I have two identical Windows 2012 R2 environments. One is for development and the other is for staging.
For my server-side language I am using PHP and the Laravel 4.1 Framework.
I have a service account that I use for both environments to connect to our MSSQL development database. I set the service account to the application pool and assign that application pool to the application within IIS 8.5. I have done this numerous times with no issues. This avoids us storing the password in the PHP database config file within Laravel.
Now, the application I built is running fine in development. I can connect to the database using the method described above. I copied the identical code over to staging, again using the same environment and the same service account, but I get the dreaded:
PDOException
SQLSTATE[28000]: [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Because it is working in development with no issues and because I have other applications on my staging box that are successfully able to connect, I am at a complete loss as to why this application can't connect in test. I spent hours yesterday troubleshooting with no luck.
Any ideas?
The issue had to do with the ApplicationHost.config file. The other applications and app pools had an attribute of userName="" which the application that was causing the issue did not. I manually added the attribute and this resolved my issue.
<location path="Default Web Site/application-name">
<system.webServer>
<security>
<authentication>
<basicAuthentication enabled="false" />
<anonymousAuthentication enabled="true" userName="" />
</authentication>
</security>
<handlers>
Related
I have a web site app running on IIS 7.5 that access a LocalDb, all installed on same server.
Using SSMS, I can see the app db folder in the object explorer but when I try to expand it, I get an error saying that the database is not accessible. If I stop the web site in IIS then I can access it.
Is there a way that I can work on the database in SSMS simultaneously while the clients are accessing the web app ?
I log in the SSMS as administrator using Windows authentication. The web app log in as "IIS AppPool\AutoParkDemo" using the ApplicationPoolIdentity.
<connectionStrings>
<clear />
<add name="AutoPark" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=AutoParkDemo;AttachDbFilename=C:\AutoPark\Demo\Data\AutoParkDemo.mdf;Integrated Security=true" providerName="System.Data.SqlClient" />
</connectionStrings>
IIS server needs to have exclusive access to local db file, that is the main reason you can't access to database using SSMS.
In theory you could have read-only access to local db while IIS is running on background. I use often Visual Studio and IIS, and I can access local db while web server is running.
I believe SSMS needs write access to works with local db. This could be the reason why VS can read and SSMS not.
What I have found out is that each application that access LocalDB simultaneously, must have its own shared instance. There is a good tutorial about it on MS site, but the problem is that if there is no activity the shared instance stops and, although I read on Microsoft website that it will restart automatically, it didn't happen to me. After struggling for couple weeks, I decided to use the suggestion from other post on this site: When deploying to a web site with IIS, use SQLExpress instead. It now works perfectly.
I'm connecting to a remote database. The connection works for ASP.NET Development Server, but is failing since I switched to using IIS. Here's my connection string:
<add name="ConnectionString"
connectionString="Server=SQL-NWSS-048\SHRDDEV01;Database=PESTS;Trusted_Connection=True;"
providerName="System.Data.SqlClient" />
In Cassini, the web site is running under your account. Since your account has rights to the database, it works, as you're using Windows Integrated security to access the SQL Server. (Trusted Connection=True).
In IIS, unless you configure it differently, it runs under the <Server Name>\Network Service account, which is a local account on that server. Odds are that account doesn't have access to the database.
See How to: Access SQL Server Using Windows Integrated Security
That's relatively difficult compared to using SQL Server authentication instead. I'd recommend using SQL Server authentication, where you pass in a username/password if your situation allows for it. Just be sure to encrypt the connection strings in the web.config.
I have what I thought would have been a pretty normal scenario...
I have a
-WCF Client
-WCF service hosted in AppFarbic within IIS7.5
-SQL Server 2008 r2
IIS is running using the App Pool Identity
I am connecting from the client using the following config file
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<client>
<endpoint
name="NetTcpBinding_IXXXService"
address="net.tcp://app02.xx.com/XXXService/XXXService.svc"
binding="netTcpBinding"
contract="XXXClient.IXXXService">
<identity>
<servicePrincipalName value="host/app02.xx.com" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
IIS is running using the application pool identity.
I can get the service to connect to the database if I create a \$ login.
When using the application pool identity is this the only way of connecting to the database using Windows authentication?
I presume this is allowing the Network Service account on this machine to access the database. I also presume that this also means any service running as network can access the database?
