SQL Job, Linked Server, Domain Account - linked-server

I think I have tried everything but I can't figure out how to set up an SQL Job that have a T-SQL Step that performs a SELECT on a linked server.
1) I got a Domain user mydomain\SQLJob
2) I got a SQL 2017 server 'JOBSERVER' with the SQL Agent running log on as a domain user mydomain\sv_agent (this cannot be changed). No futher rights should be given to this user either.
3) On the JOBSERVER I created a linked server
EXEC sp_addlinkedserver 'LINKEDSERVER'
4) mydomain\SQLJob is data reader on a database on LINKEDSERVER
5) I am able to do a SELECT * FROM LINKEDSERVER... from JOBSERVER in a regular Query Window.
On JOBSERVER I have tried
ALTER DATABASE MyDatabase SET TRUSTWORTHY ON
And then set the job to execute in MyDatabase
I have also tried
Job Step Properties > Advanced > Run as user > mydomain\SQLJob
I have tried adding mydomain\SQLJob to the linked server on JOBSERVER both with and without Impersonate
Could someone let me know what the correct steps are ?
Thanks

I found another post that stated it could not be done.
What I did instead was changing the T-SQL to a PowerShell script. Here the Run As works just fine.

Related

Various difficulties creating ASP.NET Session tables via aspnet_regsql.exe

We're trying to move ASP.NET session state for one of our Azure web apps into a database, and it seems like the aspnet_regsql.exe tool is the way to go. Unfortunately, I'm getting stuck on a few issues below. It's an Azure SQL database, and I'm connecting using the server's admin account.
I initially wanted to add the session tables to our existing database, so I ran .\aspnet_regsql.exe -U adminusername -P adminpassword -S servername.database.windows.net -d databasename -ssadd -sstype c. Which throws the exception "Database 'databasename' already exists. Choose a different database name"
Omitting the database name and running it again throws the exception: "Execution Timeout Expired" after about 30 seconds, which is just the default for SqlCommand.CommandTimeout. This occurs while executing the "CREATE DATABASE" command. I tried creating a database manually, and it takes about 50 seconds for some reason. This database is S0 tier and is not under any load
Running aspnet_regsql again on the already-created database (because it's idempotent, right?) leads to the "Database already exists" error, as does pre-creating an empty database for it to start from.
There's no flag that lets me increase the timeout, and I can't set command timeout using the -C (connection string) flag
Adding the -sqlexportonly flag to generate a script and just running that directly doesn't work either (yes, I know I'm not supposed to run InstallSqlState.sql directly). It throws a whole load of error messages saying things like:
Reference to database and/or server name in 'msdb.dbo.sp_add_job' is not supported in this version of SQL Server.
USE statement is not supported to switch between databases.
Which makes me think this script might have some issues with an Azure SQL database...
Does anyone have any ideas?
Update:
It looks like all the errors involving 'msdb' are related to removing and re-adding a database job called 'Job_DeleteExpiredSessions'. Azure SQL doesn't support database jobs, so the only options I can see are
Run SQL on a VM instead (vastly more expensive, and I'd rather stick with the platform services than have to manage VMs)
Implement one of those "Elastic Job Agents"
Perhaps move the same functionality elsewhere (e.g. a stored proc)?
Turns out Microsoft has an article about how to do exactly what I need, which I somehow
missed during my searching yesterday. Hopefully this answer saves someone else a few hours of frustration. All the info you need is at https://azure.microsoft.com/en-au/blog/using-sql-azure-for-session-state/ earlier.
Note that YMMV since it's from 2010 and also says in scary red letters
"Microsoft does not support SQL Session State Management using SQL Azure databases for ASP.net applications"
Nevertheless, they provide a working script that seems to do exactly what I need.

"Could not find stored procedure <Proc Name Here>"

