I have a SQL statement that merges 2 databases together, from 2 different servers (SQL Server 2012 for both).
The two servers are linked, so when executing the statement in a query window from Management Studio with the SA account it works perfectly.
However, I need to automatize this. I created a Job in the SQL Server Agent, and I keep getting an authentication error. This is because the user that is executing the SQL Server Agent service doesn't have the SA rights on both servers.
This is the error:
The OLE DB provider 'providerName' for the connection server
'serverName' reported an error. Authentication failed.
I tried setting a superadmin user from the Active Directory with all rights on both servers to execute the SQL Server Agent, but I still get the error.
Is there any way to fix this?
Thanks
You can store your linked server credentials with your linked server definition (forbid my picture editing skills ;-)):
Alternatively - and much more preferabele from security point of view - setup same account on both servers (you can then limit the account privileges as you need) and use the third option ('Be made using the login's current security context')
Related
We currently have a SQL Server 2012 job that fails to execute because of an account lock out. The message found within the Event Viewer is the following:
SQL Error: The referenced account is currently locked out and may not be logged on to.
The SQL Agent runs a local account and have verified it is not currently locked out within System Admin on the server. Have also verified that account is not locked out on the SQL Server box. The SQL Server job runs a SSIS package. If I run the SSIS package by itself the job will execute just fine. It is when it is executed via the job that it fails.
Has anyone else had a mysterious account locking problem with a SQL Server Job?
Follow below steps:
Right click sql agent job name -> view history -> check error. It gives exact details of what has gone wrong.
SSIS Jobs via SQL Agent needs proxy account, which contains credentials of SQL Server login. Hence Security -> Credentials and update the username and password.
Once done, make sure it is reflected in Proxy (SQL Server Agent -> Proxies -> SSIS Package Execution.
Make sure the referenced account is added under Security -> Login
We have 2 SQL Servers in each of our environments. Server A is our Data Warehouse SQL Server and Server B is our OLTP server. We have the following environments PROD, STAGE, SIT, DEV. We have configured a linked sever on Server A in each environment to read, write and Exec a stored procedure on Server B. A SQL job was created on Server A to do a simple select statement from Server B to test the connection. The service account that will be running all of the jobs was configured as the job owner and "Run as User". In Prod, STAGE and SIT the test job is working. In DEV the test job is failing with the message "Access to the Remote Server is Denied because the current security context is not trusted"
I have logged in to server A as the service account and run the exact select command to server B in a query window and the command successfully returns results.
I tried a SQL job on Server A in DEV that calls an SSIS package. It uses the same service account as the test job via a proxy & credential. The SSIS package is calling a stored procedure on Server B. When I run this job it succeeds and executes a stored procedure on Server B that writes data to server B.
I validated that the Service account has administrator privileges set the same across all environments.
I validated that the Linked server has the same configuration across all environments.
I have tried to set up the Linked Server to link the service account on Server A to a SQL account on Server B
I have tried to set up the Linked Server to "Be made using the login's current security context" on Server B
I have tried changing the SQL job to run as an operating system CmdExec. SQLCMD -E -Q "select * from [Server].[Database].[Schema].table" using the same proxy and credential as the job that is working. This resulted in the following error
"A network-related or instance-specific effor has occured while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections."
I validated that the servers can ping each other.
I ran SQLCMD -L via the command line to validate that the servers are both present.
I enabled the Named Pipes protocol on both servers A and B in the configuration manager.
I tried running the test job under my credentials as an SA and got the same
"Access to the Remote Server is Denied because the current security context is not trusted" message.
I tried copying and pasting the SQL from the test job into a query window on Server A using my credentials and was able to run the query successfully.
I tried recreating the SQL job.
I tried restarting the SQL Services.
The only appreciable difference I can think of between this environment and the others is that Server A is a named instance and Server B is a default instance.
Also of note, the SQL Browser service on Server B is being run by a local account instead of a service account. SQL Browser on Server A is being run by a service account.
I want to remote restart or stop SQL server service on SSMS. When I login in a DB using sa account, the menu bar still be disabled
I looked up some information, MS seems to disable it for security reasons from SQL server 2012
If there is any possible, I can alter some system settings to do that?
So to stop/restart an SQL Server instance from Object Explorer in SSMS, you would have to met the following requirements:
1. You must have to have at least public server role on the SQL Server instance.
2. You must have the privilege to start/stop services on the server that hosts SQL Server instance. For example, add your windows user to administrator group on the server.
Also,since SA uses SQL authentication, the best you can do is issue a SHUTDOWN command to stop SQL Server.
I have created a Utility Control Point on one instance of SQL Server 2008 R2 Enterprise. I have 2 other SQL Server instances that are already pushing data to a management warehouse database on the UCP server (separate database). I would like to enroll those 2 servers that are already part of an MDW to the UCP, however when I go through the enrollment process it validates successfully, but during the enrollment's final stage it throws an error during the enrolling the instance step:
An exception occurred while executing a Transact-SQL statement or batch. Could not obtain information about Windows NT group/user 'domain\user', error code 0x5. (Microsoft SQL Server, Error: 15404)
The 'domain\user' that it lists in the error message is the AD domain service account on the target server to be enrolled. All 3 of these servers are on the same domain, the SQL Server Agent Service accounts are different for each server. When going through the enrollment set up I have connected to the instance with a domain account and the sa account and tried different service accounts none of which seem to work.
Does anyone have any ideas?
I have two SQL Servers which have been linked using sp_addlinkedserver 'ServerB\Instance' from ServerA and sp_addlinkedserver 'ServerA\Instance' from ServerB.
If I execute the following query from ServerA then everything is okay:
SELECT *
FROM [ServerB\Instance].Database.dbo.Table
If I execute the following query from ServerB an error occurs:
SELECT *
FROM [ServerA\Instance].Database.dbo.Table
Error:
Msg 18456, Level 14, State 1, Line 1
Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
The service accounts that SQL Server runs under on ServerA and ServerB have been given elevated permissions on both servers in an attempt to solve the issue but no success.
I have done research but want to avoid a convoluted process when communication one way is okay.
I have solved this by following the process:
Deleted both linked servers.
Executed sp_addlinkedserver for ServerA from ServerA RDP (SSMS) and for ServerB from ServerB RDP (SSMS).
Previously I had executed sp_addlinkedserver for both servers from the one server RDP (SSMS) session only. Executing from each server has solved the problem. If someone can add comments as to why this is then I will be very grateful.
In SQL Management Studio, view the properties for the linked server from Server B to Server A. There's a security "tab" that you can view from there. That will tell you the security context the connection from B to A is using. The error you are getting normally occurs when you don't have a valid security context set for the linked server.
The reason that it can work from A to B and not B to A is that you need to set up the linked server correctly on each side. Just doing it for one is not going to work to go both ways.
You have to map your local user to a remote user on the other server.
Do can do this by calling sp_addremotelogin() as explained here: http://msdn.microsoft.com/en-us/library/ms186338.aspx
To work around this problem, use one of the following methods:
Map the clients on server A to a standard security login on server B, by using either the sp_addlinkedsrvlogin stored procedure or the Security tab of the Linked Server Properties dialog box in Enterprise Manager.
If you are running the distributed query on an instance of SQL Server that is running on a Microsoft Windows 2000-based computer, configure SQL Server to listen for client requests by using the Named Pipes Server network library, instead of using the TCP/IP Server network library or the Multiprotocol Server network library. To configure the Server network libraries for SQL Server, use the Server Network Utility.
Take a look at:
http://support.microsoft.com/kb/238477