My application that runs on machine in domain uses TransactionScope (that relies on MS DTC). SQL Server runs on machine not included in domain. How to enable cooperation of MS DTC on computers that are in domain and computers not running in a Windows domain?
MSDN
When Microsoft Distributed Transaction Coordinator (MS DTC) computers are not running in a Windows domain, distributed transactions fail by default because the remote procedure call (RPC) security that MS DTC uses cannot be used in this environment. The same condition applies to MS DTC computers that are in untrusted domains. In Windows Server 2003 and Windows Server 2008, RPC security is not turned off. Therefore, distributed transactions fail in a workgroup environment or in untrusted domains
Open dcomcnfg
In the Distributed Transaction Coordinator folder under My Computer, right-click Local DTC, and then click Properties
on Security tab select the Network DTC Access check box, and then select No Authentication Required
Related
I have installed Microsoft SQL Server Developer Edition in my local machine for my own development use with a Windows Authentication. I have been able to connect to DB Engine, SSAS (Multidimensional Model) Engine, SSIS Engine, SSAS (Tabular Model Engine using another instance).
I was able to connect to SSRS engine (Native Mode) a few weeks earlier. Recently I installed CheckPoint SSL VPN to access our client Remote Desktop. After this installation, whenever I connect to SSRS either using SSMS or Report Server or Report Manager, even though the SSRS Services is running (I have been able to verify from SQL Server Configuration Manager as well as Reporting Services Configuration Manager). I even tried to add the SSRS Report Server link in the SSMS for the SSRS Engine, but still not successful.
I get the following:
TITLE: Connect to Server
Cannot connect to LAPTOPNAME\SQL2012DEV.
ADDITIONAL INFORMATION:
Unable to connect to the server at LAPTOPNAME\SQL2012DEV. The specified URL might not be valid or there might be a problem with the report server version or configuration. Specify a different URL, or contact your
server administrator to verify that the report server runs SQL Server 2008 or later. Additionally, if you are trying to connect to a SharePoint-integrated report server, verify that SharePoint is installed on the server
and that the report server uses SharePoint integrated mode. (Microsoft.SqlServer.Management.UI.RSClient)
BUTTONS:
OK
Could this be due to some permission issues ? I have restarted the SSRS services many times, though it is running, I am not able to connect. Should some Admin privileges be given to my Windows account ? If so, can you guide me how ?
Information from SQL Server Configuration Manager (for SSRS service):
Log on As: NT Service\ReportServer$SQL2012DEV
Information from Reporting Serivces Configuration Manager:
Service Account is built-in: ReportServer$SQL2012DEV
Should I change built-in account to Local Service, Network Service, Local System ?
Open "Reporting Services Configuration Manager" in "Web Service URL" OR "Web Portal URL" tab check your IP and Port access & use the link in URLs to be sure. I think your new application changed this settings.
After connecting to the VPN, in Visual Studio on my local machine, I set the target server to
http://[RemoteServer]/ReportServer
but I get the error
"The specified report server URL could not be found"
I can RDP to the remote server, but my login is DOMAIN-B\MyUser. On my local machine, my login is DOMAIN-A\MyUser.
On RDP, I am able to verify that Reporting Services are running and the target URL is correct.
How can I deploy an SSRS project from Visual Studio on my local machine to a remote server, on a different domain, over a VPN connection?
More broadly, how does Reporting Services authenticate report deployments? I would imagine Visual Studio would require some credentials when trying to deploy to the Target Server, just like when you connect to a database in SQL Server, but I am never prompted on my local machine, and I don't know how to set that up on the remote server.
Try:
http://[RemoteServer].[Domain].local/ReportServer
I am trying to debug a stored Procedure from Microsoft SQL Server Management Studio 2008 which is connected to MS SQL Server 2008 Database Instance running on a different system.
System Information:
1. Remote system is running with Symantec End Point Security
I have done the following settings for running the remote debugger:
I have added the inbound Rules for TCP 139, TCP 445, UDP 137 and UDP 138 ports.
My local system's instance is running with sysadmin user role.
I have added the sqlservr.exe and svchost.exe at server windows firewall exception list.
I have added the svchost.exe and ssms.exe at client windows firewall exception list.
The SSMS and SQL server services are running in the same domain.
Following necessary services are running properly
TCP/IP NetBIOS Helper
Remote Registry
RPC Service
But after doing all these specified steps i am getting following error after clicking the debugger button in client SSMS.
Unable to start T-SQL Debugging. Could not attach to SQL Server process on 'remotesystem_name'. Click Help for more information.
If there is another alternative please let make me aware of that.
I solved this problem by creating a new login account (windows authentication account) on server for my machine.
I have an SQL Express 2008 R2 instance running under the "Local System" account. I have written a windows service that also runs under the "Local System" account. The windows service uses the following connection string to connect to the sql server.
Data Source=.\sqlexpress;Initial Catalog=mydatabase;Integrated Security=True
When the application is installed I create the database with a simple SQL script which does not set any permissions or roles...it just creates the database and tables.
How does my windows service running as "Local System" manage to access the database? What rights is it getting in the SQL database? How is it getting these rights?
Andrew
If you expand the tree on the left (Object Explorer) in SSMS to Security, then Logins, you will see "NT AUTHORITY\SYSTEM". By default provisioning after installing SQL Server 2008 R2 Express, this account is added to the sysadmin role.
FYI - Your service running as Local System + Integrated Security means it is authenticating with SQL Server as the Windows account NT AUTHORITY\SYSTEM.
http://msdn.microsoft.com/en-us/library/ms188659.aspx
sysadmin
Members of the sysadmin fixed server role can perform any activity in the server.
Some of the rights granted to the Local System account are determined by the roles it has been assigned to.
If you login through Microsoft SQL Server Management Studio, expand Security folder, right click on NT AUTHORITY\SYSTEM, and select Properties, you should be able to see the roles assigned to the Local System user in the Server Roles section.
You can read more about each role at, Server-Level Roles document by Microsoft.
Hope this helps!
I have SQL Server 2008 to which I can connect using domain user credentials. There are many computers in the network and if I login under that domain user I can successfully connect to SQL Server (using Windows Authentication).
The problem is when I use PowerShell remoting and establish remote session from computer A to computer B. When I run our dbtool that tries to connect to SqlServer (in remote session) "login failed for NT AUTHORITY\ANONYMOUS LOGON" error occurs.
It's strange, because I establish remote session under same domain user. Why ANONYMOUS is being passesd to SqlServer?
Thanks for help
And once again I'm answering my own question due to lack of other answers.
Computers communication chain: A -> B -> C.
So the problem is indeed with Kerberos authorization delegation feature (more there: http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsDelegation.html). When I establish remote session from computer A to computer B, computer B sends to computer C null session (because delegation is disalloved). Thats why SQL Server on computer C sees me as NT AUTHORITY\ANONYMOUS LOGON.
My current workaround is to talk to SQL Server from computer A (copy necessary utilities there), because I have no way to enable delegation. For this scenarion computer A sends correct authorization token to computer C.
Have you tried enabling CredSSP (not supported on W2k3 though)?
## Client
Enable-WSManCredSSP -Role Client -DelegateComputer "*.domain.com"
## Server
Enable-WSManCredSSP -Role Server