadmin fixed server role. The RPC server is unavailable.
Before this I get two messages, one requesting firewall permissions and the next says 'usage' with some text that makes little sense.
I have looked at the other similar answers on there for the same message which suggest adding the login as a sysadmin but that is already set. I also tried adding sysadmin to another account but that also didn't work.
In the end I was able to start it by right clicking and selecting run as administrator.
I encountered this issue while connected to SQL using a SQL Server Authenticated user. Once I tried using a Windows Authenticated user I was able to debug without issue. That user must also be assigned the sysadmin role.
This happened to me and I could not find the resolution anywhere. My firewall is disabled so I knew that couldn't be the issue.
According to Microsoft: Configure firewall rules before running the TSQL Debugger:
The server needs to communicate back to the client via RPC. The
account under which SQL Server service is running should have
authenticate permissions to the client.
We had a group policy that was preventing this:
Deny access to this computer from the network (Local account, Guests)
In order to resolve the issue, I had to add the SQL Server service account to the local group "Remote Desktop Users" on my desktop. Hope this helps someone else resolve this frustrating issue.
I try with the following steps, but it did not work (maybe because I'm on a PC in a office and I don't have control of the firewall). But you can try the following.
Check the users role:
IF IS_SRVROLEMEMBER ('sysadmin') = 1
print 'Current user''s login is a member of the sysadmin role'
Follow these instructions:
configure the transact-SQL Debugger
Run SQL Server Management Standard Edition 64 bits (with SQL Server Account)
In my case, I received this error message:
Unable to start the Transact-SQL debugger, could not connect to the computer "local".
I end up close the existing connection, then reconnect to my local SQL server using IP 127.0.0.1 and it works.
What helped me, was from here:
SQL Server Management Studio must be running under a Windows account that is a member of the sysadmin fixed server roll.
The Database Engine Query Editor window must be connected by using
either a Windows Authentication or SQL Server Authentication login
that is a member of the sysadmin fixed server role.
So, I've added sysadmin role to my windows account and run ssms as administrator. Debugger started working normally.
In addition to above works, what make our 2 computers remote debug able, was running: (right click on Window's Start button)
System--> Advanced System Properties-->Computer Name-->Click on Network ID... button
and running that wizard to join workgroup on both computers.
I found this solution by looking at my Windows' Event Viewer and looking for a solution to errors with NetBT Source, that is related to workgroup and computer Name.
Update: after some days, it stop working again.
I had the same problem and double checked al recommended settings. At some point I disabled the firewall on the database server and it worked like a charm. By enabling and checking the Firewall log I noticed this entry:
2019-10-31 16:07:50 DROP TCP 192.168.xxx.xxx 192.168.xxx.xxx 65231 61214 52 S 56576751 0 8192 - - - RECEIVE
When I allowed TCP port 61214 (Inbound rule) and switched the firewall back on, it worked. I don't know why this port is needed, maybe some here on SO?
Anyway, maybe the firewall log can be of help too.
Struggled through many hours and got the answer
You can do the configuration through this doc
https://learn.microsoft.com/en-us/sql/ssms/scripting/configure-firewall-rules-before-running-the-tsql-debugger?view=sql-server-ver15
(1) 2 settings need to done on the remote server where Sql server is installed
(2) 1 setting at client computer (i.e) our computer
I brought my laptop home from work hoping I could get some tasks done over the weekend. Unfortunately, I couldn't login to SQL Server using Windows Authentication. I've checked the SQL Server Configuration Manager and the instance (MSSQLSERVER) is set to Log On As Local System, which supposedly means that I should be able to login fine using Windows Authentication... or am I missing something here? Note that in the login window, I tried a lot of different combinations and it always keeps telling me that connection failed because the server is not accessible or I'm not authorized to access it.
A little background about how the instance was installed: I installed and configured it myself. I chose the Mixed Authentication mode and gave a password to the default sa user (which isn't working either by the way). The thing I suspect could be the problem is the fact that I installed the SQL SERVER instance when I was logged in as my Domain User at work (DOMAIN\UserName). Now I'm at home and I do not have access to the LAN at the office, so I'm logged in as the {COMPUTERNAME}\Kassem user.
