Login failed for user -NT AUTHORITY\SYSTEM Error 18456 - Severity 14, State 38

August 12, 2018, 10:36 am

≫ Next: Can't find SSL certificate in SQL Server Configuration Manager

Hi,

I am using an VB application that uses SQL server 2014 as its backend

Each user of the application has a login to the SQL server as well.

i didnt have any problem until i enabled ENFORCE PASSWORD POLICY option in the SQL server for my login.

if i enable this option in SQL level, and login teh application ,i am getting the error in number in vb code, Which is unpredictable.

In sql logs the error that gets recorded is Login failed for user -NT AUTHORITY\SYSTEM Error 18456 - Severity 14, State 38

Please assist. Thanks in advance

↧

Can't find SSL certificate in SQL Server Configuration Manager

August 11, 2018, 2:25 pm

≫ Next: Windows 10 laptop joined to Azure AD cannot connect to SQL Server in Azure VM

≪ Previous: Login failed for user -NT AUTHORITY\SYSTEM Error 18456 - Severity 14, State 38

Many people before me has asked themself the same question a gazillion times: After a certificate that seems to comply to Microsoft rules for a SQL certificates has been added to the computer personal store, why isn't it visible in SQL Server Configuration Manager ?

MS SQL cert rules: Encrypting Connections to SQL Server

After having checked each requirement against my certificate template more than a hundred times (and particulary the Key Usage where "key encipherment" is set), I stumbled over another support article at HP

Problems with an SSL Certificate Not Showing up in the Configuration Manager

showing how to dump the actual certificate. And now it started to get interesting. It turned out that KeySpec in my certificate was 0, even if I had "key encipherment" set in myServer 2008 Enterprise template. How come?

According to HP article above
KeySpec = 1 -- AT_KEYEXCHANGE 'signature'

(AT_SIGNATURE) - the certificate can only be used to sign a payload 'exchange'
(AT_KEYEXCHANGE) - the certificate can be used to sign AND/OR encrypt a payload.

Then I found the next article get_KeySpec which lists KeySpec value dependancy of Cryptography Providers, and now it's getting really intreresting. Because here it says that "Microsoft Software Key Storage Provider" always has a KeySpec value of 0 which explains why my template, which was set to support at least Server 2008 Enterprice CA (selected when template was duplicated in CA), generated KeySpec = 0 even if "key encipherment" was set, since templates which has a minimum support of Server 2008 only lists "Microsoft Software Key Storage Provider" and "Microsoft Smart Card Key Storage Provider" under Providers.

So I deleted the certificate from computer personal store, deleted the certificate template, created a new template based on the same base template but set to support at least Server2003 Enterprice CA, but with everything else exactly the same, issued the template in CA, and created a new certificate for the local computer.

And now, BINGO, is the certificate visible in the SQL 2008 R2 Configuration Manager / SQL Server Network Configuration / Protocols for NNN / Properties / Certificate.

So the question is, what needs to be done with a certificate which is set to support minimum Server 2008 Enterprise CA, so that it is accepted by a Server 2008 R2 SQL Server Configuration Manager? It seems quite basic that they should be compatible, but for the moment it seems like they aren't. Is it a bug in the configuration tool, or has someone goofed up in the basic design?

MWebjorn

↧

Windows 10 laptop joined to Azure AD cannot connect to SQL Server in Azure VM

June 20, 2016, 2:51 am

≫ Next: SQL server vulnerability they found that SQL multiple certificate issue .

≪ Previous: Can't find SSL certificate in SQL Server Configuration Manager

I have a question regarding a cloud only setup.

I have looked at some of the Microsoft forums, and all articles written always expect that you have an on-premise Active Directory and need help with joing your Azure AD to that. However, my question is regarding a setup for us as a new Company that wants to be cloud only. This though seems to be rather challenging when it includes SQL Server. So here is the setup:

I have Azure AD enabled and Domain Services is enabled.

I have an Azure VM with Windows Server booted up that have SQL Server 2016 installed. The Azure VM is joined to the Azure AD domain with no problem, endpoints are configured and I can connect to the sql server using SQL Server Authentication from my laptop using the xyz.cloudapp.net server path.

My laptop is running Windows 10 and is joined to Azure AD. So I can login to my laptop using my company email and pw. In SQL Server Management Studio I can see that my user is called AzureAD\User but when trying to connect to the xyz.cloudapp.net I get:

Cannot connect to xyz.cloudapp.net.

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

When using Active Directory Password Authentication where I type in my AzureAD credentials or use Active Directory Integrated Authentication I get:

Cannot connect to xyz.cloudapp.net.

