Connect MuleSoft to SQL Server with an AD User - sql-server

I am trying to get MuleSoft to talk to a SQL Server using an Active Directory User.
I have gotten it to connect using a user defined in SQL Server, however our DBAs are saying we have to connect with an AD User.
I am getting "login failed" errors
java.sql.SQLException: Cannot get connection for URL jdbc:sqlserver://AG-Q4Test1:1433;databaseName=T10SRV01 : Login failed for user 'HQ\MuleSoftSvc'
I have tried to connect using my credentials and have received the same error. I can connect using SQL Management Studio with my credentials.
I am using the Microsoft SQL Server Driver com.microsoft.sqlserver:mssql-jdbc.6.2.2.jre8
I am thinking that is because its using Windows Authentication
But will this work in CloudHub?

The method described in the KB article will not work in CloudHub because applications don't run in Windows. Take into account that you should not make any assumptions on the operating system and platform for applications deployed on CloudHub.

I was able get Windows Auth working from my local runtime using this article.
After more digging I found this KB Article from MuleSoft which states that Windows Auth is not supported in CloudHub.

Related

I cannot authenticate user in SSMS for linked server (snowflake)

Similar problem to one reported here:
Can't create linked server to Snowflake
Difference is while connecting to snowflake I cannot authenticate user in the SSMS:
ODBC driver must be verified by external browser (no password) but it is not happening here. Internet browser in SSMS is working fine, but it is not used to authenticate ODBC user. Configuration of ODBC is fine, as it is working in PowerBI and starting authentication process in default internet browser. Any ideas?
ODBC driver must be verified by external browser
Linked server connections run in the SQL Server process, so there's no interactive access to the desktop to do any kind of interactive authentication.

SQL Server permission error after publishing website from visual studio 2015

Having all sorts of problems after publishing website from VS2015.
My Site has been working fine when run from within VS2015. However, I followed some instructions to Publish the website to my IIS and now the site Login page comes up but after entering user/password the application fails to make connection to the database and shows the error:
Failed to generate a user instance of SQL Server due to a failure in impersonating the client. The connection will be closed.
I am running Windows 8.1, SQL Server 2008/R2, Visual Studio 2015 and the Database connect string is:
I do NOT currently have Database User I am simply connecting using Windows Integrated authentication.
I think it's some kind of permissions error, can someone please assist ?
The website is using the AppPool identity to connect to the SQL database. By default the AppPool uses a Built-in Account.
You can change the AppPool to use a custom domain account which as rights to the database.

SQL Server distributed login with windows authentication

I am new to SQL Server, I am planning to build a distributed application in Java for SQL Server. I am curious to know that if there is a way to handle the following scenarios:
UserA logs in on MachineA and chooses Windows authentication as credentials in app. My application's 2nd component is on MachineB (components communicate using RESTful web services) and MachineB has SQL Server installed on it. MachineB has the code to connect to SQL Server.
I want to know what are the steps to make this happen, is it possible to use windows authentication here?
UserA logs in on MachineA and uses Windows authentication, code to connect is on MachineB and SQL Server is on MachineC. What are the required steps here to make this happen, connection string and if I need to make any domain etc.
Assuming all machines are on the same DOMAIN, yes it will work. You may need to configure Kerberos (SetSPN) to make sure the service is trusted. You should check Microsoft® Kerberos Configuration Manager for SQL Server® from Microsoft. If Java is used from a Web site, you will also need to configure a SPN for this service as well. When it's all configured, To connect using Java, your ConnectionString should look like this:
jdbc:sqlserver://localhost;databaseName=AdventureWorks;integratedSecurity=true;
Hope it help.