I am trying to add an control to my page. I am following the wizard. Step 1, I select my connection string. The connection works, no error messages. Step 2, I choose "Specify a custom SQL statement or stored Procedure" radio button. Step 3, in the "SELECT" tab I click the "Stored Prodedure" radio button, then select the stored procedure I would like to use. I take this as confirmation that the connection string is working. Step 4, I press the "Test Query" button.
A pop up appears with the message "There was an error executing the query. Please check the syntax of the command and if present, the types and values of the parameters and ensure they are correct. Could not find stored procedure .
I've tested the procedure in SSMS, and it works. I took the query string that is in the stored procedure and changed the radio from Step 3 to "SQL Statement" and pasted the string into the box. The statement worked fine.
I also changed the permissions for the login specified in the connection string to the same permissions I have on the server. (Full admin rights!) That did not correct the issue. I only found a few questions in the forums regarding this issue, and they all pointed to permission issues, but I have ruled that out as I set the permissions.
The Wizard can find the procedure when I am walking through the Wizard, but it can't find it when I test.
I hope someone can point me in the right direction... Thanks!
* EDIT *
Just to expand on the #BlackjacketMack's answer:
When I use the wizard to create the SqlDataSource, and select the Stored Procedure from the the list, it appears that VS is defaulting to the dbo schema at runtime, even though it displays all the sprocs in each schema. (I verified this by changing the schema the sproc was on to dbo and testing it. The results were returned with no errors.) Within the wizard, I do not see any options to change the schema. If I click the "SQL Statement" radio button and type EXECUTE [APP001].[MyStoredProcedure], it works perfectly. I did try the GRANT EXECUTE as #otaku recommended, but that did not work. I also changed the default schema for the user specified in the connection string to [APP001] to no avail. So this appears to be an issue when using the dropdowns in the wizard. Manually entering the data so that the schema can be fully qualified did the trick!
Make sure the application that you are running have the appropriate grant execute on the database objects. Sometimes they are tied to a database role such as below where the stored procedure need to have the execute permission:
GRANT EXECUTE ON ][dbo].[MyStoreProc] TO U_ExecuteProcs
Qualify your procedure with the schema If the proc has a schema 'APP001' as you indicated in a comment, make sure the Sql being passed looks something like EXEC APP001.YourStoredProcedureName.
Use a profiler! One great way to approach this problem is run a profiler on your SQL...either the MS Profiler, or we use http://anjlab.com/en/projects/opensource/sqlprofiler which used to be free. Basically, you'll see exactly what SQL your application is sending and who the login they're sending it as.
If you gave yourself admin permissions as you indicated, I wouldn't define too many object specific permissions simply because they tend to go unmaintained.
I think defining the execution context within your stored procedure will resolve the issue , Here is the link:
http://technet.microsoft.com/en-us/library/ms188354.aspx

Restoring a database into a different instance of tridion

I have got most of the way but there seems to be a permissions issue somewhere:
Before the restore everything is working fine in my target environment - target has a server login account TCMDBUser which is mapped to my tridion_cm database user TCMDBUser
My source tridion_cm database has user TCMDBUser_DEV.
After restoring the source .bak into my target TCMDBUser_DEV is orphaned.
I edit the TRUSTEES table to correct MTSUser and my admin log accounts for my target environment and run the following to fix up my orphaned database user:
sp_change_users_login #Action='update_one',
#UserNamePattern='TCMDBUser_DEV',
#LoginName='TCMDBUser'
GO
I can log back in to Tridion explorer and see the expected list of publications and can walk through the tree structure but when I come to a folder which should contain items I see nothing with error:
and the corresponding event log error is:
Unable to get list of SDL Tridion Content Manager items.
DESCRIPTION
Error Code:
0x80040000 (-2147221504)
Call stack:
System.Data.ProviderBase.FieldNameLookup.GetOrdinal(String)
System.Data.SqlClient.SqlDataReader.GetOrdinal(String)
System.Data.SqlClient.SqlDataReader.get_Item(String)
Tridion.ContentManager.Data.AdoNet.DatabaseUtilities.ConvertToFieldDictionary(IDataRecord,IDictionary`2)
Tridion.ContentManager.Data.AdoNet.IdentifiableObjectDataMapper.Read(TcmUri,IDataRecord,IDictionary`2)
Tridion.ContentManager.Data.AdoNet.ContentManagement.OrganizationalItemDataMapper.GetListItemsPost(IDataReader,TcmUri,OrganizationalItemItemsFilterData)
Tridion.ContentManager.Data.AdoNet.ContentManagement.OrganizationalItemDataMapper.Tridion.ContentManager.Data.ContentManagement.IOrganizationalItemDataMapper.GetListItems(TcmUri,OrganizationalItemItemsFilterData)
Tridion.ContentManager.ContentManagement.OrganizationalItem.GetListItemsData(OrganizationalItemItemsFilter)
Tridion.ContentManager.ContentManagement.OrganizationalItem.GetListItemsStream(OrganizationalItemItemsFilter)
Tridion.ContentManager.BLFacade.ContentManagement.OrganizationalItemFacade.GetListItemsXml(UserContext,String,ListFilter,ListColumnFilter)
Tridion.ContentManager.BLFacade.ContentManagement.OrganizationalItemFacade.GetListData(UserContext,String,EnumListKind,ListColumnFilter,String)
Folder.GetListItems
You will need to delete/drop the TCMDBUser_DEV form the DB and then create a new one with the same name and password (or reattach it to your cm DB). That should fix your problem.
I normally use the delete method with MS SQL server. I believe this occurs due to the ownership status that the TCMDBUser has on the database Schema.
When complete your TCMDBUser user should have the following permissions on your Tridion_CM database
Like Chris mentioned, I always drop the user from the database and then assign the existing TCMDBUser in SQL Server the rights to the restored database. You can drop the user with the following command (on the restored database):
EXEC sp_dropuser TCMDBUser
Then through the SQL Server - Security - Logins, you request the properties of your TCMDBUser and in the User Mapping add the following database roles: db_datareader, db_datawriter and db_ddladmin.
That's what I've always done in the past and works for me, not sure if its all required, but worth a try I guess
Try creating new user TCMDBUser in the database and run the following command
EXEC sp_change_users_login 'Update_One', 'TCMDBUser', 'TCMDBUser'

