SQL Server authentication is not working from REMOTE - sql-server

I am trying to access a SQL Server hosted on an EC2 instance from my local system. Though I am able to access it within the server using SQL Server authentication, username and password, I am not able to do the same from my local system.
The only change I am doing while accessing it from my local system is to replace the server name with its public DNS.
On the server: ServerName\SQLEXPRESS
On the local system: DNS\SQLEXPRESS,1433
I have also opened the port 1433 in the inbound rules of AWS and in windows firewall as well.
The exact error is as follows:
Login failed for user 'sa' (Microsoft SQL Server: Error 18456)
Any help/discussion to resolve this would be really appreciated.

Related

SQL Server connection user varies when using '127.0.0.1' vs 'localhost'. Why?

When I attempt to connect to my local, default SQL Server instance via SQL Management studio using Windows Authentication, I successfully connect when I use Server Name "localhost", but fail when I use Server Name "127.0.0.1". With login auditing enabled for both failed and successful logins, I see that the successful logins are recorded as:
Login succeeded for user 'AzureAD\RealUsername'. Connection made using Integrated Authentication. [CLIENT: < local machine >]
And the failed logins are recorded as:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT: 127.0.0.1]
Possibly relevant:
I can connect using the ip address if I use SQL Server authentication (since I am forcing it to use an existing login).
There is no entry in my hosts file for "localhost", and when I ping localhost it does resolve to 127.0.0.1.
The SQL instance uses port 1433.
The issue, with very little variation, persists when connecting via SQL Management Studio, a .NET web app running in a local IIS instance, or via UDL file on my desktop.
Here is my question: Why would changing only the server value ('localhost' vs '127.0.0.1') change the identity used when connecting?

SQL Server Named Instance TCPIP port settings & EndPoints/Infrastructure permissions error

I have a local installed SQL Server 2016 (Developer edition) installation on Windows 10 Pro. There is one named instance. I am a developer using MS SQL Management Studio and JetBrains DataGrip.
I just want my connections within my local machine to work with SQL Server over TCPIP using a SQL Server user account..! At the moment this only works using my Windows Authentication mapped to ServerAdmin
Named instance
RAXLENOVOT560\MSSQL2016MAIN
(authentication is mixed mode)
There are 3 issues that maybe linked:
TCP Port number does not appear to take effect within the Sql Server Configuration Manager.
The Sql Server Configuration Manager only shows limited properties on the Client Protocols/TCPIP settings. (please see screen shots)
Sql Server login user account does not connect via TCP due to an error. Login within local machine, local development from DataGrip to SQL Server.
1. TCP Port number
I have set this to 65321. However when I try and connect using this port no connection is made.
When I checked using the following SQL query I see the port number is actually 65514
SELECT DISTINCT
local_tcp_port
FROM sys.dm_exec_connections
WHERE local_tcp_port IS NOT NULL
results
local_tcp_port
--------------
65514
I change the port number in the config tool, restart ALL SQL Server services, reboot and still nothing works. Still listening on port 65514
Note I did not choose 65514, this seems to be a default from SQL Server.
2. The Sql Server Configuration Manager Properties Missing
Note the properties screen is limited only to a few options, there are usually lots more why is is? Perhaps due to running on Windows 10 Pro vs Windows Server?
3. Connection Login failure
Login from the local machine only.
I have opened the firewall for all the relevant SQL Server ports
TCP 1433
TCP 65514 (the forced sql server port)
TCP 65123 (what I would like to use)
UDP 1434 Sql Server Browser
I attempted login via a number of means
Sql Server Management Studio
Udl File
Java connection via DataGrip
Since opening the firewall, all the connections work but only if the hostname is 127.0.0.1, why can't I use the computer name? The connections also work if I use my Windows Login but NOT a SQL Server login
The login fails due to the error shown below from the SQL Server Log (which proves the TCPIP connection is reaching SQL Server).
Login-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission
Date 24/04/2018 11:25:05
Log SQL Server (Current - 24/04/2018 11:20:00)
Source Logon
Message
Login failed for user 'SvrDeveloper'. Reason: Login-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission. [CLIENT: 127.0.0.1]
The Sql Server User has the following permissions and settings (please see screenshot)
Name = SvrDeveloper
Server Roles = public
Securables = RAXLENOVOT560\MSSQL2016MAIN Type=Server
Securables = TSQL Default TCP Type=EndPoint
Connections
Udl Connection
[oledb]
; Everything after this line is an OLE DB initstring
Provider=SQLNCLI11.1;Integrated Security=SSPI;Persist Security Info=True;User ID="SvrAdmin";Password="Password123";Initial Catalog="";Data Source=TCP:127.0.01\MSSQL2016MAIN,65514;Network Library=DBMSSOCN;Initial File Name="";Server SPN=""
Java connection:
jdbc:sqlserver://127.0.0.1:65514;databaseName=CcTools;user=SvrDeveloper; password=Password123
Some additional information:
Version

