I'm learning how to use SSIS to create auto scheduled tasks. Everything went smoothly until the security policy has changed. Before whenever I wanted to connect to database, I just type in IP address, username and password in SSIS connection manager. Now I need to open up OpenVPN first which is still a manual process. So I really would like to put this bit into an SSIS task flow.
I had a search on Stackoverflow and over some other websites. Here is a link in stackoverflow. This example gives the idea that we can use VBA to setup the link. However that example shows we need a VPN connection name and VPN username which I don't really have and don't know where to find. Everytime I just right click on a .ovpn file and choose start openvpn on this config file. Also when I open that .ovpn file there is no command indicating which is my connection name or user name. Here is what it looks like when I open it up (there is no -auth-user-pass thing in this file and I can use this file without having to specify it):
client
dev tun
proto udp
remote a website here 1111
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
cert office.crt
key office.key
askpass login.txt
Is it possible to find my connection name and user name? If I don't need connection name and user name, can I still write up VBA to build up an auto connection process?
I also notice there is an execute process task in SSIS. Is it possible that I can make use of it (because in my understanding obviously I use openvpn.exe to execute a .ovpn file)?
Please correct me if I'm saying something wrong since I'm new to both VPN and SSIS. And much appreciate for whoever can help me with this.
I don't know anything about OpenVPN, but I ran into a similar problem a while back with a server that insisted on an SSH tunnel using PuTTY as the only allowed connection method.
People who put these policies in place never think of the impact on SSIS, especially for unattended processing.
The solution I found was:
Find the command-line equivalent to the PuTTy client (which is called plink)
Have the detailed documentation to hand, because this is really difficult.
Have the SSIS package start plink.exe, passing various parameters (Note: don't use the Execute Process task, as that waits for the process to exit: launch the process in a Script task, and get the handle of plink.exe's ProcessID).
After a wait, have another Script task in SSIS connect to the plink process' InputBuffer, "typing in" a password. Yes, insecure and clunky, though you can store SSIS project parameters encrypted (this obviously requires SSIS 2012 or later)
The SSIS package can now connect to the server and do data stuff, as if it was a normal server without stupid access requirements.
At the end of the package, kill the plink.exe process.
Bear in mind, also, that on unattended execution (e.g. when scheduled in a job), your package will be running in a different security context from the one you work in to develop the package (depending on the SSIS service settings). If your access to OpenVPN has any dependency on ActiveDirectory, you may have to set up another OpenVPN account for the SSIS service's Logon user.
If this sounds horrible, nightmarishly complicated and unstable, it's because it is. Really, the TL;DR version is: tell whoever administers the server that if they really want you to access it using SSIS, they should put some more sensible access policy in place.
After working with my IT colleague, I think I solve the problem. Here are my answer and opinion to this question, and please correct me if I am wrong.
I think opening a VPN automatically is a case by case issue. In this case I am still using Execute Process Task in SSIS. Inside the task editor, what we are executing is not openVPN.exe, it should be a batch file. In the batch file (.bat file) it contains the command of opening .ovpn file with OpenVPN.exe
The process below gives you more detailed info.
The command line is what I use in the batch file:
#echo off
CD /D "C:\Program Files\OpenVPN\config"
start openvpn client.ovpn
TIMEOUT /T 10
exit
In SSIS execute process task
Hopefully this is useful
Related
I have setup PuTTY/Plink to connect to a remote server for loading data from the remote SQL server.
I can easily call the saved session by using the following:
c:\plink -l myusername savedsite
I can then run a SQL Server job that loads the data.
The issue I have is, that this SQL Server job is a scheduled job that runs every x minutes.
What I notice is that running the Plink command keeps the command window open. So on the subsequent run of the job, another command window opens.
What I want to do is to issue an exit/logout command to the Plink window when the task of loading the data is complete. How do I achiever this please?
OK, it does not looks like you will provide us enough information, so that we can give you a good answer.
So only briefly: Plink won't close for you. It cannot know when you are done.
You have to close it on your own. E.g. by:
Starting it with a redirected input and writing exit/logout to it; or
Remembering its process ID and killing it.
We cannot show you how, as we do not know anything about the way you run it and options your environment allow.
I am trying to sftp(SSH) transfer files from a remote server to a local directory in SSIS. I was recommended to use PSFTP.exe to conduct the transfer via a batch file. In debug mode, this works flawlessly, but when deployed to SSIS Catalog, the job stalls at the point to connect and transfer the files. I have no errors from SSIS. The job just freezes. The user set in the job is in the administrator's group. I am missing something. How do I troubleshoot?
Thank you.
Thanks to #Nick.McDermaid, I found out that adding the flag -batch and the key -hostkey aa:bb:cc:........ fixed my problem. for some reason, even though i have the RSA key approved via CMD line, the ssis package did not see the approval, forcing the acceptance. adding the hostkey flag solved the key issue, and the batch flag turned off the interactive setting.
