Bart Van Keyenberg has a great article how to use gMSA (Group Managed Service Account) and why is it usefull.
Does anyone have experience with running SQL 2014 server cluster under gMSA (Group Managed Service Account), I've read there was a bug in SQL12. Will IIS AppPool, work after account password changes?
Related
I have an Azure VM and I want to configure MS Office applications like MS Outlook & MS Excel on it and also, chevron applications like Well Plan. To be able to do that I need a service account with MS Office license but I don't know how can I get a service account for an Azure VM. If anyone has any idea on how can I do this then please respond.
Thanks & Regards
You don’t require any service account to configure any application on azure VM.
Would suggest you to follow the below step to achieve your requirement in correct way.
Step 1 : You need to first enable AAD Login into your VM.
You can refer this MS Document to enable AAD login into your VM
ONCE configured, login with your AAD account in the VM
Step 2: Make Sure to give RBAC role (Virtual Machine Administrator Login or Virtual Machine User Login) as per your requirement for that user.
Then install office on your VM as the license is already assigned to your AAD account.
If not, you can refer this Document to assigned licences to User/Group.
MySQL Databases
We use MySQL RDS databases. Our web applications use a connection string with the "CertificateFile=" option, which is currently set to the 2015 certificate file, and also "SSL Mode=Required;" option.
We changed the Test database using the instructions in the AWS console to use the 2019 certificate. We committed the change straight away (as this is just the Test database). We were expecting the connections from the Web Applications to fail at this point, but they still work with the older 2015 certificate file.
Additional Info
It looks like both 2015 and 2019 certificates work with a server on 2019 certificate, also,
It looks like both 2015 and 2019 certificates work with a server on 2015 certificate.
So my guess is that until March 2020 (when the 2015 certificate expires), the connections are backwards compatible, ie 2015 certificate works until it expires, irrelevant of the server certificate.
Is this a correct assumption?
In short Yes..
Certificates are backwards compatible if you want to say it like that.
In 2020 the 2015 certificate will not be functional anymore as it is expired (this is a security procedure for AWS, this has nothing to do with the application. The 2015 certificate should work with every application until the 5th of February.
I heavily recommend to swap to the new CA Certificate whenever you have time, this should not cause any problems and eventually you have to make the swap anyways, If you do decide to stick to the 2015 CA Certificate set yourself a reminder to swap before the 5th of February.
Yes !!
Amazon RDS generates an SSL/TLS certificate for each DB Instance. Currently version of the CA expires on March 5, 2020. We are strongly recommended to make change before February 5, 2020. Which you already did.So cheers !!! Nothing to worry about.
We are getting started to use TFS in our company, but I am having some issue with our IT-department.
The TFSReports account is a service account, and thus the IT guy will not allow Local logon, because it is service account. Not sure if he is right, but what other options do I have?
There's no way around that -- it's listed as a requirement because it's a requirement.
You can consider not setting up reporting services; a lot of the newer features in the past 3-5 years aren't stored in the data warehouse or analysis cubes (builds and releases, as a major example) because the push has been to make the reporting capabilities in TFS itself as good or better than what's stored reporting services.
You can find documentation here: Service accounts and dependencies in Team Foundation Server
TFSReports, which can be a local account, a domain account, or Local Service in a workgroup.
Required Permission and Group Membership: Allow log on locally on the application-tier server and on the server that is running SQL Server Reporting Services
TFSWareHouseDataReader on the report server
I have a sharepoint server on the DMZ and a SQL2008 server in the local domain.
When I try to get the list of .NETUsers for the Central Administration site from IIS (version 7.5) i get thrown error:26! I have tried all possible combinations in specifying the connection string.
I have also followed all directions on these links to resolve the isssue but it continues to persist.
http://blogs.msdn.com/b/sql_protocols/archive/2007/05/13/sql-network-interfaces-error-26-error-locating-server-instance-specified.aspx
AND
http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
Please advise.
Thanks
Firstly, could you check the versions in your question. IIS 6 runs on Windows 2003, but it is not possible to install SharePoint 2010 on Windows 2003.
This is a connection error, there are 2 possibilities:
The call from the SharePoint server is blocked before it arrives at the database
The call is being refused when it arrives at the database
You should start by making a drawing of the route between the Sp server and the database server. make sure to include all firewalls.
Then check the logs to see how far the call got.
You could also try monitoring the network traffic with wireshark to see exactly what is happening.
Going from the Error itself, it turned out be a quite a complicated issue that ended up being resolved after a few days on the phone with Microsoft. The error read "The RPC service is Unavailable". There were issues with the way NetBios and DNS was qualifying the site and server names.
I have an SQL Express 2008 R2 instance running under the "Local System" account. I have written a windows service that also runs under the "Local System" account. The windows service uses the following connection string to connect to the sql server.
Data Source=.\sqlexpress;Initial Catalog=mydatabase;Integrated Security=True
When the application is installed I create the database with a simple SQL script which does not set any permissions or roles...it just creates the database and tables.
How does my windows service running as "Local System" manage to access the database? What rights is it getting in the SQL database? How is it getting these rights?
Andrew
If you expand the tree on the left (Object Explorer) in SSMS to Security, then Logins, you will see "NT AUTHORITY\SYSTEM". By default provisioning after installing SQL Server 2008 R2 Express, this account is added to the sysadmin role.
FYI - Your service running as Local System + Integrated Security means it is authenticating with SQL Server as the Windows account NT AUTHORITY\SYSTEM.
http://msdn.microsoft.com/en-us/library/ms188659.aspx
sysadmin
Members of the sysadmin fixed server role can perform any activity in the server.
Some of the rights granted to the Local System account are determined by the roles it has been assigned to.
If you login through Microsoft SQL Server Management Studio, expand Security folder, right click on NT AUTHORITY\SYSTEM, and select Properties, you should be able to see the roles assigned to the Local System user in the Server Roles section.
You can read more about each role at, Server-Level Roles document by Microsoft.
Hope this helps!