Sql server Agent job is failing with a login error - sql-server

SQL Server 2008 in SSMS
I'm getting this error when running a job I just created using SQL Server Agent:
Executed as user: DNA\circsrv. Database 'DN' does not exist. Make sure that the name is entered correctly. [SQLSTATE 08004] (Error 911). The step failed.
DNA is the name of a network domain, and circsrv is a valid user in that domain.
The Process for the Sql Server Agent is started by user DNA\circsrv but the job itself is owned by a different user, dn-atcore1\syncronexadmin
#owner_login_name=N'DN-ATCORE1\syncronexadmin'
(dn-atcore1 is the name of the system, and syncronexadmin is a local user on the box)
This seems like it should be simple, but I'm just not getting it.
Any ideas? Thanks for any help.
Barb

Do you have a database called 'DN'? The error states that the database does not exist. When you created the job did you set the database?

Does the database exist?
Run this code to check.
-- main database
use master;
go
-- does the db exist?
select *
from sys.sysdatabases
where name like 'DN%'
go
If it does not exist, you have bigger issues here!
Time to find a backup to restore from ...

Related

Bulk Insert failed when executed from remote client but success on local

Please find the diagram as below for my issue:
I have 3 servers in the same domain, there is a SQL Server instance A (it's windows service run under domain\User1), In this instance, we have a Stored Procedure used for BULK INSERT a text file from a network shared folder in server C, the domain\User1 has full permissions on this folder.
My issue is: The Stored Procedure runs ok (green arrow) when connecting by SSMS in its (server A). But it failed when I change to SSMS in server B (log in by the same domain\User1 to the same Instance A). The error is "Access denied" to the text file (red arrow). Does the client have a role in this? I think the client does not matter, the file reading is done from the server (by the user that run Instance A service)
Note: If I connect Instance A from SSMS B with SQL Logon User (not windows account), the stored procedure works fine.
Could anyone give me some advice and sorry for my bad English
This is just a link answer but hopefully it helps.
BTW I commend you for taking the time to analyse the issue to the extent of drawing a diagram. This is far higher quality than most questions on here.
I believe you are running into a double hop issue. I searched everywhere for the BULK INSERT permission model and finally found this https://dba.stackexchange.com/questions/189676/why-is-bulk-insert-considered-dangerous
which says this about using BULK INSERT:
When accessing SQL Server via a Windows Login, that Windows account
will be impersonated (even if you switch the security context using
EXECUTE AS LOGIN='...') for doing the file system access
and this
when accessing SQL Server via a SQL Server Login, then the external
access is done in the context of the SQL Server service account
When you have issues with windows authentication and there is three servers and impersonation, it's often a double hop issue.
This may help you with that:
https://dba.stackexchange.com/questions/44524/bulk-insert-through-network
Which in turn references this:
https://thesqldude.com/2011/12/30/how-to-sql-server-bulk-insert-with-constrained-delegation-access-is-denied/

SQL Maintenance Cleanup task not deleting any files, SQL installed on a DC

The generic problem is as listed here SQL Maintenance Cleanup Task Working but Not Deleting but no solutions applicable. Environment: Windows Server 2012R2, AD DS (with policies of course), RDSH/TS Licensing, 1C-server. The primary problem is SQL Server generating insane amount of events per backup plan run, recording a pair of 18456+17052 errors per file to delete. Errors are as follows:
17052: [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'DOMAIN\mssql_srv'
18456: Reason: Could not find a login matching the name provided. [CLIENT: 192.168.x.x] (matches localhost)
Given that each pair of errors appears once per file to delete (there are about 6000 files already!), the algorithm looks like this:
First, backup plan task runs xp_delete_file, it enumerates all the files in target folder;
Second, each file is deleted by creating a separate connection to machine with service's credentials;
Each connection fails due to whatever restrictions default DC policy applies, generating the pair of events. Of course the file remains in place.
The workaround is of course assign file delete task to a local script run as system, for example, but the very reason of why does SQL server fail to delete a file remains unknown. Permissions have been checked and verified that both SQL Server Agent and SQL Server service accounts have full control to the folder.
It turned out that this "login missing" is not a Windows login, but rather SQL "login" which was not present for the service account. So I needed to create a "DOMAIN\mssql_srv" login in SSMS, give it "public" access rights and voila, files started to get deleted properly. The reason is explained in comment:
If it's T-SQL step and job owner is member of sysadmin server role, the step is executed under service account.

