With the Windows 2003 end-of-life data looming next month, I am migrating a legacy application to Windows 2008. This has all gone surprisingly smoothly with the exception of our connection to Indexing Services.
We have two servers, a DB server running SQL 2008 and a Web server. Our web application allows users to search a document store. Here's the process:
User types in query to web application
Web application sends a query to the database server
The query references the web application as a linked database server and loads the retrieved paths into a temporary table
The database server joins those paths against another table in the SQL server
The database server sends the results back to the web application
The web application shows the results to the user.
The web application logs in via SQL authentication to the DB server to perform the query, but it fails with this error:
An error occurred while preparing the query "SELECT PATH FROM "10.0.1.89".MyCatalog..SCOPE('DEEP TRAVERSAL OF "C:\Documents"') WHERE (FREETEXT(Contents, 'introduction')) OR (FREETEXT(FileName, 'introduction'))" for execution against OLE DB provider "MSIDXS" for linked server "Filesystem".
The same error is displayed when I attempt to execute the query when logged in as this user on the DB server through SSMS, but with some extra information:
OLE DB provider "MSIDXS" for linked server "Filesystem" returned message "Invalid catalog name 'MYCATALOG'. SQLSTATE=42000 ".
Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "MSIDXS" for linked server "Filesystem" reported an error.
Access denied.
Msg 7321, Level 16, State 2, Line 1
An error occurred while preparing the query "SELECT PATH FROM "10.0.1.89".MyCatalog..SCOPE('DEEP TRAVERSAL OF "C:\Documents"') WHERE (FREETEXT(Contents, 'introduction')) OR (FREETEXT(FileName, 'introduction'))" for execution against OLE DB provider "MSIDXS" for linked server "Filesystem".
However, when I log in to SSMS with my Windows Authentication account, I am able to perform the same query and it returns result. My username and password must be the same as an account on the web server - if I change my password on the web server, an error is thrown, but not the same one:
OLE DB provider "MSIDXS" for linked server "Filesystem" returned message "Unspecified error".
OLE DB provider "MSIDXS" for linked server "Filesystem" returned message "Invalid catalog name 'MYCATALOG'. SQLSTATE=42000 ".
Msg 7321, Level 16, State 2, Line 1
An error occurred while preparing the query "SELECT PATH FROM "10.0.1.89".MyCatalog..SCOPE('DEEP TRAVERSAL OF "C:\Documents"') WHERE (FREETEXT(Contents, 'introduction')) OR (FREETEXT(FileName, 'introduction'))" for execution against OLE DB provider "MSIDXS" for linked server "Filesystem".
I created the linked server with this query, which appears to match the configuration of the legacy system:
EXEC sp_addlinkedserver FileSystem, 'Index Server', 'MSIDXS', 'Web';
EXEC master.dbo.sp_addlinkedsrvlogin #rmtsrvname = N'FileSystem', #locallogin = NULL, #useself = N'False', #rmtuser = N'CatalogUser', #rmtpassword = N'xxx';
I created a user on the web server with the name CatalogUser, and I set its password to be the same as the query above.
When I connect with Windows authentication however, this information seems to be ignored and my Windows authentication data is used instead. If I change the password to anything, the query still succeeds.
I have tried enabling CatalogUser to log on as a service account, and this has had no effect.
The two machines are not on a domain, but neither are the two Windows 2003 machines, and that works totally fine.
I must have missed something from the set-up between the two. Unfortunately, these machines were set up long before people started keeping documentation for stuff like this, so I'm not sure what the missing step is.
There isn't very much information about this issue on the internet, presumably due to the age of the software, so at the very least we can start to build a knowledge base here. I wonder if more people are having issues with this software now the end of life is on the horizon.
I have now resolved this issue. I didn't know this, but when you run a program under NT AUTHORITY\LOCAL SYSTEM, it will authenticate over the network as an anonymous user.
To resolve this, I created a new SqlServer user on both the web server and the DB server with the same password. I then configured my SQL Server instance to run under this new user, and it started authenticating correctly.
It seems that any security information entered for the MSIDXS backend is just ignored, although perhaps it wouldn't be if you were joined to a domain. All other documentation I read suggested that was the only way to do this, but it wasn't the case in the original setup and it isn't the case here.
Related
I was trying to make replication with local and online DB on HostGator dedicated server, with no solution because of security?
Now, I'm trying to run SQL Server job to execute a procedure for inserting data from local server DB to online server DB and vice-versa, also
I got an error like the attached image (i think security error)
note: I use (sa) account and its privilege was an admin
error:
02/11/2019 20:12:00,run wt stored,Error,1,AABUZEID,run wt
stored,runn,,Executed as user: NT AUTHORITY\SYSTEM. Login failed for
user 'NT AUTHORITY\SYSTEM'. [SQLSTATE 28000] (Error 18456). The step
failed.,00:00:01,14,18456,,,,0
I set up a stored procedure to import data from a csv file on a network drive. I trouble shoot all the previous errors and setting that are the usual requirements to make this work. I'll put that T/S info below with the boiled down code. I am at the point where this works perfectly when I run it from SSMS 2016, which is running on the windows 2012r2 server, which is running the sql server 2016, and I am logged in via Remote desktop as my network admin id. But does not work when I run it from SSMS 2016, which is running on windows 10 desktop, and I am logged it as the same admin id.
It also failed when I call the sp from the app on my desktop, which will be the actual place I want to call it from.
Code:
select *
from openrowset('MSDASQL'
,'Driver={Microsoft Access Text Driver (*.txt, *.csv)}'
,'select * from \\servername\public\Utilities\SWUMOps\BackEnd\saws\accts.csv')
Error from ssms on desktop:
OLE DB provider "MSDASQL" for linked server "(null)" returned message "[Microsoft][ODBC Text Driver] '\servername\public\Utilities\SWUMOps\BackEnd\saws' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.".