Login error to database for Team Foundation Server 2010

I have installed Team Foundation Server 2010 (basic configuration) on a Windows Server 2003 without any problems. But when I go to administer the Team Foundation Server Administration Console, I get the error when in the press "Administer Security" or "Group Membership"
Server was Unable to process request. ---> Team Foundation services are not available from the server. Technical information (for administrator): The request colud note asking Processed Because the application is configured correctly note. No host service is available for the request.
If I try to go to http://localhost:8080/tfs, an I Get Runtime Error
In the Event Viewer I get following errors each time I try to do anything
Failue Aud - MSSQL$SQLEXPRESS - Login failed for user 'SAG-S01\ASPNET'. Reason: Failed to open the explicitly specified database. [CLIENT: ]
Error - TFS Services - Exception Message: TF246017: Team Foundation Server could not connect to the database. Verify that the server that is hosting the database is operational, and that network problems are not blocking communication with the server. (type DatabaseConnectionException)
You could start investigating by starting the SQL Server Management Studio and navigate to the SQLExpress instance on your data tier. See if the Tfs databases are running and whether the ASPNET user has access rights for the database.
Now I found where the problem was. It was set in the IIS server that TFS would run with .NET 1.1 instead of 4.0
It's weird. Can you check that you can access the database via Sql Server Management Studio.
If you can access with local system account or sa user; you have to deep dive form TFS - SQL Server connections. May be your user doesn't grant to connect SQL. Please try first, connect via Management Studio.

Windows authentication trusted connection not working

MSSQL Server is in the "abc" domain and have mixed mode authentication.
I am connecting from the machine which is not in domain or in a domain "xyz" but with in the same network using MSSQL Jdbc driver 2.0. I have logged in as admin or account in xyz domain.
It works fine using following url for connection for "sa" or SQL Mode Authentication.
jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;DatabaseName=dbname
It doesn't work For window authentication using credential "MSSQLDomain\username" i.e "abc\username", using following url
jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;integratedSecurity=true;DatabaseName=dbname;
Gives following error.
Login failed for user ''. The user is not associated with a trusted
SQL Server connection.
I have tried adding property Trusted_Connection=Yes to url, but still gives same error.
I don't want to map the drive of the SQL Server. I am able to access the any shared folder of the SQL Server Machine by providing "MSSQLDomain\username" and password.
It works fine for both authentication mode, if both machine is in same domain.
If I am using jtDS Driver from the machine which is not in domain or in "xyz" domain within same network i.e same subnet, it works fine.
This is the deliberate and correct behaviour of Windows Authentication.
It is because the Domain from which you are connecting from, is not the same Windows Domain as the one where your SQL Server instance resides.
I believe there are methods for bridging the Domains so to speak, however they require custom and tricky implementation. You also will have to configure a trust relationship between the domains.
The following thread contains discussions which you will likely find useful.
http://sql-server-performance.com/Community/forums/p/24601/137574.aspx
Changing the login credentials might help,
use SQL authentication instead of nt authentication
https://support.microsoft.com/en-us/kb/555332
Symptoms
After you install Microsoft SQL Server 2014, SQL Server 2012, SQL Server 2008, SQL Server 2005, or SQL Server 2000 and you try to connect to the server that is running SQL Server, you receive one of the following error messages:
Login failed for user '%.*ls'. The login is a SQL Server login and cannot be used with Windows Authentication.%.*ls
Login failed for user ''. The user is not associated with a trusted SQL Server connection. (Microsoft SQL Server, Error: 18452)
Login failed for user ''. (Microsoft SQL Server, Error: 18456)
Resolution
This problem occurs if the user tries to log in with credentials that cannot be validated. This problem can occur in the following scenarios:
Scenario 1:
The login may be a SQL Server login but the server only accepts Windows Authentication
To resolve this issue, configure SQL Server in Mixed Authentication Mode.
Scenario 2:
You are trying to connect by using SQL Server Authentication but the login used does not exist on SQL Server
To resolve this issue, verify that the SQL Server login exists. For more information, see Create a login in SQL Server Books Online.
Scenario 3:
The login may use Windows Authentication but the login is an unrecognized Windows principal
An unrecognized Windows principal means that Windows can't verify the login. This might be because the Windows login is from an untrusted domain. To resolve this issue, verify that you are logged in to the correct domain.
I have been involved with making a SQL server connection cross to domains like that, and it is exceptionally painful. In order to use credentials from another domain, the domain where you are assigning the permissions has to trust the domain, where the account is coming from. IT Pro's are generally VERY reluctant to trust another domain in this manner, and for good reason, so if this trust relationship has not been established it might not be very likely to convince the admins to do this.
Once you have the trust relationship established, you will probably need to register the SPN's for your SQL server in Active Directory, and assign delegation permissions. This type of environment is very difficult to setup, troubleshoot and maintain.
I hope that there is some other way that you can do this, because it sounds like you are headed for a very difficult scenario.
Hope it helps
Rihan

Resources