SQL Server 2016 Remote Connection Error 18456

I have recently installed SQL Server 2016 on Amazon EC2 instance so I can start developing various SSIS / SSRS applications.
I have enabled Remote connections, opened port 1433 in the security group and windows firewall, and created a user 'myuser123' who is enabled and and allowed SQL Server and Windows Authentication within the server properties.
I am trying to login using this connection
ec2-1-2-3-4.eu-west-1.compute.amazonaws.com\MSSQLSERVER,1433
SQL Server Authentication
username: myuser123
password: #########
The error message I am getting looks to be a user authentication error.
Cannot connect to ec2-1-2-3-4.eu-west-1.compute.amazonaws.com\MSSQLSERVER,1433
Additional Information
Login failed for user 'myuser123'. (Microsoft SQL Server, Error 18456)
However when I Remote Desktop to the EC2 Instance and try to log in locally using the same username / password I don't have any problem.
Do you have any idea why this may be?
Thanks
M

Unable to connect to remote SQL Server database from local management studio

I have purchased a VPS from GoDaddy. I installed SQL Server on the VPS through remote desktop connection and could connect to the database. Login credentials used are ServerName:IPAddress, Username=sa; Password=****
However when I tried to connect to the remote database from my local machine I am getting the error as
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
I have cross checked the following scenarios
Made sure that TCP/IP is enabled
Made sure that SQL Server Browser is running
How can I solve this issue ?
You may have to add the IP address of your local machine to the server. Setting the IP to accessible. For security reason, it is not allowed to access the server for all the host except the host with the IP address that was added to the whitelist.
You can find the instruction in this web page.
From the web page:
If you want to connect remotely to a database, you must enable
support for remote connections.
Log in to your GoDaddy account.
Click Web Hosting.
Next to the cPanel account you want to use, click Manage.
In the Databases section, click Remote MySQL.
In the Host field, enter the IP address from where you want to access your databases.
Click Add Host.
What to enter... Host Name or Server: Your database's host
name Port: 3306 Username: The database user's username
Password: The database user's password Database: The name of the
database

Cannot connect to local SQL Server 2012 via SSMS

I'm trying to connect to my local SQL Server 2012 via SSMS, but I didn't make it. I got error message :
Cannot connect to EB-OR1007724.
Additional information:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
Please notice that I'm using a company computer with many restrictions. After trying several things, but I stilled didn't make it.
Check services are running. All related SQL Server Services are running using Local System as Log On. They're
SQL Full-text Filter Daemon Launcher (MSSQLSERVER), started (PID=2100)
SQL Server (MSSQLSERVER), started (PID=2424)
SQL Server Agent (MSSQLSERVER), started (PID=320)
SQL Server Browser, started (PID=4376)
Check ports' status. The port :1434 is listened by localhost 127.0.0.1.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\xxxxxxxx>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
...
TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING 2424
TCP [::1]:1434 [::]:0 LISTENING 2424
UDP 0.0.0.0:1434 *:* 3080 1016
UDP [::]:1434 *:* 3080
Check firewall roles. I've created an inbound rule to allow TCP connection to port :1433 and :1434, which can be accessed for all connections by anyone.
Check hosts config. The hosts configuration file hosts has been modified to identified 127.0.0.1 as localhost. This file is located at folder C:\Windows\System32\drivers\etc.
Check availability of other SQL Server services. I can connect to the local SSAS services using my windows authentication.
Check AD Server status. The problem might be caused by a down Active Directory Server. Even though I don't have access to Active Directory Domains and trusts due to company policy, I'm sure that the AD server works, because I can connect to the local SSAS services using my windows authentication.
Check instance name. As you can see, the instance is called MSSQLSERVER, so perhaps I should explicitly mention it when I connect via SSMS ? These are what I've tried in Server name:
EB-OR1007724, error 18452
EB-OR1007724\, error 18452
EB-OR1007724\MSSQLSERVER, error 87
.\MSSQLSERVER, error 87
.\, error 18452
., error 18452
Now I'm really upset upon the result. Please help T_T
Error list
Error 87
Cannot connect to EB-OR1007724\MSSQLSERVER.
Additional Information:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 25 - Connection string is not valid) (Microsoft SQL Server, Error: 87)
The parameter is incorrect.
Error 18452
Cannot connect to EB-OR1007724.
Additional information:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
For your information, there's a related question on stackoverflow.
Cause
The problem might be caused by company security programs, defined on the network. Since the local service MSSQLSERVER is not a company official service, the Active Directory (AD) Server refuses to provide authentication credentials. (Obviously, this is my hypothesis. ^^)
Solution
As for the solution, I use SQL Server Authentication instead of Windows Authentication to login. In order to do that, make sure your server is running under the Mixed Mode (Windows authentication and SQL Server authentication). This can be configured during the SQL Server 2012 installation, step Database Engine Configuration.
The login is sa (system administrator) and the password is what you've defined previously.
Once connected, you should add new login(s) properly for different usages. As mentioned by Panagiotis Kanavos:
connecting as sa is considered a serious security problem, not a solution of any kind. It should never, ever be attempted in production systems

Resources