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "select * from \servername\public\Utilities\SWUMOps\BackEnd\saws\accts.csv" against OLE DB provider "MSDASQL" for linked server "(null)".
.............
I've set the temp folder in the profile of the service id to everyone and domain users to modify
I have the 64bit driver loaded on the 64bit sql server
I have set 'Ad Hoc Distributed Queries', 1;
I verified the SQL Server service ID is in the Global group that has permissions to the folders and file on the remote share.
All the research I've done keep pointing me back the these steps above.
I also saw something about forcing tcp/ip instead of named pipes, but named pipes wasn't enabled, which it is now.
It seems to be related to how the permissions are used differently from when you run the tsql from on or off server , so I was hoping that would ring a bell for one of you fine folks.
Thanks
edit:
I also tested the sql svr service id by logging on to my desktop with it and opening the file on the unc path with no problems.
I want to query a supplier Azure SQL PDWH from our on-premises server (SQL 2014) to extract data from that Azure SQL PDWH and insert into a database that is located on the on-premises server. In the end this should automated via stored procedures that reside in the on-premises database and are scheduled.
To do so I have setup a linked server between the Azure SQL DWH and our on-premises server using the following scripts that I found here:
https://blogs.msdn.microsoft.com/sqlcat/2011/03/07/linked-servers-to-sql-azure/
/*
Create new linked server
*/
-- Make a link to the cloud
EXEC sp_addlinkedserver
#server=N'read_only_dwhs',
#srvproduct=N'Azure SQL Db',
#provider=N'SQLNCLI',
#datasrc=N'server.database.windows.net,1433',
#catalog='xxxxxx';
GO
--Set up login mapping
EXEC sp_addlinkedsrvlogin
#rmtsrvname = 'read_only_dwhs',
#useself = 'FALSE',
#locallogin=NULL,
#rmtuser = 'xxxxxx',
#rmtpassword = 'xxxxxx'
GO
These statements run without errors. However, when I execute the sp_testlinkedserver it returns a time-out error after about 10 seconds.
OLE DB provider "SQLNCLI11" for linked server "read_only_dwhs" returned message "Login timeout expired".
OLE DB provider "SQLNCLI11" for linked server "read_only_dwhs" returned message "Unable to complete login process due to delay in prelogin response".
Msg 258, Level 16, State 1, Line 23
TCP Provider: Timeout error [258].
I checked with IT and they confirm that nothing is blocked by the firewall relating this and that TCP/IP is enabled. Our supplier also confirms that our IP is added to the Azure Firewall. I have no problem querying direct from the Azure SQL PDWH database via visual studio community 2015.
Also tools like these: http://sqlazuremw.codeplex.com/ give the same error on connecting.
I searched for hours, but whatever I do it keeps returning the same error message.
Any help is appreciated.
Update 2016 09 27:
After some more testing with IT it seems like this has to do with our firewall settings.
When I directly query via the database from the on-premises server (connected via remote desktop) to the Azure DWH I get no errors and everything works. I am than also able to query from my local machine, using the same on-premises database.
However, when another colleague logs on to the on-premises server I am not able anymore to query from my local machine (with the time-out errors above) until I login again to the (on-premises) server with my credentials.
I think that the firewall rule is too strict in only allowing information to be sent/received to the Azure DWH if my credentials are active on the on-premises server.
Update 2016 09 28:
The issue seems to be fixed for now. IT managed to apply the correct settings to the firewall. The server can now communicate with the Azure DWH even when colleagues are logged on to the server.
This might help some-one else.
I am having a problem using an web application against a stored procedure. I have a stored procedure that uses
EXEC('Query') AT LinkedServerName
My application uses a service account as the identity in the application pool. When I run the stored procedure from my application I receive this error message
The OLE DB provider \"MSDASQL\" for linked server \"E04\" reported an error. Authentication failed
I tried putting in EXECUTE AS LOGIN MyLogin, but it still fails even though sql server profiler shows that MyLogin is running the stored procedure after the custom account for my application logs in. I am guessing the EXECUTE AS LOGIN does not cascade down to the EXEC() AT.
Is the only option to change the permissions on the linked server? Is the service account from my application not using the remote username and password defined in the properties of the linked server?
I have an Oracle linked server in my SQL Server database.
I log into SQL Server using local and then Windows authentication.
As the Administrator (which is the account that set up the linked server) I can query directly or embed in a stored proc and then execute the proc without a problem.
As my named user, which has full administrator rights and also has had all SQL Server Groups on the Windows security settings added, I can query my linked server just fine using either synonyms or the OpenQuery syntax. But if I try to execute one of the stored procedures, it will give me the error messages
Message 1:
The OLE DB provider "OraOLEDB.Oracle" for linked server "<server name>" reported an error. The provider did not give any information about the error.
Message 2:
Cannot execute the query "<query string>" against OLE DB provider "OraOLEDB.Oracle" for linked server "<server name>".
I have searched online and typically people see this emssage when trying to run an ad hoc query. My ad hoc query runs just fine. Still, I applied the solution selected, which was to check the "Allow inprocess" option on the OLEDB Provider. Doing that did not help.
any ideas?
Please enable "Allow in Process" option for the provider by opening up Linked Server > Providers and checking on "Allow in Process". For more detail information, please refer to the following link:
Demystifying SQL-Oracle Distributed Query Issues
http://blogs.msdn.com/b/bindeshv/archive/2008/05/21/demystifying-sql-oracle-distributed-query-issues.aspx
source:
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/902f5edf-e357-4ee7-82e8-ea5760882985/cannot-fetch-a-row-from-ole-db-provider-oraoledboracle-for-linked-server-linkedservername?forum=sqldataaccess