SQL Server Domain Authentication over VPN - sql-server

I have a user with SSMS installed locally who wants to be able to access the SQL Db on a remote server over SonicWall SSL VPN.
He can connect to the VPN just fine, RDP to SQL server (as a test) just fine, but cannot connect with SSMS to the server.
So far I've tried:
Enabling Trust for the connection as it was at first presenting an SSL error. Now we just get "login failed for user" errors.
Tested his user with Windows Authentication on the server directly, it works fine.
Enabling names pipes and TCP/IP in server configuration manager.
Testing logging in with a SQL authentication user over VPN - This also works fine.
I am sure the domain\username and password are correct and verified them in several other ways.
Checked the SQL server properties and Allow remote connections is enabled with no timeout.
Opened up everything in the sonicwall from the SSLVPN to the SQL server as a test, changed nothing.
Attempted disabling the local and SQL windows firewall, changed nothing.
Probably some other stuff, but I don't remember right now.
This is SQL Server 2014. He is using SSMS 2017, but I've tried it on the SQL Server with 2017 and it works fine and as mentioned he can log in over VPN with a direct SQL Server user. All other users just RDP to SQL server and connect that way so this has never come up again, but they don't want the new employee having RDP access to the SQL Server.
The exact settings on his SSMS I'm using are Active Directory - Password and under connection properties encrypt connect and trust server certificate are checked.
No special or changed ports on SQL Server, everything is basic installation defaults.

In this example, I'm editing the NT Service\MSSQLSERVER user.
However, when you edit the user/s in question and navigate to User Mapping as can be seen below:
Is the Database they are allowed to access selected?
Also, while the Database is selected, did you tick the permissions to the Database, as stipulated above?
If not, please try this and advise if it worked?

Related

SQL Server 2017 Remote access

I have tried every conceivable permutation for hours to try to connect to a remote SQL Server 2017 using SSMS. I keep getting:
Logging failed for user xxx. (Microsoft SQL Server Error 18456)
I know SQL Server is running on the remote machines since I can log
in locally there using SSMS.
SQL Browser is running.
TCP/IP is enabled. There are no dynamic
ports in IP All.
I know the firewall is not a problem since I can
telnet to port 1433 from the remote machine, and I added the rule to allow access.
I have "Enable Remote Access" turned on in SQL Server.
I have both Windows and SQL Server Authentication enabled.
I have user mappings for the given databases.
I can connect locally using SSMS with the Sql Server Auth user/passwd that I am trying to use remotely.
When logging in from the remote client in SSMS:
I use an IP address for the server (although I can also browse to the server as I have UDP 1434 open).
I use SQL Server Authentication.
I looked at Event Viewer on the SQL Server machinee to see if it gives me more clues as to why the log in is failing, but it is worthless.
I saw this, but it is of no help.
What on earth could be left that is the problem?

Default SQL Authentication Details for SQL EXPRESS 2016

I'm attempting to remotely connect to my SQL Express 2016 server through MS SQL on my local machine however am having extreme difficulties with the authentication.. Well I assume it is an authentication issue as when I attempt connect to connect to it I receive the error message:
The remote computer refused the network connection.
When connecting through the sqlcmd I am using Windows authentication and have no issue, however to connect to it remotely I need to use SQL authentication and have no memory of creating an account so am wondering if there's a default login and password?
I believe this is the issue however it is quite likely i'm doing something stupid so any assistance would be appreciated!
You can create an account that can be used to connect to that SQLExpress instance by using SQL Server Management Studio. Expand the database you wish to create a login for in the Object Explorer. Under the Security folder, you can create a new login by right clicking the Logins folder.
Also make sure that your machine has its firewall configured to allow remote connections, the server has remote connections enabled, and that you are allowing logins for Windows Auth and SQL Server Auth.
You can allow remote connections for a server by opening the SQL Server Configuration Manager. Under the SQL Server Network Confiuration Node, Select Protocols for MYSERVERNAME. Ensure that TCP/IP is enabled.
Here's a guide on setting up the firewall: https://technet.microsoft.com/en-us/library/ms175043(v=sql.110).aspx
You can enable SQL Server Authentication by right clicking your server name in the object explorer in SQL Server Management Studio and going to the Security tab. look for the "Server Authentication" option.