I set up a job to run a SSIS package in the SSIS Catalog, but the SSIS package doesn't start. If I right-click the package and run it, it completes successfully.
When I look in the execution history of the package in the Catalog, there is no sign that it the package was even started by the job.
I created a test package to make sure it isn't the specific package failing, so the package I'm testing with has a SQL Task that does a 'SELECT 1'. Still fails.
The job just stays in the "Executing" state until I stop the job.
I am running SQL Server 2014 Standard Edition, and running the job with a sysadmin account.
Why is the SQL Agent Job not running my package?
Edit: I had a look through this article but it either doesn't apply or I gave it a shot and it didn't work either.
Edit 2: I found an error under the SQL Server Agent Job History: Unable to terminate process 1850 launched by step 1 of job 0x5DAD5416FA09C445B82ABDBB49F75E38 (reason: Access is denied)
Does that mean my service account doesn't have enough permissions on the local machine? However, I AM able to run the job with DTEXEC using the service account without issues...
I have also faced this scenario many times but when I checked running the package manually,its completing successfully because I was using for each loop container and sequence container as well.In both cases for each loop and sequence were completing without validating other ones.So I checked precedence constraint and change it,Now it working and all the component ran successfully. Sometimes we miss to choose appropriate precedence constraint, there are many option like on Success ,failure,completion and then for you can choose values from Constraint ,Expression,Expression AND Constraint and Expression OR Constraint. Initially i was using Expression OR Constraint for success and now changed it to Expression AND Constraint, its working fine for me. You also need to do this,it will definitely work please try and let me know.
When you look at the connections in the SSIS package, did you put in a user id and password? If so, did you add a package password? The reason I ask is that if you don't add a package password, it will strip out things it thinks should be secure (like passwords). You might want to try putting the connection password in a configuration file, and add that file to the job. Either that or password encrypt the SSIS package but you will have to take special care when you run the package for the first time (or when you create the job) because you will need to provide the password that you used to encrypt the package.
Reboot fixes this issue. Reason is because if you look at this message. Unable to terminate process 1850. That is a windows process. I would say reboot. If you really like to enquire before rebooting. You could use sysinternals process explorer. Download it and use that to find process id 1850 which may be hung process in windows.
Thanks
Ali
Is there a way to have a batch file determine the IP/Name of the server from which it is being triggered (i.e. when it's executed on a separate server to the one triggering the execution)?
My initial thought is to add the line netstat -a >> WhoDunnit.txt so that I can see all connections moments after the script's called, then trawl through that hoping the connection was still open; but asking here in case there's a more sophisticated solution?
Background
We recently found a deployment script was being run at 2am each week, with no one having any knowledge of why.
The script's commands mean it will only affect the server on which it's running, so it must be executing locally.
The script's host server has nothing defined in its scheduled tasks / we can't see anything on this machine that would trigger this script.
So the script must be being called from some other server on which the schedule's defined, but in such a way that it executes on the host server rather than on the triggering server.
If I can find which server's calling the script I can find the schedule and disable it.
Batch file with below in it.
echo %~dpnx0
When started by
C:\Users\User>"\\127.0.0.1\C$\users\user\cmdline.bat"
returns
C:\Users\User>echo \\127.0.0.1\C$\Users\User\cmdline.bat
\\127.0.0.1\C$\Users\User\cmdline.bat
Now I would turn process auditing on and wait for it to start.
I'm writing a perl script in which I've to shutdown my mssql server ,do some operation and then I've to restart it.I know 1 way is to use netstat to stopt the service but I cann't use that. So I tried installing DBI and DBD::ODBC module.
More info here :Shutdown MSSQL server from perl script DBI
But when I trying to shutdown my server using this command
$dbh->prepare("SHUTDOWN WITH NOWAIT ");
It's not working for me :
I got this response from the community
SHUTDOWN permissions are assigned to members of the sysadmin and serveradmin fixed server roles, and they are not transferable. I'd consider it unlike(hopefully) that perl is run with this rights.
So please tell me is there a way to run the above command as these users ? or what can I do other than this . Note that I have a constraint tha tI cann't simply stop it as windows service.
If the scripts are executed through a web browser then the user executing the scripts will be defined by the web server. It will probably not be a good idea to fiddle with this user. Just leave things as they are.
What you can do is to create a Perl script that is being run by a privileged user on a consistent basis with CRON.
This script being run by CRON can check for specific content like a file which has been written by a script where the user executing the script has lesser privileges.
So the way it could work is as follows:
You execute browser.cgi through a browser to do a specific task.
browser.cgi writes instructions to a file.
Every 1 minute priveleged.cgi executes via CRON. (The root user could execute priveleged.cgi)
priveleged.cgi reads the file browser.cgi has written for instructions and starts and stops services according to the instructions.