I have created Extended event session for azure database from my local sql server management studio and storing resulting file in azure blob storage.
but when i start extended event session it giving me an following error :
I have follow all the steps properly for creating extended events storage account with following steps:
1.Created shared access signature for container storage.
2.Created credential in SQL server using following script :
CREATE DATABASE SCOPED CREDENTIAL [Cre_Name]
WITH IDENTITY='SHARED ACCESS SIGNATURE',
SECRET = 'shared access signature of blob container'
GO
3.In extended event screen i used credential created in step 2.
Also i found that Filestream data is not supported in current version of azure storage. Is this is cause of error?
https://msdn.microsoft.com/en-in/library/dn385720.aspx
You have created wrong storage account, create as "General" rather than "blob". I have the same problem and this fix it
Also i found that Filestream data is not supported in current version of azure storage. Is this cause of error?
No,It is not cause of the error. But It may cause we can’t view the session data directly that session data in the azure storage. As forester123 mentioned, it may be related to the target data itself.The following is my detail steps:
Create an Azure SQL Virtual machine [SQL 2016]
Create an Azure SQL Database
In the Azure SQL Virtual machine, connect the azure SQL Database via Microsoft SQL Management Studio
Create Database Scoped Credential for the azure SQL database.
Create the session Extended events ->Sessions -> New session Wizard
Start the session and check the file from azure storage and file status is locked.
The session can start the correctly.
Related
We have an issue with a particular user connecting to our Serverless SQL pool via PowerBI.
I created an Azure Synapse workspace, which contains the built in serverless SQL pool which has some Views set up to pull data from some Parquet files.
As the creator of the DB I can connect to the SQL pool no problem and can model the data from the views in powerBI. However when my colleague attempts to do the same he can see the names of the views/tables but gets the following error:
He is an admin on the synapse workspace, and I've even explicitly given his user account access to the parquet files but nothing seems to make a difference.
He is able to access a dedicated SQL pool on the same account with no issues
Follow the directions here Tutorial: Create Logical Data Warehouse with serverless SQL pool
In particular for the user you need to GRANT REFERENCES ON DATABASE SCOPED CREDENTIAL. If you give the user access to the credential, they won't need direct access to the Data Lake.
If I use one of the methods to migrate a SQL server instance with several databases into a Azure Managed Instance, would the procedure also replicate any login accounts with access rights?
Particular interested in knowing how this handles Active Directory accounts
From what I know, it doesn't and you cannot use Windows Authentication but only SQL Server Authentication or Azure AD. I've migrated several times a local database of my local SQL Server instance to Azure and I've done it using Export Data-Tier to .bacpac (this is the extension of the DB in Azure) and then deploying it (both actions from SSMS):
However, please be aware that you have to drop any users that use for authentication Windows Authentication because you'll get an error at the moment of deploying it since it cannot inherit your server's active directory settings. Then, you can define your own AD in Azure and use it.
Managed instance is a new deployment option of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine.
The migration only support replicate the login.
You could get this from this document: Tutorial: Migrate SQL Server to an Azure SQL Database managed instance offline using DMS:
By default, Azure Database Migration Service only supports migrating SQL logins. To enable support for migrating Windows logins, see the Prerequisites section of this tutorial.
That means you must re-create all the users and grant it access right(database roles) manually.
Hope this helps.
I'm using the Telegraf input plugin for SQL Server (https://github.com/influxdata/telegraf/tree/master/plugins/inputs/sqlserver) to gather metrics and report to InfluxDB. It works well for SQL Server, but though it supports Azure SQL Database the documentation is a bit sparse.
The database user should be created like this:
CREATE LOGIN [telegraf] WITH PASSWORD = N'password';
GRANT VIEW SERVER STATE TO [telegraf];
GRANT VIEW ANY DEFINITION TO [telegraf];
That works on SQL Server, but in Azure it fails:
Securable class 'server' not supported in this version of SQL Server.
I wonder what I need to grant instead in order to solve this in the best possible way. We have a large number of databases running on the same server in an elastic pool, so if it is possible I would like to use a single user that logs in to the master and collects metrics for all the databases at once (the way it works with SQL Server). If that is impossible I can configure multiple logins and process one database at a time.
Perhaps I can grant VIEW DEFINITION at the database level, but VIEW SERVER STATE does not seem to be supported at all.
So, how should I configure the SQL Database login(s) for Telegraf with the SQL Server plugin to make it work?
