sysadmin credentials lost

January 25, 2019, 8:12 am

≫ Next: SA account locked and password box grayed out for Windows Authenticaiton

≪ Previous: Restrict table access from server user

Hi,

I have a SQL Server (2008 Express) with no sysadmins defined and the SA credentials have been misplaced. I'm following the MS advise to start SQL in single user mode then connecting with a local admin account. No matter what I do though, I always get an error stating that the server is in single user mode and only one Admin can connect at this time. I've tried further restricting connecting by using -m"SQLCMD" as suggested by other but still I get the same error when connecting using SQLCMD. I've also confirmed that SQL Agent isn't running and there are no other SQL Services on this server.

If there a bullet proof method of blocking competing connections or is there any other way around this that anyone can suggest?

Thanks

Paul

↧

SA account locked and password box grayed out for Windows Authenticaiton

January 25, 2019, 1:13 pm

≫ Next: 'Cannot create a file when that file already exists.'

≪ Previous: sysadmin credentials lost

We have SQL Server 2014 Standard acting as our vCenter database engine. It was initially installed with both SA and Windows authentication allowed. After a security scan, the system is now in an odd state that has us locked out. The SA account is locked out and we cannot login with Windows credentials as the account name and password windows are grayed out. It does correctly pickup the user account of the logged in administrator, but we still can't log in as we can't give it a password.

I have seen multiple 'solved' answers to similar questions of restarting the instance in single user mode, however you would still need it to accept Windows credentials to implement the solution, correct? Please bear in mind I am a Windows & Linux system administrator, NOT a DBA, so you may have to be a bit more explicit in the solutions provided.

Thanks for any and all help you can provide.

↧

'Cannot create a file when that file already exists.'

January 26, 2019, 6:54 pm

≫ Next: SA account Locked out

≪ Previous: SA account locked and password box grayed out for Windows Authenticaiton

Hi MSDN, Iam facing the below error for System and User Databases past 3 days(Before that, jobs are running fine).

Compared the same jobs from another server(where jobs are successfully executing with no issues), but nothing is changed wrt to the another server.

Can You help me in resolving this?

↧

SA account Locked out

March 20, 2006, 1:49 am

≫ Next: Azure SQL Login with only one database access

≪ Previous: 'Cannot create a file when that file already exists.'

I have been using SQL2000 for a number of years and the company I work for needs a new system so I decided to install SQL2005.

I installed SQL2005 without any problems and set a complex password for SA. I tried to log on and had to make several atempts as I remmebered the password after the SA account got locked out with the following message:

Login failed for user 'sa' because the account is currently locked out. The system administrator can unlock it. (Microsoft SQL Server, Error: 18486).

The problem I have is I cannot log onto SQL at all as it is not logging on with windows authentication either!

How do I unlock the SA account or do I have to reinstall SQL?

Thanks

Brian

↧

Azure SQL Login with only one database access

January 29, 2019, 11:40 pm

≫ Next: Windows Logon does not work from remote

≪ Previous: SA account Locked out

Hi,

We are using Azure SQL, We have around 10 database in our server, Different users will have access to different database. But unnecessarily we are seeing all other database. I want to see only the database that is required. Either I want them to give/mention database name while logging in or they want to see the only the database that they have access to it. How to achieve this in Azure SQL. I want to do that for existing credentials also.

Default_Database while creating login and Deny view database to Login is not working in Azure SQL.

↧

Windows Logon does not work from remote

January 30, 2019, 2:02 am

≫ Next: SQL Server Patching and SOX compliance

≪ Previous: Azure SQL Login with only one database access

Hello World!

I have an MS SQL Server on Windows Server 2012 R2 which is behind a firewall in out intranet.

When I try to connect to it via SQL Management Studio from my local machine it fails with the message "The target principal name is incorrect. Cannot generate SSPI context.". I try to login with windows user authentication. When i use a user with sql authentification i get acces to the server.

All other user which want to connect to the sql server with windows authentication get the same error message.

But when I access the machine via Windows RDP (with windows authentication) and start the SQL Management Studio on the remote Desktop i can acces the sql server with windows and sql authentification.

Last week all connections were working, but I don't know if anything hase changed since then, because there are many people in our company who can change so much in out intranet.

Can anybody give me a clue what is going on there?

If you need more information please ask and I will provide them.

Regards Mark

↧

SQL Server Patching and SOX compliance

January 30, 2019, 1:30 pm

≫ Next: SQL User account

≪ Previous: Windows Logon does not work from remote

Hi Guys,

I need some suggestions on how others do patching on SQL Server to comply with SOX.

Our process is, if microsoft releases a security update, we review the risk and patch them as soon as possible. We do not patch CU/Service packs. This has been fine for a few years. But this years auditors are asking why we havent patched the CU?

