Import Certificate into SQL Server 2008R2 running on Windows7 - sql-server

I have a SQL Server 2008R2 running on a Windows 7 Home Premium, I access the database from a remote PC over the internet. This works but the data are transmitted in plain text.
Now I want to enable SSL.
I tried several tutorials.
What I can do in the moment is the following:
Create a self-signed certificate in IIS 7
(Steps one to four of the following tutorial)
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
Assign the certificate to the SQL Server instance
A. Open SQL Server Configuration Manager
B. Right click on 'Protocol on ' (for the instance which we need, here it is STANDARD)
C. In the certificate tab and select the certificate we created earlier.
D. Click on Apply and restart the SQL Server instance to get this change applied.
This works for localhost: if I connect with SQL Server Management Studio running on the same machine as SQL Server it works with the option "Encrypted Connection" activated.
Before I imported the self created certificate It did not work to connect with the option "Encrypted Connection" activated.
If I want to connect with SQL Server Management Studio with the option "Encrypted Connection" activated from a remote PC outside the local network I get this error:
Cannot Connect to home2server.de,50021\SQLServer Additional Information: A Connection was established, but the Certificate was signed from a not trustworthy certification center.
I exported the certificate to SQL_cert.pfx with IIS and copied this file on the remote PC who wants to access the database. Then I double clicked on it and imported it.
Now I get a new error:
The CN Name of the Certificate does not match with the given value.
My guess is that the certificate is issued for database-pc (the computer name of the PC where SQL Server is running). This is the reason it works for "localhost" as the server name.
I think I have to issue a certificate which is issued for home2server.de because this is the domain that redirects the connection to database-pc.
Is my thought true ? And if yes how can I issue a certificate like this?

Add an entry to your hosts file that maps home2server.de to 127.0.0.1 (or ::1), then use home2server.de when connecting locally.
...or don't encrypt local communications.

Related

SQL Server Domain Authentication over VPN

I have a user with SSMS installed locally who wants to be able to access the SQL Db on a remote server over SonicWall SSL VPN.
He can connect to the VPN just fine, RDP to SQL server (as a test) just fine, but cannot connect with SSMS to the server.
So far I've tried:
Enabling Trust for the connection as it was at first presenting an SSL error. Now we just get "login failed for user" errors.
Tested his user with Windows Authentication on the server directly, it works fine.
Enabling names pipes and TCP/IP in server configuration manager.
Testing logging in with a SQL authentication user over VPN - This also works fine.
I am sure the domain\username and password are correct and verified them in several other ways.
Checked the SQL server properties and Allow remote connections is enabled with no timeout.
Opened up everything in the sonicwall from the SSLVPN to the SQL server as a test, changed nothing.
Attempted disabling the local and SQL windows firewall, changed nothing.
Probably some other stuff, but I don't remember right now.
This is SQL Server 2014. He is using SSMS 2017, but I've tried it on the SQL Server with 2017 and it works fine and as mentioned he can log in over VPN with a direct SQL Server user. All other users just RDP to SQL server and connect that way so this has never come up again, but they don't want the new employee having RDP access to the SQL Server.
The exact settings on his SSMS I'm using are Active Directory - Password and under connection properties encrypt connect and trust server certificate are checked.
No special or changed ports on SQL Server, everything is basic installation defaults.
In this example, I'm editing the NT Service\MSSQLSERVER user.
However, when you edit the user/s in question and navigate to User Mapping as can be seen below:
Is the Database they are allowed to access selected?
Also, while the Database is selected, did you tick the permissions to the Database, as stipulated above?
If not, please try this and advise if it worked?

