I am attempting to connect to a Microsoft SQL Server database on a corporate network that is limited to Windows Authentication. I have configured Kerberos and Kerberos does successfully issue a ticket and I can verify that the ticket is valid in Ticket Viewer. But when I attempt to connect in Azure Data Studio, and select "Windows Authentication", I am given the message "Connection Failed due to Kerberos Error".
My krb5.conf is located at ~/etc/krb5.conf and I have followed configuration instructions here.
On a Windows machine connected to the network, when I run setspn -L DATABASENAME I show:
Registered ServicePrincipalNames for CN=DATABASENAME,OU=Servers,OU=Data Center,DC=companyname,DC=com:
MSServerClusterMgmtAPI/DATABASENAME
MSServerClusterMgmtAPI/DATABASENAME.companyname.com
WSMAN/DATABASENAME
WSMAN/DATABASENAME.companyname.com
TERMSRV/DATABASENAME
TERMSRV/DATABASENAME.companyname.com
RestrictedKrbHost/DATABASENAME
HOST/DATABASENAME
RestrictedKrbHost/DATABASENAME.companyname.com
HOST/DATABASENAME.companyname.com
When I run nslookup -type=srv _kerberos._tcp.companyname.com I show:
Server: UnKnown
Address: xx.x.x.163
Non-authoritative answer:
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname01.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname02.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname03.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname04.companyname.com
dcname01.comapnyname.com internet address = xx.x.x.47
dcname02.companyname.com internet address = xx.x.x.8
dcname03.companyname.com internet address = xx.xx.x.11
dcname04.companyname.com internet address = xx.xx.x.10
The way I have my krb5.conf file configured is:
[libdefaults]
default_realm = COMPANYNAME.COM
[realms]
COMPANYNAME.COM = {
kdc = dcname01.companyname.com
kdc = dcname02.companyname.com
kdc = dcname03.companyname.com
kdc = dcname04.companyname.com
}
I have tried many different configurations for krb5.conf involving inclusion and omission of different k/v pairs in different formats but nothing I have tried has worked. I have also attempted to reinstall krb5 via homebrew.
I am using an Intel Mac on macOS 12.3.1.
What would be causing Azure Data Studio to not acknowledge my Kerberos Ticket?
you need to add in host file server ip address and server full name (with domain for exmaple "sqlserver.yourdomain.com")
Related
Following the Azure VM cluster tutorial provided by Microsoft (https://learn.microsoft.com/en-us/azure/developer/terraform/create-vm-cluster-with-infrastructure),
I have a resource group created in Azure.
Under the Resource group, I have created VN, subnets, etc.
Now, I have two VMs created in the resources group. Both of them have a LoadBalancer on top. I have added NAT rule to LB to connect to individual instance, while they both share the same frontend IP.
I have created a new resource Azure MSSQL server, in the Firewall rule of the SQL server, added the public ip of the LB to the Azure Server
I have now logged in to the individual VMs, and tried to access the SQL server from the VM, but I am unable to connect to it.
I tried normal ping <hostname>
it fails 133 packets transmitted, 0 received, 100% packet loss, time 295ms
Then I try telnet from IP address (ip address was received from ping )
and I get
Trying <ip_address>...
Connected to <ip_address>.
Escape character is '^]'.
When I try to connect using an application, I get this error
com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset ClientConnectionId:8b2f0e3b
-fda0-41af-b8dc-ce80d0760b82
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.jav
a:3806) ~[mssql-jdbc-11.2.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.TDSChannel.read(IOBuffer.java:2109) ~[mssql-jdbc-11.2
.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.prelogin(SQLServerConnection.java
:3517) ~[mssql-jdbc-11.2.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection
.java:3325) ~[mssql-jdbc-11.2.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:29
50) ~[mssql-jdbc-11.2.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnecti
on.java:2790) ~[mssql-jdbc-11.2.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:
1663) ~[mssql-jdbc-11.2.0.jre8.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1064) ~[
mssql-jdbc-11.2.0.jre8.jar:?]
at jet.server.db.core.ConnectorManager$ConnectionPool.£(ConnectorManager.java:712) ~[
JRESServlets.jar:?]
at jet.server.db.core.ConnectorManager$ConnectionPool.connect(ConnectorManager.java:4
32) ~[JRESServlets.jar:?]
at jet.server.db.core.ConnectorManager$ConnectionPool.getConnection(ConnectorManager.
java:504) ~[JRESServlets.jar:?]
at jet.server.db.core.ConnectorManager$ConnectionPool.getConnection(ConnectorManager.
java:487) ~[JRESServlets.jar:?]
at jet.server.db.core.DatabaseImpl.open(DatabaseImpl.java:839) ~[JRESServlets.jar:?]
at jet.server.db.core.GlobalDataService.<init>(GlobalDataService.java:103) ~[JRESServ
lets.jar:?]
at jet.server.db.core.GlobalDataService.init(GlobalDataService.java:37) ~[JRESServlet
s.jar:?]
at jet.server.ServerEnv.K(ServerEnv.java:2322) ~[JRESServlets.jar:?]