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server, Error: -2146893019)

The certificate chain was issued by an authority that is not trusted

So my question is - is this simply not supported to have a cloud only setup with no on-premise AD where windows 10 laptops joined to the azure AD can be trusted ?

Kind Regards

Christian

↧

SQL server vulnerability they found that SQL multiple certificate issue .

August 14, 2018, 12:34 am

≫ Next: Application Roles does not restore from SQL Server 2012 backup onto SQL Server 2014

≪ Previous: Windows 10 laptop joined to Azure AD cannot connect to SQL Server in Azure VM

Hello Team

Please hep me they are getting some vulnerability while run the test please found the below. we have SQl 2008 on windows server 2008 r2 Sp1 . Please help me to get it resolved.

SQL Database Server	Port	1311	Multiple certificate issue
SQL Database Server	Port	1433	Multiple certificate issue
SQL Database Server	Port	3389	Multiple certificate issue

↧

Application Roles does not restore from SQL Server 2012 backup onto SQL Server 2014

August 14, 2018, 8:16 am

≫ Next: A view named 'types'.

≪ Previous: SQL server vulnerability they found that SQL multiple certificate issue .

Is this a known issue? Where if you have a SQL Server 2012 backup with a SQL Application Roles setup and then restore the backup onto SQL Server 2014 does not restore the SQL Application Roles. So I had to create the database with the SQL Application Roles on to SQL Server 2014 and did a backup and with that it obviously restored the SQL Application Roles when restored onto another SQL Server 2014 instance.

↧

A view named 'types'.

August 15, 2018, 6:17 am

≫ Next: Security Update KB4057113

≪ Previous: Application Roles does not restore from SQL Server 2012 backup onto SQL Server 2014

Hi everyone!

After created server audit and database audit specification to trace SELECT, INSERT, UPDATE, DELETE, EXECUTE on a user database, it audited the following:

class_type_desc object_name operation_desc
----------------------------------- ---------------------------------------- ------------------------------
table tblogmidiag100 insert
table tblogmidiag100 select
table tblogmidiag100 update
table veiculos select
view types select

(5 row(s) affected)

Perhaps, I can't find no view named 'types' on the user database:

GRANT select ON dbo.types TO rftplink;

Msg 15151, Level 16, State 1, Line 1 Cannot find the object 'types', because it does not exist or you do not have permission.

Where did it come from? May someone help me?

I am running...

Microsoft SQL Server 2012 (SP3-CU6-GDR) (KB3194724) - 11.0.6567.0 (X64)
Oct 10 2016 18:45:52
Copyright (c) Microsoft Corporation
Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.2 <X64> (Build 9200: )

Thanks.

Doria

↧

Security Update KB4057113

March 4, 2018, 1:09 pm

≫ Next: Create database for software distribution

≪ Previous: A view named 'types'.

Windows Update is failing to install KB4057113 for SQL Server 2008 R2 with error 84BC7358. I have tried this update several times and have run the installation troubleshooter with no success.

I have upgraded to SQL Server 2012.

Is it possible the files KB4057113 is trying to update are no longer on my system?

Thanks,

Tp,

TomBean

↧

Create database for software distribution

August 15, 2018, 1:35 pm

≫ Next: Ransomware attack to our all Server windows server 2012

≪ Previous: Security Update KB4057113

Hi,

Sorry, maybe this is a silly question.

I am planning to distribute software that needs to create a database in the client in SQL Server Express 2012.

So if the client does not have SQLEXP installed, the software will install it and create the database, but if the client already has SQLEXP, then I would need a sysacount just to create de database (which the software will ask for it)

Now, the thing is, I don't want anybody, (including sa account) to access my database, see the structure and even alter the data

is this is possible?

if not, what could I do to achieve this?

Thanks in advance

G.Waters

↧

Ransomware attack to our all Server windows server 2012

August 16, 2018, 3:41 am

≫ Next: TDE - Unable to copy certificates to another machine

≪ Previous: Create database for software distribution

Our total ORG. down due virus attacked on server all application and server down Please help me to get it resolved.

↧

TDE - Unable to copy certificates to another machine

August 20, 2018, 6:11 am

≫ Next: SQL Server Table Size Maximum Limit & maintenance of Huge Table Size best practices.

≪ Previous: Ransomware attack to our all Server windows server 2012

Hello,

I am hoping this is the right group to post the problem I have. If not, please
let me know which group I should post this to.

