I am trying to figure out how I should create SSL Certificates for a 2 node failover cluster. This is not using SQL Always on. I am trying to determine if I create one certificate per node like you do with SQL Always On or if I need to request a single certificate that uses the ClusterName as the primary subject or DNS Name. I know there is the subject alternative where you can list each node individually withint he cluster but if I use the cluster name it does not show up within the SQL Configuration Manager. I have tried this on both SQL 2016 and SQL 2019. Any help here would be greatly appreciated.
I have tried created a single certificate but it does not show up in the sql configuration manager. I have created a certificate for each node and I am able to successfully apply each of these certificates on the specific node but then when I try to use an encrypted connection it fails. I know in SQL Always On you request a separate certificate per node but does not seem to work the same with just straignt failover cluster.
Related
I'm trying to store connection string of SQL Server in Azure keyvault and use the same secret in linked service of Azure datafactory.
I'm trying to specify the name of the Azure Key Vault secret that stores the destined Azure SQL Database linked service's connection string
Server=tcp:<servername>.database.windows.net,3342;Database=<databasename>;User ID=<username>#<servername>;Password=<password>;Trusted_Connection=False;Encrypt=True;Connection Timeout=30
But I am facing the below error:
Cannot connect to SQL Database: 'tcp:xxxx.database.windows.net,3342', Database: 'databasename', User: 'username#servername'. Check the linked service configuration is correct, and make sure the SQL Database firewall allows the integration runtime to access. Login failed for user 'username#servername'., SqlErrorNumber=18456,Class=14,State=1, Activity ID: 20aa7503-3b71-4539-a658-a2b5be87278f.
How can I create and use a connection string in ADF linked service using AKV?
It seems to be an issue with SQL server firewall blocking Azure Integration Runtime IP address. Please go to the SQL server in Portal - > Firewalls and virtual networks option under Security and enable Allow Azure Services and resources to access this server.
To know the IP address that needs to be add in the Firewall Rules, just run any SQL query in the database and the error message will occur asking to whitelist the IP. Either click on that error message or add the IP manually in the Rule name under Firewall.
Apart from that you need to add the database connection string in the Key Vault Secret Value and then add the secret name in the ADF SQL database linked service and check the connection(add database password in the connection string before pasting in Secret's Value). Give the read rights (GET and List) to the secret in the access policies.
Create a ADF Linked Service of the Key Vault you have created previously and check the connection.
Using that Key Vault Linked Service, create the SQL Database linked service and check for connection.
Refer to the link for step-by-step implementation to connect the SQL Database in ADF using Azure Key Vault.
I set up my first FCI in Azure. Everything seems to be working except i can only connect to the SQL server when i specify the port number. This doesn't happen with my non clustered instances.
SQLCLuster01\SQL01,1433
I want to drop the 1433 to make it easier for the reps to access SQL. I cant figure out why the cluster needs it. Is it a setting in SQL or is this just how the cluster needs to operate?
[Solved] I found out its because Azure requires a load balancer so Azure itself knows about what ports the cluster is looking for. You need to specify 1433 for the load balancer, you cannot use a cluster in Azure as yet because the ILB doesnt support RPC
We use a Microsoft Access database with linked tables to an SQL Server, and are working on encrypting data as it moves across the network. I have installed a certificate on a SQL Server (2014) that has been issued from a domain certificate server, and that is working fine except the links won't work now. I haven't been able to find anything on how I may be able to get the linked tables working.
I'll try to be as clear and concise as possible. I really hope someone can help me I have wasted a lot of time with this because I am not into infrastructure stuff.
Goal: Configure AlwaysOn with two SQL Server instances, connect to the database through an Availability Group Listener.
Error:
Current config:
I have two separate VMs managed with Hyper-V, in the same server.
Both are in the same subnet.
Both have Windows 2012 R2 and SQL Server 2014 SP2 installed.
The feature for failover clusters is enabled in both servers.
I have created a cluster with the two nodes and one cluster network.
I have created an Availability Group in SQL Server
I have added both SQL Server Instances to the Availability Group
The same domain user is an admin in both VMs.
Firewall has been disabled in both VMs.
...but when I try to add the Availability Group Listener I get the SQL Server error 19458.
What I tried:
I have seen that many people talk about having the same Collation in both servers: SQL_Latin1_General_CP1_CI_AS
Availability Group Listener - Targeting Incorrect Node
The secondary node had been setup with a different collation. So, I uninstalled the instance and installed it again with the correct collation. I reconfigured the nodes and the availability replicas and I still keep getting the same error.
Then I tried with the Static IP option, but I get a different error:
I also read somewhere that it might work if I create the listener before the secondary replica. I did that but then the secondary replica can't be added because of the same error.
It doesn't work by granting the Object Creation permission in AD as stated here Failed to create Availability Group Listener
Maybe useful: The synchronization works as expected between the two VMs.
Thank you very much.
To create the AG Listener before configure it via SSMS we ask to the network team to create a DNS name linked to a static IP then we use it to create the AG Listener (don't forget to specify Static IP when creating AG Listener)
I have a SQL Server 2012 Standard hosted on a WIN 2008 R2 DataCenter 64 bit. I have a requirement to set the Force Encryption on the SQL Server to Yes, which is easy to do.
What I am needing help with is for the DoD Certificate requirement, where do I get the DoD Certificate from? and Do I just install it on the server where SQL Server resides?
I found this link , I wonder if I can use this:
http://dodpki.c3pki.chamb.disa.mil/rootca.html
Your hyperlink is not publicly available, however, since the name on the file is rootca.html it may contain information about how to get a root CA Certificate provisioned. When you use SQL Server Configuration Manager to set force encryption to true, you must either configure a certificate to use or the server will used a self signed certificate. The security concern with only setting this option and using a self signed certificate is that it leaves your server vulnerable to a man in the middle attack. The requirements for creating the certificate to be used for encrypting connections are on MSDN. I would recommend at least using a domain certificate generated by the domain certificate authority. You probably need to adhere to standards if this is for the DOD. Once the certificate and related private key are generated, they need to be added to the certificate store of the service account running the SQL Server database engine. After that, it can be selected for use in the configuration manager in the same dialog box as the force encryption option under a different tab. Once this is configured and the service is restarted, you can verify that the connections are encrypted by using the sql statement below:
select * from sys.dm_exec_connections