Is there any of way of tying the application pool identity to the database login?
EDIT: When I change the user of the App Pool to be another user with access to the database I get an SSPI failed error
Please forgive me for taking a stab at this when I am not familiar with WCF or AppFarbic. Though I do know a little about IIS and authentication to SQL server on different server.
Can you connect to the database if you use username-based security with a password?
What authentication method are you using on the web site?
If you are trying to use integrated Windows authentication and your web authentication method is also integrated, then you have to use Kerberos security in IIS to allow delegation for the "second hop" over the network to the SQL server. Regular NT security is not enough because it can only do impersonation, which doesn't allow this. Getting delegation to work can be a pain in the butt, but you have to examine the SPN you're using and make sure it's properly registered on the SQL server, plus mess around with IIS to make sure that Kerberos is enabled and actually working instead of it silently slipping back to NTLM. The web server also has to be "trusted for delegation" in the domain group policy (assuming your web server is joined to a domain).
Wondering if anyone has encountered this authentication issue? My web server is running IIS7 on a Windows Server 2008 machine and the .NET 4.0 runtime. The virtual directory for my application has ASP.NET impersonation and Windows authentication turned on. Anonymous, Basic, Digest and Forms Authentication are turned off.
"There was a failure using the default 'ProfileProvider'. Please make sure it is configured correctly. Failed to generate an instance of SQL Server due to a failure in starting the process for the user instance. The connection will be closed."
Due to this error, my Silverlight 4 application is unable to retrieve the current user's windows loginid
information. The error does not happen locally on my dev machine, but only out on the deployed IIS server. I have fiddled with the roleManager config value and tried setting it to true and commenting out the whole entry, but I'm still seeing the same error message.
Hoping someone out there has come across this error and a solution/explanation for what's causing it to happen.
thanks in advance,
John
Here are my current web.config authentication and role settings. (angle brackets omitted)
roleManager enabled="false"
identity impersonate="true"
authentication mode="Windows"
After a lot of experimentation and googling, turns out that there was a profile section in my web.config file.
<profile enabled="false">
<properties>
<add name="FriendlyName" />
</properties>
</profile>
I needed to add enabled="false" to the profile tag to turn off any default ProfileProvider functionality to the site.
Why it isn't set to false, by default, is beyond me.
I faced exactly same issue mentioned in this question and the following simple steps solved it:
Open IIS Manager
Select Application Pools from the Connections pane.
Then select the application pool you use with your application.
Select Advanced Settings... from Actions pane.
Now turn Load User Profile option to True then hit OK
That's all.
After rebooting the Windows 2003 Server with the IIS I receive the follow error message:
Cannot connect to the configuration database
in the browser. The error occur on different pages and with different clients. that I think it is a server problem.
What can I do to solve this error?
A quick web search suggests that this error message is probably coming from SharePoint Services, and indicates that SharePoint cannot connect to its database.
There seem to be several reasons suggested:
The SQL database is not running, has been removed, or you otherwise can't connect to it (firewall, login credentials, network failure)
IIS is running in the wrong mode
The latter could be IIS 6.0 configured for IIS 5.0 compatibility mode, or the application pool configured for 32-bit worker processes on a 64-bit system.
I hade the same problem, and it did happen just after a windows update, hmm...
First of all, someone (windows update) hade change the user account on the service "Windows Internal Database (MICROSOFT##SSEE)". Changed back to the right account and the WSS started to work, but with an error (Application / error or something)
This new problem was something I just got for free after I hade run the Exchange Analyzer tool and done some modifications to my system, that was recommended by the tool.
If i changed my web.config too look like this (c:/inetpub/wss-dir/web.config):
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly"/>
</system.web>
</configuration>
I discovered what the problem was, it was a access/security issue. The error message told me:
Access to the path "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\root\8c91a6b5\649b28ba" is denied.
But this was not the hole truth... the access denied was not to the ..\Temporary ASP.NET Files\root\8c91a6b5\649b28ba folder, it was to the %TEMP% folder, that I hade just moved due to a suggestion from the Exchange Analyzer Tool.
Have a nice day!
I had that problem with sharepoint I used this to fix the sql database
http://heresjaken.com/sharepoint-cannot-connect-to-configuration-database-error-after-installing-kb2687442-update-on-sbs-server-2008/