I can not access my sql server connection from c# code. I get this error:
Sql Exception: No Process Is on the Other End of the Pipe
thats the connection string in my app.config:
<add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=BELLA\SQLEXPRESS;Initial Catalog=TLP;User Id=pascal;Password=test;Pooling=False"/>
When I use windows authentication: Integrated Security=True;
Then I can connect to the database.
BUT I can NOT use windows authentication because the opening of the sql connection is done from within a windows service which is run as LocalSystem. When I do this I get this error:
Login failed. Login failed for user 'NT AUTHORITY\SYSTEM'
Its the first time I create a login + user in sql management studio so I am nearly sure I did something wrong and its my fault.
This is what I did:
1) Create a new login in the server`s security folder with sql authentication user:pascal and password:test.
2) Went to my database and create a new user in the security folder with user: pascal and login: pascal and schema: dbo
3) Did I forget something?
Solutions from other people:
1) I have also tried this link but no luck my Sql Select on the suspect_pages table is empty.
Error: No process is on the other end of the pipe
2) My Sql Server network configuration has ENABLED on the tcp/ip, names pipes and shared memory settings.
3) SQL Server 2008 can't login with newly created user
Number 1 to 3 did not help at all.
All this is done on my local machine. No network is here.
Did you enable Shared Memory and TCP/IP providers in SQL configuration?
If not, try opening the SQL Server Configuration Manager utility and enabling Shared Memory and TCP/IP. The order that works for me is Shared Memory (1) and TCP/IP (2) for both server and client.
Also, make sure you are creating both a SQL LOGIN and DATABASE USER for PASCAL with correct rights.
Check out my blog article on creating logins. http://craftydba.com/?p=656
The snippet below will blow away and recreate your login/user with the correct default database, default schema and read/write privileges.
-- Which database to use.
USE [TLP]
GO
-- Delete existing user.
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'pascal')
DROP USER [pascal]
GO
-- Which database to use.
USE [master]
GO
-- Delete existing login.
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'pascal')
DROP LOGIN [pascal]
GO
-- Add new login.
CREATE LOGIN [pascal] WITH PASSWORD=N'test', DEFAULT_DATABASE=[TLP]
GO
-- Which database to use.
USE [TLP]
GO
-- Add new user.
CREATE USER [pascal] FOR LOGIN [pascal] WITH DEFAULT_SCHEMA=[dbo]
GO
-- Add to database read / write roles
EXEC sp_addrolemember 'db_datareader', 'pascal'
EXEC sp_addrolemember 'db_datawriter', 'pascal'
GO
-- Add to database owner role?
-- Only give out if application needs a high level of privileges.
-- EXEC sp_addrolemember 'db_owner', 'pascal'
-- GO
Server level protocols.
Client level protocols.
I never choose NETBIOS since it is a non-routable protocol.
If you are still having issues, please post a screen shot and more details.
Probably an unusual scenario but I just got this exception and tracked it down to an invalid database name in the Initial Catalogue value of the connection string.
Related
I have a script that tries to recreate part of a database. Part of that is to script out the logins that are used with that database.
I am trying to find a "cannot do harm" level of permission for this to run as.
Basically it needs to be able to see all the server logins to script them out (except passwords of course). But it needs to not have permissions to add, alter or delete anything on the server. Just script.
I looked at the roles and permissions for the server level, and I am not finding anything like that.
Does SQL Server have server level read only permissions for logins?
Does SQL Server have server level read only permissions for logins?
Yes, but it is not for ANY login, it is on a granular level, for each login:
https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-server-principal-permissions-transact-sql
USE master;
GRANT VIEW DEFINITION ON LOGIN::EricKurjan TO RMeyyappan
GO
The downside is that you have to grant view definition for each login and every time a new login is created. For new logins, you could create a server DDL trigger which grants VIEW DEFINITION permission for the newly created login to your login (or better create a custom server role for this)
CREATE TRIGGER ddl_trig_for_create_login
ON ALL SERVER
FOR CREATE_LOGIN
AS
BEGIN
declare #newlogin sysname = quotename(EVENTDATA().value('(/EVENT_INSTANCE/ObjectName)[1]','sysname'));
declare #sql nvarchar(200) = 'GRANT VIEW DEFINITION ON LOGIN::'+ #newlogin +' TO public'; --<-- public just for testing.. change public to a custom server role
exec(#sql);
END
GO
Another option (not tested but logically it should work) would be to create a login from a certificate or asymmetric key, add the cert/asym login to the securityadmin role and then sign your script (the one which reads logins) with the cert/asym key.
