I have several sites hosted on the same App Service Plan - an S1 instance. All are using the same set out Outbound IPs. I have a SQL server VM where all the databases live. I have a network security group with an inbound rule for the S1's outbound IPs.
All my other sites work perfectly and have access to the SQL VM and their respective databases.
The site in question works perfectly when hosted from my local dev machine, WITH the production database.
Yet I get an Access Denied error: "SqlException: A network-related or instance-specific error occurred...] when I promote it to production on Azure.
All the usual suspects (firewall, user doesn't exist, etc.) can be ruled out because ALL my other sites are using the same database server, credentials, and the only change in the connection string is the Initial Catalog. They are all on the same App Server and all have the same outbound IP so if one was getting blocked the others would be also. If it were a user problem, it wouldn't work when hosted locally.
The only difference between this and my other web apps is that this one is Blazor, built on .Net 6. The others are on .Net Core 3.1 (LTS). I don't think that has any bearing since the application in question, when hosted locally works with the production connection string. This IS the first time I've published a Blazor app and .Net 6 app, so...
I'm sure I'm missing something silly, but I can't figure out why this one site would act differently than the rest.
Could someone please offer up another avenue for me to pursue? Or, a way to get a more verbose error message from the failed connection? Anything to further my troubleshooting?
For anyone reading this, I found my issue and it's unique to my project.
The truth, I separated the DAL from the presentation of the site. In the end, I was editing the wrong appsettings.json file. For three hours. Face-palm
My apologies if I wasted anyone's time.
Related
I have just finished the development of my application on asp.net mvc connected with SQL server, and I will love to deploy it. I want to use Azure App service, but I got an error "Unable to connect to master or target server 'DATABASE_NAME'. You must have a user with the same password in master or target server 'DATABASE_NAME'". I have tried every thing I found online like modifying the SSDT, but nothing changed.
Please is there any recommendation to fix this issue? If not, Please what are other ways for me to launch the application. The application will be used internally for Sales purpose and I don't need any fancy hosting. Thank you in advance.
Did you setup the sql azure firewall to accept connections from your computer?
Even if you set it up once, it is possible that your internet provider attributed a different IP address to your computer. So you must redo your firewall set up again for your computer to be accepted.
It is important to know that only sql logins/passwords are accepted here. So you must give the login/password of the admin user that you mentioned at the moment of creation of you sql server azure (there is a step that sets it up when you create your azure database), or the login/password of a user you created and granted in this database.
I am using JDBC to create a connection to an MS SQL Server Database. The same code and connection string works fine on a number of platforms and in particular in my spring MVC Web Application.
After deploying the web application to a remote tomcat hosting service, everything appears to work fine in the code except that the database connection times out.
"com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host <IP Address>, port 1433 has failed. Error: "connect timed out. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall."
The hosting company says I must provide the exact steps to recreate the problem which may not be ideal. The only thing I can think of is to write another cut down application that connects to a different db with different credentials and test that in dev and deploy and then email them the war so they can deploy it and test it in their own environment.
Does anyone know of reasons why this might happen with a hosting service, like blocking the database response for some reason? Or is this very unlikely and should I assume that I am doing something wrong and persevere in understanding what might be different between my dev app and deployed app that could cause this timeout. Not that I can think of anything.
I don't want to take all that time if there is a common reason why this might happen that someone could point me to.
Thank you.
I had 2 GAE apps running wordpress and connecting to a single cloud SQL instance.
As of just a few minutes ago I'm guessing both apps can not longer connect.
My IP address is whitelisted and I'm able to connect to the SQL instance without an issue, it's just the App Engine instances that are having issues.
The error is the standard WordPress error "Error establishing a database connection"
We have not changed anything, maybe someone from Google can chime in?
So far I've tried rebooting the Cloud SQL instance which did not resolve the issue.
I resolved the problem. The issue was that the MySQL user has to have a 'wp_user'#'localhost' account. You can't just have a 'wp_user'#'%' which seems odd because % is a wildcard so you'd think it would match everything. But somehow with the way GAE authenticates with Cloud SQL it needs to have the localhost user.