I am trying to learn and go through some samples on how to set up TDE. This is
my test environment:

1. Windows Server 2016 VM
2. SQL Server 2017 Developer VM

I have done the following successfully in SQL 2017:

3. Created a "Test" database
4. Ran CREATE MASTER KEY ENCRYPTION
5. Ran CREATE CERTIFICATE
6. Ran CREATE DATABASE ENCRYPTION KEY
7. Ran ALTER DATABASE Test SET ENCRYPTION ON
8. Ran BACKUP CERTIFICATETO FILE WITH PRIVATE KEY
9. BACKUP DATABASE Test

After I ran BACKUP CERTIFICATE, I see the two the files (.cert and .pvk) on the Windows Server 2016 VM to a directory and file names I specified in Step 8. Now I'm trying to restore my Test DB onto another VM machine but I need to copy the two certificate files as well since my Test db is now TDE enabled. The
problem I have is I can't seem to be able to copy these certificate files out of my Windows
Server 2016 VM. I tried to copy to a shared folder; tried to upload to the cloud or even
trying to open these files; I always get some type of errors. I can, however, copy these files
to another directory on the same machine.

How do you copy these certificate and private key files? Is there a security setting in Windows Server 2016
that is preventing me from copying to another media? Can someone help?

Thanks in advance.

↧

SQL Server Table Size Maximum Limit & maintenance of Huge Table Size best practices.

August 19, 2018, 11:26 pm

≫ Next: User doesn't have the permission to alter database microsoft sql server error 5011

≪ Previous: TDE - Unable to copy certificates to another machine

Hi I have 2 questions Reg. the SQL Table

1. What is the maximum Size of the SQL Table in which the DB engine can handle

2. If my sql table is growing more than 50 GB , what are the best practices that i need to adopt / focus specifically on that table to ensure i dont compromise on Performance . [ i am expecting that my table size may grow till 500 GB in next one year ]

i have seen articles that tells me that sql table can accept rows as per the disk size available , but i am not able to catch up the exact size it can handle,

hemadri

↧

User doesn't have the permission to alter database microsoft sql server error 5011

September 27, 2009, 10:32 am

≫ Next: Do I need to re-enable TDE after restoring a TDE enabled database on the target server?

≪ Previous: SQL Server Table Size Maximum Limit & maintenance of Huge Table Size best practices.

I put a database in offline mode but i couldnot make it online again in the sql server 2005. Earlier the problem of not connecting the sql server arises, but somehow solved by changing the default database to master. Now i can connect to the sql server, but this new problem arises. If i have not the permission to alter the database then why it first goes into the offline mode??? Please get me out from this problem....

↧

Do I need to re-enable TDE after restoring a TDE enabled database on the target server?

August 21, 2018, 11:00 am

≫ Next: Restricting access using domain groups

≪ Previous: User doesn't have the permission to alter database microsoft sql server error 5011

I'm new to TDE and wanted to clarify my confusion.

These are the steps/tsql I executed on my source machine:

3. Created a "Test" database
4. Ran CREATE MASTER KEY ENCRYPTION
5. Ran CREATE CERTIFICATE
6. Ran CREATE DATABASE ENCRYPTION KEY
7. Ran ALTER DATABASE Test SET ENCRYPTION ON
8. Ran BACKUP CERTIFICATE TO FILE WITH PRIVATE KEY
9. Ran BACKUP DATABASE Test

After that, I copied backup db and the certificate and private key to the target
machine to perform the restore.I restored my "Test" TDE database successfully.

Here's the confusion I have:

I ran this tsql on the target machine:

SELECT
db_name(database_id) as DatabaseName,
Case
when encryption_state=0 then 'No Database Encryption'
when encryption_state=1 then 'Unencrypted'
when encryption_state=2 then 'Encryption In Progress'
when encryption_state=3 then 'Encrypted'
when encryption_state=4 then 'Key Change In Progress'
when encryption_state=5 then 'Decryption In Progress'
when encryption_state=6 then 'Protection Changes In Progress'
end as EncryptionState,
percent_complete
FROM sys.dm_database_encryption_keys

Only one row returned and it showed "tempdb".

However, If I do this:

right click on my Test db -> Properties -> Options -> scroll down and I saw this

Encryption Enabled = True

So I am seeing conflicting results. When I ran the above tsql, it only showed "tempdb"
but the db properties page says "Encryption Enabled=True".

Is my restored Test TDE db on the target still TDE enabled??

Do I need to run "CREATE DATABASE ENCRYPTION KEY" on the target machine?

↧

Restricting access using domain groups

August 23, 2018, 10:38 am

≫ Next: Connection issues.