I try (for the first time) to create a user account on my SQL Azure database.
I have read in some blogs that I have to create these command lines
CREATE LOGIN login_name WITH PASSWORD = 'strong_password';
CREATE USER 'user_name' FOR LOGIN 'login_name';
And then
USE [Database];
GO
GRANT CONNECT TO login_name;
But, when I try to connect with this new account on my database, I have the message error 916
The server principal "login_name is not able to access the database "master" under the current security context.
I don't understand because the don't create my new user for the master but for a specific database in my SQL Azure environment (I have 5 databases in my SQL Azure by the way)
If you have any idea to help me, thanks in advance
When first logging in, unless a database is specified in the connection string, a login connects to its default database. If the database is not specified in the CREATE LOGIN statement, the system default of master is used.
To fix this, use this for your CREATE LOGIN:
CREATE LOGIN login_name WITH PASSWORD = 'strong_password',
DEFAULT_DATABASE = MyDatabase;
I have just created a new user on an newly created Oracle 12C database and cannot use it to login from either SQL*Plus or SQL Developer. What am I doing wrong? I can connect as SYSTEM but not as NEWGUY.
-- logged in as SYSTEM....
alter session set CONTAINER=PDBNEW
create user NEWGUY identified by FRED
grant connect to NEWGUY
I can connect as system but trying to connect changing only the username and password results in failure. (ORA-91917: invalid username/password; login denied.
I can see NEWGUY in the DBA_USERS table.
I'll amend this if you need more information....
Remember everyone that if you create a PDB you have to open it and set it to read/write in order for it to be open for business.
ALTER PLUGGABLE DATABASE myPDBDatabase OPEN READ WRITE;
Here’s the simplest repro case possible.
Create a brand new database. (I'm using SQL 2005.)
Create a login, a SQL user, and a table in the new database (see sample code below).
Launch SSMS and open Object Explorer, logging in as the newly-created user.
Attempt to open the "Tables" folder in the Object Explorer.
The Problem
Fails with this error message.
Message Text:
TITLE: Microsoft SQL Server Management Studio
Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
For help, click: link
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch.
(Microsoft.SqlServer.ConnectionInfo)
The SELECT permission was denied on the object 'extended_properties', database mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
For help, click: link
This user can access the table and the record in the table. But the user cannot access the list of tables in Object Explorer.
SELECT USER_NAME() AS CurrentUser, col1
FROM dbo.TestTable
CurrentUser col1
----------- ----
robg_test 1000
The only work-around I have found is to give the user higher-than-necessary privileges (like db_datareader).
The Question:
What is the minimum privilege required to allow this user to open the table list in Object Explorer?
I have tried granting the user various privileges on the dbo schema, but that did not help.
Note also that I am using a SQL user simply to illustrate the problem. The original problem was with an AD user.
Here is a relatively similar question at serverfault.
Code
SET NOCOUNT ON
USE master
GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'robg_test')
DROP LOGIN [robg_test]
GO
CREATE LOGIN [robg_test]
WITH
PASSWORD = N'CLK63!!black',
DEFAULT_DATABASE = [RGTest],
DEFAULT_LANGUAGE = [us_english],
CHECK_EXPIRATION = OFF,
CHECK_POLICY = ON
GO
IF EXISTS (SELECT * FROM sys.databases WHERE name = 'RGTest')
DROP DATABASE [RGTest]
GO
CREATE DATABASE [RGTest]
GO
USE [RGTest]
GO
CREATE USER [robg_test] FOR LOGIN [robg_test] WITH DEFAULT_SCHEMA = [dbo]
GO
CREATE TABLE dbo.TestTable (col1 int)
GO
GRANT SELECT ON dbo.TestTable TO [robg_test]
GO
INSERT INTO dbo.TestTable VALUES (1000)
GO
Please check that you didn't check db_denydatareader DB role. By removing that check it worked for me.