My question is, does that even apply to sox as CU's are bugfixes and functionality improvements?

Cheers

↧

SQL User account

January 30, 2019, 1:42 pm

≫ Next: Audt all activities done by a login account

≪ Previous: SQL Server Patching and SOX compliance

Hi Team,

All our application are connected to DB using SQL Login. example sqluser1

Is it possible to tell SQL server that only accept connection if it comes from these specific servers?

One of my friend told me it is possible from Oracle. But i don't know from SQL Side.

↧

Audt all activities done by a login account

January 30, 2019, 11:02 pm

≫ Next: Running a SSIS package without a proxy

≪ Previous: SQL User account

I need to audit all activities on my production sql server done by a login account. I know server side trace can do it, but I heard that SQL Audit is more lightweight. How can I do it by using SQL Audit? There are quite a lot of audit action types on Server Audit Specification and Database Audit Specification, but what I want is a way to choose all actions done by a specified login account. Do anybody knows a better way to do it?

↧

Running a SSIS package without a proxy

January 31, 2019, 1:46 pm

≫ Next: Understanding SQL Server version number 2008R2

≪ Previous: Audt all activities done by a login account

Hi,

In the past we use a Proxy to run a SSIS package from SQL jobs when the owner of the job is not sysadmin, is this still the case with SQL 2014 and + version ? is there any way to run a SSIS package without creating a Proxy ?

Best regards

↧

Understanding SQL Server version number 2008R2

January 31, 2019, 6:40 pm

≫ Next: I want to know from which Host(client IP address) the database was restored?

≪ Previous: Running a SSIS package without a proxy

Hi Guys,

I am trying to understand how they use sql server version numbers(eg 10.50.6220), especially when it comes to security update.

https://sqlserverbuilds.blogspot.com/

So I am looking at the above site and looking at MS15-058 for sql 2008 R2, I see for 2008 R2 there are 4 entries, 10.50.4042.0, 10.50.4339.0, 10.50.6220.0 and 10.50.6529.0.

Questions

1) Assuming I am on SP3, which patch do I apply, 10.50.6220.0 or 10.50.6529.0? what decides if I should apply GDR vs QFE?

2) I am guessing we have 10.50.4339.0 and 10.50.4042.0 are for people not on SP3 to still get this patch?

cheers

↧

I want to know from which Host(client IP address) the database was restored?

January 31, 2019, 5:49 am

≫ Next: Object IDs listed in sys.database_permissions but not in sys.all_objects

≪ Previous: Understanding SQL Server version number 2008R2

Today one of the employees restored the db. I want to know who restored db.

using the below query I can fetch the time, However I;m not able to get the host or IP address, can you suggest?

select * from msdb.dbo.restorehistory where destination_database_name='Dev' order by restore_date desc

↧

Object IDs listed in sys.database_permissions but not in sys.all_objects

January 31, 2019, 6:44 am

≫ Next: Need Help with Views

≪ Previous: I want to know from which Host(client IP address) the database was restored?

On SQL Server 2017, sys.database_permissions is showing SELECT access on several objects that do not appear in sys.all_objects. I run the query as a user in the db_owner role. Is this normal? What are these objects?

SELECT class, class_desc, major_id, minor_id, type, permission_name, state, state_desc
FROM sys.database_permissions
WHERE class_desc = 'OBJECT_OR_COLUMN'
AND major_id NOT IN (SELECT all_objects.object_id FROM sys.all_objects);

class	class_desc	major_id	type	permission_name	state	state_desc
1	OBJECT_OR_COLUMN	-593	SL	SELECT	G	GRANT
1	OBJECT_OR_COLUMN	-592	SL	SELECT	G	GRANT
1	OBJECT_OR_COLUMN	-591	SL	SELECT	G	GRANT
1	OBJECT_OR_COLUMN	-590	SL	SELECT	G	GRANT
1	OBJECT_OR_COLUMN	-566	SL	SELECT	G	GRANT
1	OBJECT_OR_COLUMN	-565	SL	SELECT	G	GRANT
1	OBJECT_OR_COLUMN	-559	SL	SELECT	G	GRANT

↧

Need Help with Views

February 1, 2019, 10:00 pm

≫ Next: How to retrieve sql server password?

≪ Previous: Object IDs listed in sys.database_permissions but not in sys.all_objects

I need help with this situation. Can You please help.

SQL Server 2014 enterprise edition 64 bit

Windows server 2012 R2 Standard Edition 64 Bit

Database A TableA

Create Table TableA
(
[ColA] Varchar(10) NOT NULL,
[ColB] [datetime] NOT NULL,
[ColC] [datetime] NOT NULL,
[ColD] [datetime] NOT NULL,
[ColE] [datetime] NOT NULL,
[ColF] [datetime] NOT NULL
) ON [PRIMARY]

Database B ViewA

Is there a way to create ViewA in Database B based on Table A in Database A.