How do I make this work?
Azure SQL is only available through TCP port 1433. Check whether firewall is allowed outgoing TCP communication on port 1433.
You can check the connection by using below command:
Test-NetConnection -Port 1433 -ComputerName ServerName.database.windows.net
To resolve the error, make sure to open firewall in the path from Server like Windows Firewall, Corporate Firewall or Azure NSG (Network security group to allow access.
In the Azure SQL Server, select Networking and enable the below option:
Connect to the Azure Virtual Machine and restart SQL Server like below:
Reference:
IP firewall rules - Azure SQL Database | Microsoft Learn
I designed a python script that does something and then writes to a Azure SQL server. Originally, I wrote the script on a windows machine and everything works great. Now I want to deploy the script on raspberry pis in the field. Where i'm having the hiccup is trying to get the pi to write to the SQL server. I am using FreeTDS as my driver for pyodbc, and my .ini files and the config file are as show below:
odbcinst.ini
Description = FreeTDS Driver
Driver=/usr/lib/arm-linux-gnueabihf/odbc/libtdsodbc.so
Setup=/usr/lib/arm-linux-gnueabihf/odbc/libtdsS.so
fileusage=1
dontdlclose=1
usagecount=1
odbc.ini
Driver = FreeTDS
Description = Azure cloud SQL server
Trace = no
ServerName = azure
database = main
TDS_Version = 7.0
freetds.conf
[azure]
host = ************.database.windows.net
port = 1433
tds version = 7.0
instance = MSSQLSERVER
python method
def writeData():
server = '***************.database.windows.net'
database = 'main'
username = '****'
password = '************'
driver = '{FreeTDS}'
with pyodbc.connect(
'DRIVER=' + driver + ';SERVER=' + server + ';PORT=1433;DATABASE=' + database + ';UID=' + username + ';PWD=' + password) as conn:
with conn.cursor() as cursor:
cursor.execute(
"UPDATE dbo.server_ips SET ip_address = ?, port = ?, DateTime= ? WHERE server = 1;", (external_ip, port, datetime.now()))
pyodbc.OperationalError: ('08001', '[08001] [FreeTDS][SQL Server]Unable to connect to data source (0) (SQLDriverConnect)')
I'm not sure what I'm doing wrong, and I have tried searching for answers but have come up empty so far.
Turns out that writing to an azure sql server is not supported on ARM yet. I'm sure it will be soon considering windows 11 works on ARM processors.
I want to retrieve the data from a MS SQL database (not hosted on Azure) to Microsoft Azure Databricks notebook.
Here are the steps of what I have done:
go on the portal of azure and create a resource groups
create Azure Databricks Service (but I do NOT use the 'Deploy Azure Databricks workspace in your own Virtual Network (VNet)' option → maybe I should...)
once Azure Databricks Service is ready, I launch it and create a cluster without specific configuration
then I create a notebook (running on the previous cluster) with this script
msSqlServer = "jdbc:sqlserver://xxx.xxx.xxx.xxx:1433;ApplicationIntent=readonly;databaseName=" + msSqlDatabase
query = """(select * from mytable)foo"""
df = (
spark.read.format("jdbc")
.option("url", msSqlServer)
.option("dbtable", query)
.option("user", msSqlUser)
.option("password", msSqlPassword)
.load()
)
and I get this error:
com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host xxx.xxx.xxx.xxx, port 1433 has failed. Error: "connect timed out. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
Before asking on StackoverFlow, I have contacted my company network and DBA teams. The DBA said the connection is okay but then disconnects immediatly"
For your information, I have followed this tutorial https://learn.microsoft.com/en-us/azure/databricks/data/data-sources/sql-databases
Maybe there is something to configure, but I am not in networking at all (I am just a little data scientist who wants to play with notebook on azure databricks and access his company databases). For example how can I Make sure that TCP connections to the port are not blocked by a firewall ?
If you have some idea or you have already met this issue, feel free to share. :)
If you need more information, please tell me.
If you have already configured your Azure SQL database to listen on TCP/IP traffic on port 1433 then it could be any of following three reasons:
JDBC connection string in correct.