The report server was unable to validate the integrity of encrypted data

The report server was unable to validate the integrity of encrypted data in the database. (rsCannotValidateEncryptedData) .
Could not restore the encryption key, so I deleted the keys and tried to regenerate with rskeymngt with no luck. Getting
'The report server was unable to validate the integrity of encrypted
data in the database. (rsCannotValidateEncryptedData)'
I get that error when accessing http://localhost/ReportServer and when running rskeymgmt -s.
Not sure what next step to take. I have reports that users need to access.
I went into SSRS Configuration Manager > Encryption Keys > click Delete.
When I did that I got the error:
Failed to delete the encryption content in the report server database. Please execute the "DeleteEncryptedContent" stored procedure on the database manually.
To fix it I opened SQL Server Mgmt Studio > expand Databases > right click Report Server > new query and execute:
exec DeleteEncryptedContent
Start > Run > services.msc > Restart the "SQL Server Reporting Service" and its working.
Restarted the services and now everything is working.
So it looks like in order to generate a new key I need to update the Report Server Service account. After that restart the sql server reporting services.
I no longer have the encryption error, but now I am asked for a log in to the data source after clicking on the report. I enter the creds again but get 'The ConnectionString property has not been initialized.'
Just go to the reporting service manager and delete the delete encrypted content or change content now try to connect once more it will be work.
You just need to change database again if you already created then your problem will be solved.
One reason for this could be that the encryption key did not restore correctly. I migrated a report database from one server to another. I restored the encryption key and all seemed well at first but the error the questioner posted started appearing shortly thereafter. Another site had posted a query to look at the keys in the report database (with further instructions of how to delete) and I noticed when I executed it that the SymmetricKey field for my server was NULL. I restored the encryption key again using the Report Server Configuration Manager and noticed that the SymmetricKeys was now populated. I was then able to browse to the report server.

SQL server - job calling procedure and procedure difference

I'm trying to create table from view from remote server (calling procedure UPDATE_PROC), like this:
SELECT *
INTO table
FROM [remote_server\database].DATABASE.dbo.view
And it works perfectly.
Problem is, when I try to create a new job, which is calling the previously worked stored procedure UPDATE_PROC
exec UPDATE_PROC
It doesn't work and reports:
Executed as user: NT AUTHORITY\SYSTEM. The OLE DB provider "SQLNCLI10" for linked server "remote_server\database" does not contain the table ""DATABASE"."dbo"."view"". The table either does not exist or the current user does not have permissions on that table. [SQLSTATE 42000] (Error 7314). The step failed
So it seems to be same, but it isn't. What I'm doing wrong?
UPDATE:
Remote server is SQL Server 2005, job is on SQL Server 2008
I'm logged as sa user. Procedure is working always, job calling stored procedure never
Job isn't run as sa user, but I don't know which user and where should be defined to execute the job propery....
It seems to me that's a security issue. User under which the job is running doesn't have permissions to access table on the remote server.

Error during loading of SSIS package

I'm trying to execute a SSIS package on a SQL Server 2008R2. The script retrieve data on a remote server and copy them to its local database.
This job is scheduled every hour, the SQL Agent use a proxy to authenticate itself to the remote machine. Authentication seems to be ok but I get an error during loading of the SSIS package.
This is what I get:
Could not load package because of error 0xC001404A. Description: While trying to find a folder on SQL an OLE DB error was encountered with error code 0x80040E09 (The EXECUTE permission was denied on the object 'sp_ssis_getfolder', database 'msdb', schema 'dbo'.).
When I add the role of sysadmin to this user, the script works well. I don't know which kind of right I have to add to user on database 'mdb' to avoid this error.
Anybody could help me, please ?
Thanks in advance
You could
GRANT EXECUTE ON MSDB.DBO.sp_ssis_getfolder to [proxy]
Or you could try adding that user to one of the dts/ssis operator/executor roles - starting with user, then operator, then admin to see what level it needs - or read the documentation.
db_ssisadmin
db_ssisoperator
db_ssisltduser
See the section under msdb here: http://msdn.microsoft.com/en-us/library/ms189121.aspx

Resources