EDIT:
Running as the super user for the server works without errors, but only produces metrics for master and tempdb. I need metrics for the many application databases and they are missing. Plus running as the super user is less than ideal.
Running as the super user for the server but connecting to a specific application database (add database in connection string) crashes with a nil pointer dereference and the log complains about VIEW DATABASE STATE permission denied in database master (the super user has access, but apparently not when connecting to a spefic database).
Granting VIEW DATABASE and VIEW DEFINITION to telegraf in an application database and connecting directly to that database as telegraf crashes with a nil pointer dereference and the log says the connection was closed.
EDIT 2:
Created bug report https://github.com/influxdata/telegraf/issues/4222.
EDIT 3:
As of the latest release the plugin works if the server admin account is used, so the issue has been solved. There is still no way to run with a less privileged account in Azure DB.
The answer:
GRANT VIEW SERVER STATE is not supported in Azure SQL Database.
On SQL Database Premium Tiers requires the VIEW DATABASE STATE
permission in the database. Permissions can not be granted in Master,
but the views can be queried in user databases. On SQL Database
Standard and Basic Tiers requires the SQL Database server admin
account due to security requirements following from multi tenancy of
those tiers.
Reason:
SQL Azure SQL is PaaS solution, therefore the most "server" specific features, DMVs, settings are blocked by purpose
References:
Grant View Server State - is it possible for a none SA user to have in Azure SQL?
SQL Azure VIEW DATABASE STATE permission denied in database 'master'
Possible workaround: (which is, anyway does not work in ewramner case)
CREATE LOGIN [telegraf] WITH PASSWORD = N'password';
USE [yourDB]
GRANT VIEW DEFINITION TO [telegraf];
GRANT VIEW DATABASE STATE TO [telegraf];
Therefore, (IMHO), there is no way to make such application working in SQL Azure without changing application code
II am migrating an existing SQL Server 2014 DB to Azure. Always failing so I ran Data Migration Assistant to Assess the DB compactibility and I get this result.
Cannot still figure out how to solved that.
User: [eAgricDBUser] has an unresolved reference to Login [eAgricDBUser].
The error occurs because it's referring to logins that existed in the source SQL Server instance but not in your target Azure SQL DB instance (logical master).
Suggest you think about how your users should access the database now that it is in Azure SQL DB. Contained users are helpful here as they can be moved around to any server and still function. AD users are even better but you'll need to have your on-premises AD integrated with Azure AD. Both save you lots of headaches with login migrations.
Alternatively, you can create the required logins in master before you run the database migration scripts which contain create user statements. Note that you will be creating them with a new password so you will need to provide that to the users plus you'll need some way for the users to change that to their own password.
I have created an Access 2013 web app which creates an Azure SQL database behind the scenes on our O365 SharePoint web site. I can access this database using SSMS studio (I have the professional version not the express version).
I would like to link to the Azure database tables or be able to copy the database. The reason for this is that I cannot create views in the Azure database and the Access web app is too limited for our external reporting needs. We don't need to create views or tables in the Azure database we only need to access the information stored in its tables.
Whenever I try to right click on the Azure database to perform a task I receive the following error.
Cannot open server 'xxxxxxx' requested by the login. Client with IP address 'xxx.xxx.xxx.xxx' is not allowed to access the server. To enable access, use the Windows Azure Management Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range.
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=40615&LinkId=20476
The provided link is useless, it contains no information (There is no additional information about this issue in the Error and Event Log Messages or Knowledge Base databases at this time).
How do I take care of this error or how can I link to the Azure SQL database.
When viewing your database in the Azure management portal, there is an option on the right hand side that says Manage allowed IP addresses. That link will take you to a page where you can enter IP addresses that will be allowed through the firewall.
Here's a link to the MSDN article: How to: Configure Firewall Settings (Azure SQL Database)
Manage Server-Level Firewall Rules through Transact-SQL
Launch a query window through the Management Portal or through SQL
Server Management Studio.
Verify you are connected to the master database
Server-level firewall rules can be created, updated, or deleted from within the query window
To create or update server-level firewall rules, execute the sp_set_firewall rule stored procedure. The following example enables a range of IP addresses on the server Contoso.
EXEC sp_set_firewall_rule #name = N'ContosoFirewallRule', #start_ip_address = '192.168.1.1', #end_ip_address = '192.168.1.10'