And because of the caching configuration the cause of this issue must be a change I made with the MySQL users a number of days ago. And the error only surfaced today. Gotta love caching.
I have a situation where clients connecting to my webservice(that exists on another server) must access SQL Server databases and SSAS servers.
It must use the credentials of the client that is calling the service when accessing the SQL Servers and SSAS cubes.
For this to work I do
var winId = HttpContext.Current.User.Identity as WindowsIdentity;
var ctx = winId.Impersonate();
//Access Database/SSAS
ctx.Undo();
in my service which works fine when accessing SQL Server databases.
However when I access the SSAS servers I get
"The connection either timed out or was lost"
There are a number of posts like
http://denglishbi.wordpress.com/2009/03/31/windows-server-2008-kerberos-bug-%E2%80%93-transport-connection-issues-with-ssas-data/
http://sqlblogcasts.com/blogs/drjohn/archive/2009/03/28/kerberos-kills-large-mdx-queries-on-windows-server-2008-ssas.aspx
on this but I am using Windows Server 2008 R2
where my service lives so this should not be a problem as this bug should have been fixed by Microsoft.
Any information as to how to best diagnose this problem would be appreciated.
To clarify the SSAS servers do have SPNs. This was actually working at one point but has now stopped. Appears no sign of duplicate SPNs or anything.
What is interesting is it works intermittently on one SSAS server but seems to work all the time for the other.
They both have named SPNs as mentioned by this document
https://support.pyramidanalytics.com/entries/22056243-Configuring-Kerberos-Delegation-for-Named-Instances-of-SSAS-with-Active-Directory-and-additional-pro
My production environment is a load-balanced (and under heavy load) on a very large corporate Active Directory network. The following took a lot of testing to finally nail down settings that work.
I also run on Windows 2008 Server R2
My web services are in ASP.NET in IIS. For authentication I enabled "Windows Auth" and "ASP.NET Impersonation". Kernel mode is disabled and provider is "Negotiate:Kerboros"
SPNS and Trusted Delegation are setup for an AD account. My AD account looks like sys_myservice (sys_ is just a naming convention at my company)
The Application Pool identity is set to use the sys_myservice
After you make all these changes in your dev env, restart the entire server. For some odd reason this is always necessary when we bring on new servers and configure them.
With this setup my web services access SSAS, SQL Server, and more that use Windows Kerboros auth and all queries are performed correctly under the user's credentials.
The difference in my setup from yours is ASP.NET Impersonation is enabled at the IIS level. I had trouble doing the impersonation in code which is what you are trying to do. If you get code-level impersonation to work with your workflow I would be really interested in seeing you post an update.
Forgot to mention. My services are in a MVC application, I apply a global filter to all Action methods to force the application to authenticate all connections.
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
}
and in my web.config system.web section
<authentication mode="Windows" />
<identity impersonate="true" />
I agree that the intermittently 'successful' SSAS instance is suspicious. I wonder if it's really using Kerberos all the time. Could be using a combination of negotiate/NTLM and Kerberos, with one auth method actually working and the other approaching failing. Might be worth another look at the SPN. This link might help: http://msdn.microsoft.com/en-us/library/dn194200.aspx
Did you try using Wireshark or any other Network Analysis tools to see anything red happening at that point of failure? Probably its better if you provide more troubleshooting observations from your end.
Also, does your web services has a Load balancer?
Regards,
Sasi.
I'm at my wits end. I built a silverlight business application using the template and I tried and played around with the login functionality in the IIS express. Everything works perfect, but when I moved the application to the IIS server, the login suddenly giving me this error.
I have given the remote access to sql server,
I tried to give access even ceremoniously given IISAPPPOOLS\ account ownership access, yet I still have this problem.
Oh yeah, I have not give database restriction yet to the application, but the other data is showing up real well. except for the login information.
The issue appears to be a Network issue it unable to locate the server that is running SQL server i would check the connection string and include the fully qualified address of the server running SQL server