Firewall is blocking the incoming connection.
Azure SQL database is not running.
From Azure Portal get the Azure SQL Database JDBC connection string.
SQL Databases using JDBC using Python:
jdbcHostname = "chepra.database.windows.net"
jdbcDatabase = "chepra"
jdbcPort = "1433"
username = "chepra"
password = "XXXXXXXXXX"
jdbcUrl = "jdbc:sqlserver://{0}:{1};database={2}".format(jdbcHostname, jdbcPort, jdbcDatabase)
connectionProperties = {
"user" : username,
"password" : password,
"driver" : "com.microsoft.sqlserver.jdbc.SQLServerDriver"
}
pushdown_query = "(Select * from customers where CustomerID = 2) CustomerID"
df = spark.read.jdbc(url=jdbcUrl, table=pushdown_query, properties=connectionProperties)
display(df)
SQL Databases using JDBC using Scala:
val jdbcHostname = "chepra.database.windows.net"
val jdbcPort = 1433
val jdbcDatabase = "chepra"
// Create the JDBC URL without passing in the user and password parameters.
val jdbcUrl = s"jdbc:sqlserver://${jdbcHostname}:${jdbcPort};database=${jdbcDatabase}"
// Create a Properties() object to hold the parameters.
import java.util.Properties
val connectionProperties = new Properties()
connectionProperties.put("user", s"chepra")
connectionProperties.put("password", s"XXXXXXXXXX")
val employees_table = spark.read.jdbc(jdbcUrl, "customers", connectionProperties)
employees_table.show()
I'm trying to connect to a SQL Server 2017 database on Google Cloud SQL through Google Apps Script using Jdbc.getCloudSqlConnection. I can connect successfully to the database using SQL Server Management Studio.
Connection to this instance is configured for Public IP without requiring SSL
I have whitelisted IP addresses as instructed in this article
Relevant connection code from Apps Script function is listed below
7 var connectionName = '<instance connection name>';
8 var user = '<user>';
9 var userPwd = '<password>';
10 var db = '<database name>';
11
12 function readFromTable_getCloudSqlConnection() {
13
14 var dbUrl = 'jdbc:google:mysql://' + connectionName + '/' + db;
15 var conn = Jdbc.getCloudSqlConnection(dbUrl, user, userPwd);
16
17 var start = new Date();
18 var stmt = conn.createStatement();
19 stmt.setMaxRows(1000);
20 var results = stmt.executeQuery('SELECT * FROM peeps');
Error in the Apps Script logs is:
Exception: Failed to establish a database connection. Check connection string, username and password.
at readFromTable_getCloudSqlConnection(Code:15:19)
Error in the SQL Server logs from the Google Cloud SQL logs
Error: 18456, Severity: 14, State: 148.
and
Login failed for user 'a-280598101372-\a-280598101372-$'. Reason: Token-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission. [CLIENT: 127.0.0.1]
"
It seems to be a permission issue on the SQL Server database. I tried searching for that SQL Server error message, and most posts reference granting proper permissions to users and/or roles, which I don't believe the users created through Cloud SQL have or can modify.
I am experiencing a very weird situation. When logged into my database server with a domain account (which is also a member of the local administrators group) the sa user is unable to connect to SQL Server Management Studio. However, logging in as a local admin account the sa user logs in successfully.
To make things more confusing... when logged into the Windows Server with a domain account (which is also a member of the local administrators group) SQL Server Management Studio will connect using Windows authentication.
A few notes:
While logged into the server with a domain account sa CAN connect via sqlcmd.
sa can connect via ODBC from other workstations on the domain (logged in as a domain user)
The SQL Server authentication is set for SQL Server and Windows authentication mode
The sa user does NOT have "Enforce password policy" checked
I have tried creating a new SQL admin user with the sysadmin role (same issue)
The SQL Server machine is a member of the samba4 domain
My environment:
Database Server
SQL Server 2012 x64 Standard edition with service pack 3
Windows Server 2012 R2 Standard x64
Directory Server
CentOS 6.7 x64
Samba 4.3
smb.conf
[global]
workgroup = XYZ
realm = XYZ.COM
netbios name = DS01
server role = active directory domain controller
dns forwarder = 8.8.8.8
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
[netlogon]
path = /usr/local/samba/var/locks/sysvol/xyz.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[home]
path = /home/
comment = Home Directories
# read only = No
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
As I mentioned in my comment. Although there seems to be no answer at this point other than wait for a fix. The workaround is to login as a local user and run SQL Server Management Studio