SQL Server Named Instance TCPIP port settings & EndPoints/Infrastructure permissions error

I have a local installed SQL Server 2016 (Developer edition) installation on Windows 10 Pro. There is one named instance. I am a developer using MS SQL Management Studio and JetBrains DataGrip.
I just want my connections within my local machine to work with SQL Server over TCPIP using a SQL Server user account..! At the moment this only works using my Windows Authentication mapped to ServerAdmin
Named instance
RAXLENOVOT560\MSSQL2016MAIN
(authentication is mixed mode)
There are 3 issues that maybe linked:
TCP Port number does not appear to take effect within the Sql Server Configuration Manager.
The Sql Server Configuration Manager only shows limited properties on the Client Protocols/TCPIP settings. (please see screen shots)
Sql Server login user account does not connect via TCP due to an error. Login within local machine, local development from DataGrip to SQL Server.
1. TCP Port number
I have set this to 65321. However when I try and connect using this port no connection is made.
When I checked using the following SQL query I see the port number is actually 65514
SELECT DISTINCT
local_tcp_port
FROM sys.dm_exec_connections
WHERE local_tcp_port IS NOT NULL
results
local_tcp_port
--------------
65514
I change the port number in the config tool, restart ALL SQL Server services, reboot and still nothing works. Still listening on port 65514
Note I did not choose 65514, this seems to be a default from SQL Server.
2. The Sql Server Configuration Manager Properties Missing
Note the properties screen is limited only to a few options, there are usually lots more why is is? Perhaps due to running on Windows 10 Pro vs Windows Server?
3. Connection Login failure
Login from the local machine only.
I have opened the firewall for all the relevant SQL Server ports
TCP 1433
TCP 65514 (the forced sql server port)
TCP 65123 (what I would like to use)
UDP 1434 Sql Server Browser
I attempted login via a number of means
Sql Server Management Studio
Udl File
Java connection via DataGrip
Since opening the firewall, all the connections work but only if the hostname is 127.0.0.1, why can't I use the computer name? The connections also work if I use my Windows Login but NOT a SQL Server login
The login fails due to the error shown below from the SQL Server Log (which proves the TCPIP connection is reaching SQL Server).
Login-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission
Date 24/04/2018 11:25:05
Log SQL Server (Current - 24/04/2018 11:20:00)
Source Logon
Message
Login failed for user 'SvrDeveloper'. Reason: Login-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission. [CLIENT: 127.0.0.1]
The Sql Server User has the following permissions and settings (please see screenshot)
Name = SvrDeveloper
Server Roles = public
Securables = RAXLENOVOT560\MSSQL2016MAIN Type=Server
Securables = TSQL Default TCP Type=EndPoint
Connections
Udl Connection
[oledb]
; Everything after this line is an OLE DB initstring
Provider=SQLNCLI11.1;Integrated Security=SSPI;Persist Security Info=True;User ID="SvrAdmin";Password="Password123";Initial Catalog="";Data Source=TCP:127.0.01\MSSQL2016MAIN,65514;Network Library=DBMSSOCN;Initial File Name="";Server SPN=""
Java connection:
jdbc:sqlserver://127.0.0.1:65514;databaseName=CcTools;user=SvrDeveloper; password=Password123
Some additional information:
Version

Unable to connect to Azure SQL Server. Getting an error "The Network path was not found"

I created an Azure SQL Server. I have set the firewall, added my IP address to the rules. I tried to log in using SQL Server Managment Studio but got the network error every time. I am using the Server Admin Login and password created while creating the SQL server. Are there any more steps required to log into the SQL Server?
Note: I also enabled port 1433 for inbound connections on my PC.
According to the error message, we should check the server name of the database.
We can select the database here, and SQL Server Managment Studio will type the server name automatically:
Another way, we can find the information via azure portal, then type the server name manually:
It seems you are using named pipes to connect to SQL database. What happens if you specify TCP/IP protocol in advanced properties tab?
Thanks Everyone for your inputs. The only issue was, the firewall was blocking the port 1433. After opening it, I could connect to the SQL Server hosted in Azure. The link below mentions the requirement to open the said port. https://learn.microsoft.com/en-us/azure/sql-database/sql-database-develop-direct-route-ports-adonet-v12