I dont want to use Cross-Database Ownership Chaining for this.

The UserA in Database B should be running the views in database B only. The userA in Database B should not have access to tables in Database A

Query;

Use DatabaseB
GO

Select * from dbo.vwTableA

Error Message:

Msg 916, Level 14, State 1, Line 4

The server principal UserA is not able to access the database "DatabaseA" under the currrent security context

↧

How to retrieve sql server password?

February 4, 2019, 10:34 am

≫ Next: Login Failed Error Strangely

≪ Previous: Need Help with Views

What are some ways to retrieve a specific SQL Server database user password?

↧

Login Failed Error Strangely

February 5, 2019, 12:03 am

≫ Next: Group Access instead of Individual access

≪ Previous: How to retrieve sql server password?

Hi All,

this is a strange issue.

i'm using SQL server 2012 with SP3.

i've created a login and gave DB owner previlleges. however, when i connect with the same user, i'm unable to use select statements on views, but able to read tables.

i'm getting the error as

Msg 18456, Level 14, State 1, Line 1

anything changed in SQL server 2012?

Cheers, Vinod Mallolu

↧

Group Access instead of Individual access

February 4, 2019, 12:29 pm

≫ Next: Steps to remove TDE on Alwayson

≪ Previous: Login Failed Error Strangely

I created a group and the group is dbo on a database.

I am a member of that group

Using ODBC and windows authentication, I get ErroR: 18470 - Login Failed. Reason Account is disabled.

So, it is true I have a disabled domain account because I want to test if by being a member of a group, I can by pass the creating of individual accounts.

The objective is to have the sysadmins manage the group's membership so that all members of that group have access, instead of the dba.

Thanks

GADOI

↧

Steps to remove TDE on Alwayson

July 5, 2016, 5:00 am

≫ Next: Strange behavior after installing PowerLine adapter

≪ Previous: Group Access instead of Individual access

Hello All,

i am trying to remove TDE on Alwayson however, i am getting below error on primary replica.

Use dbname

DROP DATABASE ENCRYPTION KEY

Msg 33123, Level 16, State 1, Line 214

Cannot drop or alter the database encryption key since it is currently in use on a mirror or secondary availability replica. Retry the command after all the previous reencryption scans have propagated to the mirror or secondary availability replicas or after availability relationship has been disabled.

is there any specific way to disable TDE on alwayson.

↧

Strange behavior after installing PowerLine adapter

February 9, 2019, 9:57 am

≫ Next: Error trying to update SP4 SQL Server 2012.

≪ Previous: Steps to remove TDE on Alwayson

After installing a PowerLine adapter, the network connection from one server housing SQL Server (using SSMS) to another server (housing SQL Server) fails. The SQL server instances in question are not using hidden features (SQL Config mgr = protocols, hidden instance) so the need to call them using the server name followed by comma followed by port number did not cross my mind (<servername.,<port>). Oddly, I even tried that and it still didn't connect.

I just set the port for the unreadchable sql server to be the same port as the one on the local box and it works. Connecting from the unreachable instance on its local to the one with the issue was never a problem. It was a one-way only situation.

My question is about the firewall settings. On both machines, I went the simplest route and enabled the sqlservr.exe (application) to have a firewall exception. None of this was a problem until I connected the upstairs to the downstairs with a PowerLine adapter (in caps - it may be a bug in the company's product but I wish not to imply it is a device problem until there is more certainty).

I should mention that the downstairs connects from a modem to a router, to a managed switch (unmanaged at this time). The Powerline is connected to the downstairs switch. There is a second managed switch (currently unmanaged) that connects to the powerline. Coming off there is a the connection to the sql server. Additionally, there is a second router which business computers connect to over a different NAT'd IP. I don't think any of this latter information is pertinent but I include because with the PowerLine, the managed switches, and the additional router, and my experience as a layer 6 developer/dba and not as a layer 2/3 system administrator has me wondering where the problem actually lies.

I would bet on the firewall. But clearly I am out of my league. And relieved to finally, mysteriously, have it working again. All the machines are Windows 10 v.1809, or Windows 2016 (whatever the last update was).

R, J

↧

Error trying to update SP4 SQL Server 2012.

February 11, 2019, 4:39 am

≫ Next: Disabled Indexes

≪ Previous: Strange behavior after installing PowerLine adapter

Hi everybody!

I am trying to update SP4 on SQL Server but I am getting the following error:

SQL Server 2012 on Portuguese (Brazil) language and SO Windows Server 2012 on English. I downloaded the Portuguese (Brazil) version of SP4 from https://www.microsoft.com/en-us/download/details.aspx?id=56040.

Thanks.

Doria

↧

Latest Images