I have a sql server user, proxyAccount, which I configured as xp_cmdshell_proxy_account
In a stored procedure I use xp_cmdshell, and when I execute the stored procedure with this account, everything works fine.
However, if I add:
WITH EXECUTE AS 'proxyAccount'
to the stored procedure, I get the following error when I execute it:
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
What might be the problem? Why can't proxyAccount run xp_cmdshell when set to EXECUTE AS, but being able to run it otherwise?
The problem was solved by the following steps:
Creating a new account that uses Windows Authentication (not using SQL Server Authentication)
Set this new account to xp_cmdshell proxy
Grant xp_cmdshell permission to the old proxyAccount
Related
I triggered a subscription using following query on Server-A using following query and it executes correctly -
On Server-A:
EXEC ReportServer.dbo.AddEvent #EventType='TimedSubscription', #EventData='452e4a40-7442-4377-abe3-1b96fc953956'
However, when I trigger it from Server B by adding Server-A as a Linked Server, then it doesn't work. It fails by throwing below error -
On Server-B:
EXEC [Server-A].ReportServer.dbo.AddEvent #EventType='TimedSubscription', #EventData='452e4a40-7442-4377-abe3-1b96fc953956'
Error:
Could not execute procedure on remote server 'Server-A' because SQL Server is not configured for remote access. Ask your system administrator to reconfigure SQL Server to allow remote access.
I have enabled the Remote Access configuration on Server-A by
USE ReportServer ;
GO
EXEC sp_configure 'remote access', 1;
GO
RECONFIGURE ;
GO
Still it gives me above mentioned error.
Can anyone help me on this? Thanks
UPDATE
NOT a single Stored Procedure is getting called via Linked Server. This has been observed after latest patch installed on Windows Server 2012R2.
Despite being an old thread forget about enabling remote access (and restart service) on remote server and try:
EXEC (N'ReportServer.dbo.AddEvent #EventType=''TimedSubscription'', #EventData=''452e4a40-7442-4377-abe3-1b96fc953956'' ') AT [Server-A]
I am facing following error in calling SSID DB catalog stored procedure from SSIS Package using windows authentication / sql authentication as well.
ERROR DETAILS :
[Execute SQL Task] Error: Executing the query "EXEC [SSISDB].[catalog].[create_execution] ?, ?,..." failed with the following error: "The operation cannot be started by an account that uses SQL Server Authentication. Start the operation with an account that uses Windows Authentication.". Possible failure reasons: Problems with the query, "ResultSet" property not set correctly, parameters not set correctly, or connection not established correctly.
Basically I am trying to make a master package to run all packages from a custom table list in order using FOR EACH LOOP and then capture error using the EXECUTION ID for the same by checking EVEN - OnERROR Logging in same catalog tables .
But in the phase of calling the stored procedure I am stuck with this problem. Please help and guide me. How can I run this package using the catalog stored procedure to run packages in an order make List of packages deployed in SSIS catalog project to run in order?
Suggestions are welcome
SP CODE :
ALTER PROCEDURE [Publish].[usp_ExecutePackages] #PackageName
NVARCHAR(255) , #ProjectFolder NVARCHAR(255) ,
#ProjectName NVARCHAR(255) AS BEGIN SET NOCOUNT ON; DECLARE
#Execution_id BIGINT ; EXEC [SSISDB].[catalog].[create_execution]
#package_name= #PackageName, #execution_id= #Execution_id OUTPUT,
#folder_name= #ProjectFolder, #project_name= #ProjectName,
#use32bitruntime=True;
EXEC [SSISDB].[catalog].[set_execution_parameter_value] #execution_id,
#object_type=50, #parameter_name=N'SYNCHRONIZED', #parameter_value=1
EXEC [SSISDB].[catalog].[start_execution] #Execution_id
The answer is in the Error Message:
error: "The operation cannot be started by an account that uses SQL Server Authentication. Start the operation with an account that uses Windows Authentication.
If the account you logged onto SQL with was not a Windows Authentication account, then calling SSIS from a TSQL stored proc does not work. This is because SSIS is an external windows process & so it doesn't recognise Logins that only exist within the SQL Master database.
The solution: Use an existing AD Account or create a new local account. Create a new Login on SQL & specify Windows Authentication.
Then login with it.
I want to put the logs in some stored procedures in our database to monitor the working of stored procedures. I am new to SQL Server 2008. The logs should be created on the production server.
I had tried this link:
http://www.codeproject.com/Articles/18469/Creating-Log-file-for-Stored-Procedure
but get the error message:
The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
Please provide me some needful.
First of all are you sure you want to log data to text file? May be it will be better to store log into separate table ?
If you want to work with text file:
Look at description xp_cmdshell
The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.
Check the security rights for this account.
xp_cmdshell can be enabled and disabled by using the Policy-Based Management or by executing sp_configure.
Check you have it enabled.
EXEC sp_configure 'show advanced options', 1
GO
RECONFIGURE
GO
EXEC sp_configure 'xp_cmdshell', 1
GO
RECONFIGURE
GO
When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.
You need to create proxy account.
EXEC sp_xp_cmdshell_proxy_account [MyDomain\SQLServerProxy], 'usdcu&34&23'
Add permissions to use this SP:
USE master;
GRANT EXECUTE on xp_cmdshell to Current_user
Here is a more detailed information.
granting permissions using the master database to the object should do
Use Master
grant execute on xp_cmdshell to 'user'
Using xp_cmdshell for logging is bad for both security and performance. Please delete that codeproject link from your browser and forget you ever saw it. Seriously, it is badness.
If you want to log calls to procs, either:
Set up a table for this (as demas also suggested). You can have a DATETIME field defaulted to GETDATE() or GETUTCDATE(). You can have a field for the Proc Name, a field for parameters. Whatever.
or
Use SQLCLR to create a stored procedure that does a simple File.Write of the info. You can use Impersonation (something xp_cmdshell can't do) to have the security context be that of the person running the proc and not the Log On account of the SQL Server process. This approach is far more efficient and contained than xp_cmdshell, even when not using Impersonation.
or
Do a combination of the log table + SQL CLR [or something else]: You can log to the table for immediate writing. And then set up a SQL Agent job to archive entries over X days old to a file using SQLCLR or some other means. This way the table doesn't grow too big with info that is probably older than you need anyway for researching problems that are currently happening.
Anyone have an idea about how to use to view a stored procedure on a linked server? I don't have the credentials to that linked server to look at it. ??
If you don't have access to the server, then you can't view anything. If you have execute permissions on the stored procedure, then sure, you can execute it. I believe the syntax is something like
exec "linkName"."dbname"."schema"."procedure"
I have one database. I executed a stored procedure on it. I wrote some JDBC code to connect to this database. When I am calling this stored procedure from my JDBC code it is throwing SQLException.
One interesting thing I found is that I have one user other than root user. This user has all the privileges to this database where the stored procedure is present.
When I use the root user I am able to call the stored procedure successfully. But with the other user I am getting SQLexception. I am not able to find why it happens like this.
For sure I want this user(other than root) has to call this stored procedure successfully.
Thanks in advance.
The user should have SELECT permissions to the mysql.proc and mysql.procs_priv.
I don't know if there exists any other solution.