≪ Previous: Do I need to re-enable TDE after restoring a TDE enabled database on the target server?

I have the following configuration in a SQL Server 2008 R2 instace:

- Domain group DOM\Group01:
. User DOM\User001 member of this group

- Database GROUP01:
. Domain user DOM\Group01 with db_owner role

- Database MAIN:
. Database user MUSR with db_owner role
. Table dbo.TAB1
. MUSR granted select permision on dbo.TAB1 to group DOM\Group01

The user DOM\User001 can connect to the instance successfully, and he can create tables in database GROUP01 using both his own schema and dbo schema, but he cannot select records from MAIN.dbo.TAB1, instead he gets the following error message:

Msg 916, Level 14, State 1, Line 1
The server principal "DOM\User001" is not able to access the database "MAIN" under the current security context.

What am I missing? Is this an AD issue?

Thanks!!!

↧

Connection issues.

August 23, 2018, 5:49 pm

≫ Next: DB permissions not applied after restore

≪ Previous: Restricting access using domain groups

I am having a lot of problems connecting with an SQL database that I have. I use the code below to connect to the database. When the code is executed I get the error noted below.

        Dim strConnection As String = "Data Source=.\SQLEXPRESS; AttachDbFilename=F:\SiTechMasterBase1.2\DataBase\MasterBase2.0.mdf; Integrated Security=True; Connect Timeout=30; User Instance=True"
        Try
            'Connect to Database
            MasterBaseConnection = New SqlConnection(strConnection)
            MasterBaseConnection.Open()
            'Set Command object
            ChangeRequestCommand = New SqlCommand("Select*from tblChangeMaster", MasterBaseConnection)
            'Set data adapter/data table
            ChangeRequestDataAdapter.SelectCommand = ChangeRequestCommand
            ChangeRequestTable = New DataTable()
            ChangeRequestDataAdapter.Fill(ChangeRequestTable)

gwboolean

↧

DB permissions not applied after restore

August 25, 2018, 11:44 am

≫ Next: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.

≪ Previous: Connection issues.

During migration, On new server the backup was restored which also already has a existing database from old server and after that db roles and permissions are not updated as like from old server db's . What may be the issue here ?

SANTHOSH KUMAR

↧

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.

August 26, 2018, 12:53 am

≫ Next: SQL access question

≪ Previous: DB permissions not applied after restore

I have created my Microsoft SQL Server DataBase and have made a backup of it. Then I uploaded the .bak file to my Windows Host (Which I've bought from 1and1.com) after that when I try to connect to my database in visual studio I get the error mentioned in the title of question.

I searched a lot and nearly all solutions are for windows server but my problem is that I trying to connect to my database which is being hosted on a windows host.

When I want to set Connection Properties of Visual Studio's Entity Data Model Wizard my database's name does not load and after a while I get the error that I mentioned.

↧

SQL access question

August 25, 2018, 7:06 pm

≫ Next: NTML TO kerberos chNGE

≪ Previous: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.

We have SQL 2016 version, what's the best way to audit if somebody gives access to a user. For example, need to get email notification if a user is granted access to a database in a production SQL instance.

e have SQL 2016 version, what's the best to audisomebody gives access to a user. For example,send email notification if a user is granted access to database.

sqldev

↧

NTML TO kerberos chNGE

August 26, 2018, 11:29 am

≫ Next: new login cannot connect to database, is not showing up in Search Window either

≪ Previous: SQL access question

Client want me to change authentication from NTML TO KERBEROS sql side

But basically im from BIztalk end not much knowledge on sql admin side can you guys help to implente the chanhe

↧

new login cannot connect to database, is not showing up in Search Window either

August 26, 2018, 1:41 pm

≫ Next: Always encrypted

≪ Previous: NTML TO kerberos chNGE

I've installed a database from a .bacpac file into SQL Express. The install is successful.

For a Dot Net Nuke (DNN) site I've created a user that should be able to connect to the database. The Login does show up (mdurthaler) and is a dbowner for the visdev Database. To test that the user can log in, a new connection dialog is opened and the credentials are entered. (User is set up for SQL Server Auth) Login fails for the user.

Curious enough, the new user doesn't show up when Search is clicked in the New Login dialog process. Here is a screen shot. Looks like setup of logins has something that got missed -- can't be this difficult. What is a good link that just covers fully how to create a login now via SSMS?

With Windows Auth I can query the DB fully. So I'm logged in with the right creds to make Logins. not sure what's up.

SSMS screen shot

Michael Durthaler

↧

Latest Images