Connecting to SQL from Bamboo still throws error Login failed for user

I am attempting to connect my Bamboo instance to SQL Server, but I am unable to do so because of the error Login failed for user 'Bamboo'. Investigation into the log files shown in the location
C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Log\ERRORLOG
throws an error that I should not be getting at this stage of my attempted login. Server is configured for Windows authentication only. Currently able to login using same SQL Server credentials to access the database, just not via Bamboo.
The reason why this should not happen is because my server is already set up to do so, and I will list all of the steps that I have taken to prevent this error. In my localhost SQLEXPRESS server I have checked SQL Server and Windows Authentication mode. Once I restarted SQL Server, this worked as I was able to log in with the credentials that I added to a user called Bamboo.
The user I added is mapped to the database called BambooDatabase as a db_owner. The number of concurrent users is unlimited and I have tried disconnecting from SQL Server just to check if that was a problem, but still no difference. I added 2 more users with connect access and mapped to BambooDatabase.
I have went to the SQL Sever Configuration Manager and enabled TCP/IP and made sure that the IP addresses was pointing to 1433. And then configured my firewall to all access to 1433 as well. The fact that my error logs for SQL Server are appearing makes this seem that everything should be fine here. So with tested 3 users on SQL credentials everyone logged in successfully and all have the relevant permissions needed. All three gave the same error when trying to connect from Bamboo.
I am trying to connect to Bamboo like this:
Direct JDBC connection.
Driver class name: net.source.jtds.jdbc.Driver
Database URL: jdbc:jtds:sqlserver://localhost:1433;DatabaseName=BambooDatabase
User name: Bamboo
Password: SQL Server password
Checked overwrite existing data
Then once I click continue the log in error throws. Have I missed something here, I cannot see what I could do differently, I have tried to connect to SQL Server from Bamboo several different ways but have had no success. I am using SQL Server Express and the Bamboo version 5.11.3, I am testing upgrading from 5.11.3 to 5.15 with larges amounts of data which is why I am using that version.
Error from Bamboo is:
Error accessing database: java.sql.SQLException: Login failed for user 'Bamboo'.
Error from SQL logs is:
Login failed for user 'Bamboo' Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: 127.0.0.1]
Are you running Bamboo en SQLExpress on the same machine? If not, you should look into the remote access configuration.
In the SQL Sever Configuration Manager, make sure that you entered 1433 for the IPAll entry as well. And start the SQL Browser service for good measure, this is especially important when using a names instance, but going after the errorlog folder you copy/pasted, that's not the case.
For testing purposes, you might want to disable the firewall all together and reactivate is after you get the connection up.
Another thing to try if you're connecting on the same machine, is use the loopback address 127.0.0.1 instead of the localhost alias.

Login Failed on SQL Server 2014

I'm having issues connecting to a SQL Server 2014 database using Management Studio with SQL Authentication. This server was just created by my IT department. I restored a database, I added the login with a password, I made sure the server properties had both SQL Authentication and Windows Authentication checked. I made sure the user at the database level is mapped to the login. But when I try to connect using Management Studio I get the following error. However, it works if I use my Windows Authentication account.
Actually, I kept getting the normal 'Login Failed' message. But this morning I got the above error which is probably more helpful. When I kept trying again, I kept getting the normal Login Failed message.
Have you seen this Microsoft TechNet post about the message you received? It looks like your admin may need to adjust the SQL Server configuration.
Specifically, it looks like you might need to try one of:
Connect using TCP/IP, or use the SQL Server Configuration Manager to
enable remote connections using named pipes.
or...
Using SQL Server Configuration Manager on the client computer, move
TCP before named pipes in the protocol order list.

Cannot log in using SQL authentication ONLY from a remote server

I am trying to connect to SQL Server 2008 from a remote server using 'sa' username and its password (I can log in normally with this username and password from my own computer - so "SQL Server and Windows authentication mode" is chosen).
In the SQL Server log file on my computer I see this error:
Login failed for user 'sa'. Reason: An attempt to login using SQL
authentication failed. Server is configured for Windows authentication
only.
I thought it might be a remote connection problem, so I checked that the remote connection in the properties is enabled, in the configuration manager I enabled TCP/IP and Shared Pipes and restarted the service afterwards and I created a firewall rule for port 1433. I also tried to turn off the firewall in case that it is being blocked somehow, but I got the same error.
How this error appears only when accessing SQL Server from a remote server?
How can I fix it?
From the SQL Server management studio, right click on your server (after connect) in the Object Explorer window and choose Properties.
On Security item, make sure that SQL Server And Windows Authentication mode is selected.
The most obvious solution for me seems to allow SQL Server authentication on the server if it's really necessary to use sa for access (what it should not normally).
To answer the "why" we need more information. Which program do you use to access the server. Is the connection string really identical for both accesses?
Just guessing: From your local machine you use integrated security=true somehow (which causes user and password to be ignored), and your local windows user is allowed to access the server. From remote you use integrated security=false so that you can't logon using user/password, as the server is configured to only accept Windows authentication.
I had the exact same problem today. I was not able to connect to SQL server remotely using username/password, but it worked with windows authentication, and logging in locally also worked.
The reason it didn't work here was that I was using a password that was too short on the sa user. Apparently it does enforce password policy if logging on locally, but remote connections are blocked.
You can either change the password to a longer/more complex one, or disable the password policy enforcement for the sa user.
Short how-to:
In SQL Server Management Studio, open Security -> Logins, find "sa" -> Properties -> Change password or uncheck this box:
In my situation, I have SQL Server 2008 and SQL Server 2012 installed. So, in server name field, I need a concrete name (for example: 10.141.133.125\SQLServer2012). That's it!
Hope this useful for you!

Resources