Automatic fix for tempdb error related to 'ASPStateTempSessions'

As per this how-to, I've successfully configured IIS on my XP-SP3 dev box for SQL Server 2008 Express to save ASP.NET session state information. I'm just using SQL Server because otherwise on every recompile, I was losing the session state which was obnoxious (having to re-login). But, I'm facing an annoying issue in that every time I restart SQL there's this error, and sometimes one or two other very similar friends:
The SELECT permission was denied on the object 'ASPStateTempSessions',
database 'tempdb', schema 'dbo'.
To fix the error, I just open Management Studio and edit the User Mapping for the login/dbo I'm using on the ASPState db, and re-add tempdb to that user with all but deny permissions. Apparently, once the right permissions are there, ASP.NET is able to automatically create the tables it uses. It just can't run that CreateTempTables sproc until the right security is there.
THE QUESTION...
Is there a way to not have to re-do this on every restart of the SQL Server?
I don't really care right now about keeping the temp data across restarts, but I would like to not have to go through this manual step just to get my web app working on localhost, which uses session state variables throughout. I suppose one could resort to some kind of stored procedure within SQL Server to accomplish the task for this machine when the service starts, to not have to do it manually. I'd accept such an answer as a quick fix. But, I'm also assuming there's a better recommended configuration or something. Not seeing an answer to this on the how-to guide or elsewhere here on StackOverflow.
Both answers seem valid; but with most things Microsoft, its all in the setup...
First uninstall the ASPState database by using the command:
aspnet_regsql –ssremove –E -S .
Note:
-E is to indicate you want to use integrated security connection.
-S informs what SQL server and SQL instance to use, and the "." (dot) specifies default local instance
Then re-install using the command:
aspnet_regsql –ssadd –sstype p –E -S .
Note:
The sstype has three options, t | p | c ... the first "t", tells the installer to host all stored procedures in the ASPState database, and all data in the tempdb. The second option "p" tells the installer to persist data to the ASPState database. The last option "c" allows you to specify a different 'custom' database to persist the session state data.
If you reinstall using the "-sstype p" you then need only to supply datareader/datawriter to the ASPState database for the user that's making the connection (in most cases, the application pool's identity in IIS).
The added benefit of persisting the data is that session state is retained even after a restart of the service. The only drawback is that you need to ensure the agent cleanup job is pruning old sessions regularly (it does this by default, every minute).
Important:
If you are running a cluster, you must persist session data. You're only option is to use sstype 'p' or 'c'.
Hope this sheds light on the issue!
For the record, I did find a way to do this.
The issue is that the tempdb is recreated from the model db each time the service restarts. The gist of the solution is to create a stored procedure that does the job, and then make that procedure run at startup.
Source code (credit to the link above) is as follows:
use master
go
-- remove an old version
drop proc AddAppTempDBOwner
go
-- the sp
create proc AddAppTempDBOwner as
declare #sql varchar(200)
select #sql = 'use tempdb' + char(13) + 'exec sp_addrolemember ''db_owner'', ''app'''
exec (#sql)
go
-- add it to the startup
exec sp_procoption 'AddAppTempDBOwner', 'startup', 'true'
go
Well done for finding the strangest way possible to do this.
The correct answer is as follows:
use master
go
EXEC sp_configure 'Cross DB Ownership Chaining', '1'
go
RECONFIGURE
go
EXEC sp_dboption 'ASPState', 'db chaining', 'true'
go

How To Query A Database That's Being Used By Asp.Net

I have a Sql Server 2008 Express database file that's currently being used by an ASP.NET application, and I'm not sure how to query the database without taking the website down.
I'm unable to copy the database files (.mdf and .ldf files) to another directory, since they're in use by the web server. Also, if I attach the databases to an instance of the sql server (using the 'Create Database [DB name] on (filename = '[DB filename.mdf]') for attach;' command at the sqlcmd prompt), then the application pool user becomes unable to access the database (i.e. the webpages start producing http 500 errors. I think this might have to do with the username for the application pool becoming somehow divorced from the login credentials in the sql server database).
Any suggestions? I realize this is probably a newbie question, since it seems like a rather fundamental task. However, due to my inexperience, I really don't know what the answer is, and I'm pretty stumped at this point, since I've tried a couple of different things.
Thanks!
Andrew
if I attach the databases to an instance of the sql server (using the 'Create Database [DB name] on (filename = '[DB filename.mdf]') for attach;' command at the sqlcmd prompt),
Don't do this to a live database - it's attempting to be setup an MDF to be written to by two different databases...
Use Backup/Restore
As you've found, Attach/ReAttach requires the database to be offline - use the Backup/Restore functionality:
MSDN: Using SSMS to Backup the Database
MSDN: Using SSMs to Restore the Backup
Be aware that the backup/restore doesn't maintain logins (& jobs if you have any associated with the database) - you'll have to recreate & sync if using an account other than those with uber access.
Maybe Linked Server would work?
Another alternative would be to setup another SQL Server Express/etc instance on a different box, and use the Linked Server functionality to create a connection to the live/prod data. Use a different account than the one used for the ASP application...

Resources