SQL Server cannot find Certificate

Background Information:
I have a single Window VPS at example.com.
I have it running IIS and SQL Server.
I have a certificate for example.com that works fine with IIS.
I want to use the same certificate for SQL Server to allow encrypted connections with clients.
SQL Server Configuration Manager does not present the certificate in the drop down.
I believe the problem is that SQL Server does not think the certificate is valid, because what SQL Server thinks the server name is does not match the certificate (example.com).
How do I check what SQL Server thinks the server name is? If it is wrong how would I change it?
Okay I found out the issue.
The hostname on my machine was wrong. It wasn't "example.com", but some name randomly generated by windows. You can set this in the computer's properties window.
The certificate was not registered to be used on port 1433. I had to use netsh to enable the certificate to be used on port 1433. Instructions here: http://msdn.microsoft.com/en-us/library/ms186362(v=SQL.100).aspx
Those two steps where complete I got the certificate to show up in SQL Server Configuration Manager, but I still had a problem went I attempt to run SQL Server. It would not start with a message from the logs saying it could not find or read the SSL Certificate.
The last step was making sure the account running SQL Server had permission to read the certificate. I went into the certificate snap-in and then went to properties under the certificate, then on the Security tab I gave the Network Services account read permission on the certificate. (NOTE: I did not find any tutorials online reference this step. It was just some dumb luck that I found this.)
After those steps where complete the SQL Server Service start up with out any problem.