I had similar problem and resolved that by removing two roles db_denydatareader and db_denydatawriter for that user and add other roles. I used sql management studio.
SSMS tries to get the extended properties of the table using fn_listextendedproperty. According to MSDN the required permisions to view a table's extended properties is
ALTER on table OBJECT
Your login test should have this permsision as owner of the test table (it is the owner, right?). But even if you don't have permissions on the table, the query for extended properties should return emtpy result set, not access denied. The fact that you get an access denied error on a sys object in the resource database indicates that the code signing of the system resource database (mssqlsystemresource) is broken. Did you drop any of the '##' certificates from master? did you manually altered any object in the resource database?
Anyway, you have a what looks like a corrupted instance at this moment and I'd recommend you contact product support on how to get it back into a coherent state.
I had a similar problem. I resolved it by adding the user to the public role. But if you didn't want to do that, I also found that it could be resolved by giving the user permission to the view sys.extended-properties (in System Views within the database that you're trying to access)
"By creating the SQL server db with an account, that account is owner and has all needed access"
No need for further enhancements in permissions.
This approach removed the access error which this thread seems about.
I encountered the access error in SSMS, as well as Visual Studio (EF), using windows authentication and having created the SQL server DB with the Administrator account.
Practical solution for me was :
SSMS > start as administrator, sql server logon : with windows authentication
- NOT to create an SQL server db
- but to give an account 'create db any' permission on 'master'
then SSMS logon with that account (that has 'create db any' permissions on master)
- to create the (empty) database
(VISUAL STUDIO xtra :
then, in visual studio, connect to sql server with that account and compare schema's between LocalDB (source) and sql server db (target). works out well : the target db gets the schema and data content)
A while back I set up a database under SQL Server 2008 called myDB in Windows XP, then under Logins under the server, I clicked Properties on my computer login name COMP23/Andrew and mapped myDB database to this using dbowner as its rights.
Then I cloned this XP installation as a backup, installed Visa, realising I did not want Vista I re-imaged back my original XP copy onto the same machine. However the DB mapping has got really confused! Basically under the server login COMP23\Andrew, it says its mapped to myDB, but when I click myDB and look at its users its not there. I think its lost its SID mapping because it thinks its a new machine.
Under the server login COMP23\Andrew I can't untick the mapping to myDB as when I do it says "Cannot drop the user dbo". I can't alter the dbo user either - it won't let me. But nor can I make the user appear under myDB users! Which means I can't login through my website settings (asp.net web.config) file! When I login it just says Cannot open database "myDB" requested by the login. The login failed.
Login failed for user 'COMP23\ASPNET'
Any ideas? How I can remap this properly? I've even tried reinstalling SQL Server 2008 but the computer name is still there mapped to the database.
Because dbo is the owner of the database, its mapping must be changed by changing the owner of the database:
ALTER AUTHORIZATION ON database::[<yourdb>] TO [sa];
First of all, you can't have quote marks surrounding the stored procedure name. Secondly, it isn't autofix but auto_fix.
Finally, once those corrections are made, you get this error message:
Msg 15600, Level 15, State 1, Procedure sp_change_users_login, Line
181 An invalid parameter or option was specified for procedure
'sys.sp_change_users_login'.
when you run this command:
EXEC sp_change_users_login #Action = 'auto_fix', #LoginName = '<your username>'
Since you mentioned the SID mapping issue, have you tried using sp_change_users_login? Use the autofix option to re-map your login to the one in the database.
For your example above you should execute the following while connected to the database
EXEC `sp_change_users_login` #Action = 'autofix', #LoginName = 'COMP23\ASPNET'
USE [Database]
GO
ALTER USER [dbo] WITH NAME=[username]
GO
sp_changedbowner 'sa'
GO