net application running on IIS6. I've setup the logging configurations however it does not log to our database.
I think this should be a permission issue because when I run the app from visual studio it logs fine.
but I"ve already given the app pool identity account datawriter rights to the logging database. The directory security is setup to windows authentication.
Does the account have permission to execute the InsertCategoryLog, AddCategory, and WriteLog stored procs?
Related
I have a SQL Server 2019 with SSIS and I want to execute SSIS packages using SQL Agent jobs with proxy domain accounts.
Currently my sample SSIS packages are failing, all simply stating "Unexpected termination", with no additional errors in Basic or Verbose logging modes. Packages are doing various tasks, working with both local and remote files, all permissions to read/write to folders and files are set.
In the Event Viewer I can see the "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID" for my proxy account.
Adding the proxy accounts to local Administrators group on VM solves the issue, but I would like to evade doing this.
Instead I have:
added permissions for my proxy accounts in Component Services/DCOM Config/Microsoft SQL Server Integration Services 15.0/Launch and Activation + Access + Configuration permissions
added proxy accounts to Distributed COM Users group. (basically following the SSIS Service MS Documentation these two solve the COM Server error)
granted local permissions to proxy accounts (Log on as a batch job, Log on as a service, Allow log on locally)
but I'm still ending up with Unexpected termination with no further errors/warnings and no further errors/warnings in event viewer as well.
Can anyone advise me what other (Windows) permissions am I missing so I don't have to resolve it using local Administrators group? Or where else I might find additional logs to search for errors?
I'm having issues with SSO while installing BizTalk Server 2020 on my local dev machine. My machine is running windows 10 enterprise.
I have created a separate user for running BTS that I added to the local administrators group. I have also added the user in sql server with the sysadmin role.
The error says that the SSO service account must be a member of the SSO Administrators account on the SQL Server computer to access the SSO database. How can I solve this?
Found this error in the biztalk configuration log file:
Failed to generate and backup the master secret to file: C:\Program Files\Common Files\Enterprise Single Sign-On\SSO0FAB.bak (SSO) Additional Information (0x80070005) Access is Denied
Which lead me to this post and solution (creating the SSO Administrators group manually):
Installing BizTalk on Windows 7 with local accounts
I have a .net core application which hosts on Window Server 2012 IIS in production. One of screen is to display the result from a select statement.
But I got the error
`The SELECT permission was denied on the object 'aaa', database 'bbb', schema 'dbo'.
The thing is that I can run the select query from Microsoft SQL Server Management Studio successfully.
The connection string in my code is
"Server=MyServer, Database=MyDatabase;Integrated Security=True"
I don't have an user account on the connection string, so please don't advise me to right click security\Users node on the database to grant the user read and write permission etc.
I think is it some set up in Windows Server?
Update:
In our test QA site, we have another Windows Server 2012. The same code, however the test web site just runs fine. So I think that there is a difference but I couldn't figure it out. The application folder security setting are same.
When testing on your local machine, the app runs in the context of your user account. This is the account used for connecting to the database with Integrated Security.
When deployed in IIS, the app runs in the context of a web site or virtual directory that maps to an IIS Application Pool. You can see these Application Pools in IIS Manager. The Application Pool runs in the context of a specific user account, and this is the account used for Integrated Security:
You need to find this account and give it access to your database. Certain common account types, such as Network Service and ApplicationPoolIdentity, will not work well with Integrated Security out of the box. You may need to take extra steps, or even create or request a special service account in Active Directory you can use instead.
When I deploy my app to a server, I'm getting the Login failed message. My DB and app are located on two separate physical machines. However this has not posed a problem when developing and testing locally and connecting out to the DB server; only after publishing.
Steps I've taken To attempt to resolve
In my Web.Config I've set Integrated security to false. When integrated security was true, it was giving the same error but with the machine name in place of the user name.
I placed valid credentials in the User ID: and Password: fields of the Web.Config. The credentials placed in Web.Config are also used to log into Sql Server Management Studio directly.
Within SSMS I've also verified those credentials will work under Windows Authentication and SQL Server Authentication.
Those credentials I've set in the app work when I log into the SSMS using Windows Authentication. Advice on how to resolve this would be greatly appreciated. Thanks!
By default, IIS runs your application under a local machine account. This account does not have any permissions to access your SQL Server. In order to achieve integrated security, you need grant it access. There are a few ways to do it, the thread Add IIS 7 AppPool Identities as SQL Server Logons will get you started.
Another way, which is preferred over adding the IIS account, is to create a service account in Active Directory and setting the App Pool Identity in IIS to the service account. Depending on your environment, you should work with your network admin and or DBA to set this up.
Your last option would be to simply use SQL Authentication.
When attempting to create scheduled backups for TFS 2015, I received the following message: "TF401002: The SQL Server Database Engine failed to save the database backup to path \{share}\d$\TFSBackups. Please grant SQL service account read/write access to that folder."
I can't seem to find a solution that will work for me. The 'TFSBackups' folder is shared with full permissions for the NETWORK SERVICE and MSSQLSERVER.
What haven't I done?
Put the comment from Panagiotis Kanavos in the answer.
The error message is crystal clear and has nothing to do with TFS.
That account doesn't have permission to write to that folder.
The path is NOT a path to a valid share, it uses the administrative
endpoint d$ to directly access a physical drive. Only administrators
are allowed to use administrative endpoints.
Just share TFSBackups, set the proper permissions and use the share's
path, eg \\MyStorageMachine\TFSBackups
Normally SQL Service is running at user NT Authority/SQLAgent or similar(these users doesn't have authorization to tfs network folder). Go services and change owner of service to an account which has access to tfs folder.
I had the same problem with TFS, You must be setting up TFS Backups using TFS Admin console.
It is actually the SQL service which write and read backup files to the said location.
Just make sure you grant access to the SQL Service accounts.
If you're on Domain pay attention to Domain User Name.
In my case, SQL Server engine was executed by domain user User#Domain.com but my true permission was for Domain\User so fixing user Logon as in SQL engine saved my day.
Most of the time NT Authority doesn't have write permission on network path so, you need to change Azure or TFS owner user to valid network user.