Any thoughts?
A windows account has to be added to SQL Server to have any rights. If you didn't add {COMPUTERNAME}\Kassem, you can't login to SQL Server.
The recovery option here is the SA password, which should always work.
To connect to the default instance, connect to localhost or .. Connecting to .\MSSQLSERVER won't work, even though MSSQLSERVER is the default instance name.
I'm trying to migrate a legacy application we have to Windows Server 2008 x64 and IIS7. It's written in Classic ASP and connects to a SQL Server 2005 database.
However, when the page runs, I receive the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
The connection string I'm using is: Driver=SQL Server; Server=SERVERNAME; Initial Catalog=DBNAME;
I can't see any reason for it to be using the anonymous logon as when it was running on my 32-bit Win2k3 server, it accessed the SQL Server using DOMAINNAME\SERVERNAME$.
I have the following settings.
SQL Server 2005 - running in mixed mode.
IIS7 Application Pool - Allow 32-bit applications set to True.
I've also added the server as a user on the SQL Server.
I've tried a few things now and I'm starting to run out of ideas.
There are some solutions.
use SQL authentication, instead of SSPI. It will work since your database is in mixed mode.
If for any reasons you won't change the authentication.
The NT AUTHORITY\ANONYMOUS LOGON is strange, by the way, just as if the database server and the app servers are not on the same domain. Please check this until proeding further.
1) Create an user in Active Directory
2) Create a application pool on IIS7 and as "Identity" , the user you've created
3) Grant this user the rights and roles you want on the DB
I think I've fixed it. Moving to Win2k8 means that I needed to change the connection string driver to SQL Native Client;.
Set the Anonymous Authentication credentials to be your Application Pool Identity.
(default is Specific User --> IIS User). Then you can use a Trusted Connection in your connection string as it will now use the AppPoolIdentity account.
Well, that failed login attempt is a classic example of code running under the "Local Service" account, rather than (what you had on Win2K3), where it was running under the "Network Service" account. Now you just need to find where that setting is.
For either the OP or future readers, you can:
1) Either use a dedicated service account, as suggested by Johan above, or
2) Use the AppPoolIdentity account and go to "Authentication", then select "Windows Authentication" and enable "ASP .NET Impersonation".
If you still get the same result after #2, you likely have the "double hop" issue cited by Damien - this is where the web server can authenticate you, but it does not allow you to pass those credentials on to the database for security reasons without using Kerberos. You would then need to set the server as "Trusted for Delegation" in AD and set up Kerberos as the authentication provider in IIS. This site helps with that: http://technet.microsoft.com/en-us/library/ee675779.aspx
I just created a new database in "Microsoft SQL Server Management Studio Express" and now I'm in "ColdFusion Administrator" and I'm trying to add my database as a Data Source. How do I do that? I believe the servername is .\SQLEXPRESS but I'm not sure what the default username and password are. I've tried creating a new login through Management Studio with an actual username and password, but those aren't working either. The error I'm getting is:
Connection verification failed for data source: xxx
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The requested instance is either invalid or not running.
The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The requested instance is either invalid or not running.
I can see that the service is running, and I can connect to it through management studio. I've tried following a couple tutorials online, but they don't seem to be working for me. Ideas?
Server name can be any resolvable hostname or domain name, in case of having SQL Server and CF server on same box localhost should work for you.
Also make sure that user you created has access to the particular database and needed operations. Look into the database permissions for this. This check is not required when using master account (often login is sa), but this is not recommended practice because of the security reasons.
Also make sure SQL Server and Windows Authentication mode is checked. I had an issue with permissions as well when I only had Windows Authentication enabled under:
right click on server (localhost) -> security
Then restart SQL Server Services to save changes. After that I was able to connect my ColdFusion datasource to SQL Server.
For testings sake use the same credentials that you are connected with in Management Studio, likely the "sa" user and password. Once you have it working with "sa" then go back into Management Studio and create an application level user for your CF app and then update the data source to use your new user / password.