I have some DTS packages that are failing occasionally. They have some pretty comprehensive logging in the various VBScript components and both SQL and text logging are enabled in each package. The logging works fine if I run the DTS packages from the server they live on.
In practice these packages are run using DTSRun from a remote machine that only has the SQL Server Client Tools installed. As DTS runs locally, where do the logs go in this case, if they are created at all? They're not on the server, there's no database on the client to do any SQL logging to and none of the text files were created on the client or server. Is it possible to debug DTS packages run this way?
Such as it is, the answer was to ensure the full path of the text logging is set up so it's valid on the machine where DTSRun is being called. In this case I had it set to C:\DTSErrors - this folder existed on the server, but not on the client. Creating C:\DTSErrors on the client solved my problem - now text logs are being created.
I assume the SQL logging just fails silently as there's no SQL server on the client machine to log to.
Related
My SSIS package consists of an Execute Process Task which executes some compiled python code which downloads files from a Web API.
The code works.
The package executes succesfully from Visual Studio.
Once deployed to my localhost sql server 2012 instance SSISDB, I can right click execute it and it works fine.
However, as soon as I try to invoke the package from a SQL Server Agent job, it fails with. I do not understand this but I suspect this is because I don't understand what's happening with the SSL handshake. Does SQL Server Agent reference it's own store? If so, does this mean that my store is inactivated (do I need to enable SSL for my sql server agent?) or missing a certificate?
It feels like I have tried every possible workaround - I have ensured that my sql server agent is owned by my credential, rather than a generic credential - I've even created a proxy and explicitly instructed the sql server agent job step to run under that proxy but I guess this isn't the issue. The issue is the SSL certification step.
How can I fix this?
Here is the short version of the problem: I have a discrete DTSX file that works fine on our Production server, but doesn't on our new Dev server.
Symptom: When run from a SQL-Server job, the job starts and nothing at all happens, and it never finishes... it just hangs, using very little system resources.
Some info: For Prod, the packages were developed on SQL-Server 2012 and run on an NT 2008 server. The new Dev server is also SQL-Server 2012, but runs on an NT 2012 server (in case that matters). I have duplicated the folder/file structure exactly, including drive name. The package uses an external dtsConfig file, but as I said - the folder/file structure is identical.
The SSIS service, SQL-Server Agent, and my remote login are all the same, and is a member of the server Administrator group on the Dev box. If I copy the command line text from the SQL job and run it in a CMD window using dtexec.exe, the package executes correctly. The job owner is my login, and the "run as" is the SQL-Agent, which - as I mentioned - is the same login. Since everything in the package uses integrated security, everything should be running using the same login whether on the command line or via the SQL-Agent, which should eliminate any user permission/credentials issues.
I tried adding SSIS logging to the package, logging everything I could. When I run the package from the command line, I get a ton of messages in the log. When I run the package via the SQL job, there are no messages at all in the log - nothing.
Whatever is going on, it's not getting far enough into the SSIS package to generate a single log entry. It's just stopping but not exiting or throwing an error. FWIW - I have the same problem with every other package I've tried.
Any ideas are appreciated...
I found the cause of the problem. The MS-SQL Server service was using a different login than the SSIS server service and the NT Agent service (it was using a local service account).
Once I changed the MS-SQL Server login to match the others (and restarted the service), the job ran correctly.
I have an SSIS package that I have deployed to the file system. The owner for the package is my Windows Login. The reason for this is that it needs to write files to another server. If I make the owner NT SERVICE\SQLSERVERAGENT the error that I get is that the files on the remote server cannot be accessed.
The package itself runs under my account. The package normally takes about 5 minutes to run and works when run directly (double click, click Execute and enter decryption password). I can tell the package has run because it writes a number of logs to the file system.
I've set up a SQL Server job to run the package. The job says it's run successfully but there are no logs being written. I'm not sure where I've gone astray other than there's some account that I'm likely missing.
Has anyone else ever run into this?
The issue was that I needed to set up a proxy Account to run the SQL Server agent.
I'm having a rather frustrating issue with using an SSIS Flat File source. I am developing an SSIS package on my local machine via VS 2008 and I'm using a flat file source that is stored locally. However, I need to deploy this package to a remote server that hosts our SQLServer and then run it as a scheduled job from that host. However, when I deploy the package, it obviously can't read the flat file source from my machine and fails the job. I have tried putting the file directly on the remote host in the exact same file location (ie. C:\Source.txt) but to no avail. Any ideas on how I can get my deployed SSIS package to read a flat file source?
Hopefully I'm just missing something extremely simple and will ultimately have a "DUH" moment, but if anyone can help I will greatly appreciate it.
If the account under which the SSIS package (for instance the SQL Server Agent service account) is running doesn't have rights to open the file, you will also have problems. So not only does the file need to be on a path that is valid relative to the server running the package, it must also have rights.
Nice answer by Cade.
Remember that you create a SQL Server Job, by default it runs under the credentials of the Service Account assigned to the SQL Server Agent.
If some steps on a Job need some permissions not owned by the Service account you can define a SQL Server Agent Proxy.
That way you can keep the principle of least privileges.
More info on how to create a Proxy here.
I have an SSIS package that queries a view for some records then sends off an email using Database mail. I want to deploy the package to the SQL Server that these views exist in and then schedule us using SQL Server Agent but i've run into a number of issues.
The main problem is that within the job there is a connection manager that has stored credentials for a SQL Server account that has access to the views and email profile. I've set the package to EncryptSensitiveWithPassword instead of User Key but i can't seem to find any way to actually pass that password the the SQL Server Agent when the job is run. So when it executes it fails since it can't connect.
A bunch of websites say to use the config file, but when I go that route it breaks the job entirely complaining that the OLEDB connection can't be established. In that scenario I can't even run the job on my machine locally.
A few other sites recommended copying the package to the local ssis package store on the machine, but I only have access to the machine through SQL Server Tools, I can't remote in or install anything on the file system so I have to install through the manifest file using the SSIS deployment process.
I've read something about storing settings in another DB table, but that again presents issues with permissions on the server.
Finally I tried passing /password or /decrypt in the job scheduler, but when i click ok it scheduler removes that parameter.
This is an internal server and security isnt really a big concern, Any idea how i can pass the decryption password in plaintext or just tell SSIS to not bother securing sensitive data?
The trick is:
When saving the package in SQL Server Business Intelligence Studio, ensure the Package Properties > ProtectionLevel is set to EncryptSensitiveWithUserKey.
When you import the SSIS package into the SQL Server (from SQL Mgmt Studio > object explorer > [server] Integration Services > Stored Packages > MSDB > right-click > Import Package > set Package location to File System, Select the file in Package path, and select the option "Rely on server storage and roles for access control". I would guess when importing the .dtsx file you have to be logged in as the same user that saved the .dtsx file.
This means that the password is saved with the package and therefore can be used when anyone executes the package. If it's something you don't want anyone to execute you then lock down security appropriately.
Alternatively you could change the Connection so it uses Integrated Security (windows authentication instead of a sql login) and change the Job so it executes the package as a user that has access to the database & view that's queried by the package. This is the preferred option from the view that you don't need passwords anywhere and instead manage it via user identity and permissions.
It sounds like when you're using the config file that you're not setting up the config file correctly.
What is the exact error that you're receiving when running it locally? I can try to recreate the issue.
do you have the package set up in bids to store the passwords, and then save the package to ssis and tell it to encrypt the passwords? if you're not saving them locally, it could be that you've lost your passwords and then pushed the package without them.