Unable to connect to SQL Server instance remotely

I’m trying to access the SQL Server instance on my VPS from SQL Server Management Studio on my local machine. It’s not working (the error I’m getting is:
A network-related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections.
I think this is because I need to configure the database engine to allow remote connections (correct me if I’m wrong!). So I’ve found this step-by-step guide to help me do that: http://www.linglom.com/2009/03/28/enable-remote-connection-on-sql-server-2008-express/ I’ve got to point 10 in the guide and I am now stuck! I don’t have SQL Server Management Studio installed on my VPS. Anyway, this has left me with two options:
Install SSMS
Find another way to do point 10 onwards in the guide without having SSMS installed
I tried installing SSMS on my VPS using the Web Platform Installer but it keeps failing. I don’t know why it’s failing because it doesn’t seem to give a reason why. Does anyone know how I could allow remote connections a different way?
The version of SQL Server installed on my VPS is SQL Server 2008 R2 Express.
Update:
I have tried to disable the firewall on both my laptop and VPS to see if it is a firewall issue. This made no difference to the error message.
Another Update:
Having now been able to install SSMS (I installed directly from the website rather than using the WPI), I have been able to check that the server is configured to allow remote connections (I went to SSMS, connected to the SQL Server instance, right-clicked on the connection, clicked Properties, went to the Connections tab. "Allow remote connections to this server" is already ticked).
SOLUTION
Thanks to everyone for helping me get to this solution! I've finally managed to get it to work! I followed Filip De Vos's advice and opened the ports in the Firewall on my VPS and then I received a different error message. This led me to investigate further and I found that I was using the wrong credentials to login! So I've set a password for the sa user and I've managed to login using that! Thanks again!
To enable mixed authentication you can change the following registry key:
HKLM\Software\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\LoginMode
Update the value to 2 and restart the Sql Server service to allow mixed authentication. Note that MSSQL.1 might need to be updated to reflect the number of the SQL Server Instance you are attempting to change.
A reason for connection errors can be a virus scanner installed on the server which blocks sqlserver.exe.
Another reason can be that the SQL Server Browser service is not running. When this service is not running you cannot connect on named instances (when they are using dynamic ports).
It is also possible that Sql Server is not setup to listen to TCP connections and only allows named pipes.
In the Start Menu, open Programs > Microsoft SQL Server 2008 >
Configuration Tools > SQL Server Surface Area Configuration
In the Surface Area Configuration utility, click the link "SQL Server
Configuration Manager"
Expand "SQL Server Network Configuration" and
select Protocols.
Enable TCP/IP. If you need Named Pipes, then you can
enable them here as well.
Last but not least, the Windows firewall needs to allow connections to SQL Server
Add an exception for sqlserver.exe when you use the "Dynamic Port" system.
Otherwise you can put exceptions for the SQL Server ports (default port 1433)
Also add an exception for the SQL Server Browser. (udp port 1434)
More information:
How to: Configure a Windows Firewall for Database Engine Access
Server Connectivity How-to Topics (Database Engine)
As a last note, SqlLocalDB only supports named pipes, so you can not connect to it over the network.
In addition to configuring the SQL Server Browser service in Services.msc to Automatic, and starting the service, I had to enable TCP/IP in: SQL Server Configuration Manager | SQL Server Network Configuration | Protocols for [INSTANCE NAME] | TCP/IP
Launch SQL Server Configuration Manager on your VPS.
Take a look at the SQL Server Network Configuration. Make sure that TCP/IP is enabled.
Next look at SQL Server Services. Make sure that SQL Server Browser is running.
Restart the service for your instance of SQL Server.
Open the SQL Server Configuration Manager....
2.Check wheather TCP and UDP are running or not....
3.If not running , Please enable them and also check the SQL Server Browser is running or not.If not running turn it on.....
Next you have to check which ports TCP and UDP is using. You have to open those ports from your windows firewall.....
5.Click here to see the steps to open a specific port in windows firewall....
Now SQL Server is ready to access over LAN.......
If you wan to access it remotely (over internet) , you have to do another job that is 'Port Forwarding'. You have open the ports TCP and UDP is using in SQL Server on your router. Now the configuration of routers are different. If you give me the details of your router (i. e name of the company and version ) , I can show you the steps how to forward a specific port.
I had the same issue where my firewall was configured properly, TCP/IP was enabled in SQL Server Configuration Manager but I still could not access my SQL database from outside the computer hosting it. I found the solution was SQL Server Browser was disabled by default in Services (and no option was available to enable it in SQL Server Configuration Manager).
I enabled it by Control Panel > Administrative Tools > Services then double click on SQL Server Browser. In the General tab set the startup type to Automatic using the drop down list. Then go back into SQL Server Configuration Manager and check that the SQL Server Browser is enabled. Hope this helps.
Disable the firewall and try to connect.
If that works, then enable the firewall and
Windows Defender Firewall -> Advanced Settings -> Inbound Rules(Right Click) -> New Rules -> Port -> Allow Port 1433 (Public and Private) -> Add
Do the same for Outbound Rules.
Then Try again.
I recently upgraded from SQL 2008 R2 to SQL 2012 and had a similar issue. The problem was the firewall, but more specifically the firewall rule for SQL SERVER. The custom rule was pointed to the prior version of SQL Server. Try this, open Windows Firewall>Advanced setting. Find the SQL Server Rule (it may have a custom name). Right-Click and go to properties, then Programs and Services Tab. If Programs-This program is selected, you should browse for the proper version of sqlserver.exe.
If you have more than one Instances... Then make sure the PORT Numbers of all Instances are Unique and no one's PORT Number is 1433 except Default One...
Open SQL Server Configuration Manager.
Click SQL Server Services, on the right side choose the server you've created during installation (by default its state is stopped), click once on it and a play button should appear on the toolbar. Click on this play button, wait til its state turns to "Running". Now you're good.
Open SQL Server Management Studio; switch the "Server Type" to "Database Engine" and "Authentication" to "SQL Server Authentication". The default login is "sa", and the password is the password that you chose on creating the server. Now you're good to work.
In my case the problem was caused by the inconsistency between computer names. In system settings my computer was named with some long name, but apparently the name used for some certain communications was trimmed.
I changed the name in the settings to a shorter one and it worked.
I had built both a console app and a UWP app and my console connected fine, but not my UWP. After hours of banging my head against the desk - if it's a intranet server hosting the SQL database you must enable "Private Networks (Client & Server)". It's under Package.appxmanifest and the Capabilities tab.Screenshot
Before download the last version and update your sql server to fix errors of TLS 1.2 on Sql Server 2012. For more information, check here.

Resources