I have SSIS Package that have some process to export files, encrypt them using GnuPG and finally upload them. The package works fine in Visual Studio, but it fails when I add it to a SQL Server agent job and schedule to run.
I get the following error message:
gpg: "The key name" : skipped: No public key
gpg: "The Exported file path": encryption failed: No public key
I have another key that I added about two months ago, and it worked fine. The new key just works in Visual Studio, but does not work in the SQL agent job.
Probably you run Visual Studio under your normal user account, but the SQL server calling GnuPG is running as a different system user. GnuPG manages per-user keyrings. Make sure to import the key in the proper user's context.
Related
I have been following the steps at this site to configure R 4.2.2 to work with a named instance of SQL Server 2022:
https://learn.microsoft.com/en-us/sql/machine-learning/install/sql-machine-learning-services-windows-install-sql-2022?view=sql-server-ver16&viewFallbackFrom=sql-server-ver16%27
I installed RTools, R, Microsoft R client, and installed the R packages specified on the link above. When I try to configure RegisterRext.exe with this command:
.\RegisterRext.exe /configure /rhome:"%ProgramFiles%\R\R-4.2.2" /instance:"SQL2022"
I get this error:
Wrong or missing command
Error: Wrong or missing command.
Usage: RegisterRExt.exe <command> [/instance:name] [/user:username] [/password:*|password] [/database:databasename].
The commands are :
/install - copies the launcher binaries to the right location for a SQL server instance.
/uninstall - removes the launcher binaries from the SQL server instance.
/installpkgmgmt - installs package management support for given SQL server instance and database also if specified.
/uninstallpkgmgmt - uninstalls package management support from given SQL server instance and database also if specified.
/installrts - installs real time scoring support for given SQL server instance and database.
/uninstallrts - uninstalls real time scoring support for given SQL server instance and database.
Arguments are :
/instance:value is an optional parameter, the <value> specified will be used as the instance name else the commands are performed on the default instance.
/user:username is an optional parameter, the <username> specified will be used to connect via the SQL authentication mode. Note that once this parameter is specified, /password:<value> is a required parameter.
/password:*|<password> is a required parameter once /user parameter is provided. Use /password:* to type the password when asked to by the tool instead of providing in clear as a parameter. Note that providing the password without the user is ignored.
/appcontainer is an optional parameter, if specified indicates that appcontainer feature is enabled. Not specified by default.
/flavor is an optional parameter, if specified indicates what kind of installation flavor it is. By default, its value is sql
Windows Authentication is used by default when no user and password is supplied
How do you configure the R runtime with SQL Server?
We're trying to move ASP.NET session state for one of our Azure web apps into a database, and it seems like the aspnet_regsql.exe tool is the way to go. Unfortunately, I'm getting stuck on a few issues below. It's an Azure SQL database, and I'm connecting using the server's admin account.
I initially wanted to add the session tables to our existing database, so I ran .\aspnet_regsql.exe -U adminusername -P adminpassword -S servername.database.windows.net -d databasename -ssadd -sstype c. Which throws the exception "Database 'databasename' already exists. Choose a different database name"
Omitting the database name and running it again throws the exception: "Execution Timeout Expired" after about 30 seconds, which is just the default for SqlCommand.CommandTimeout. This occurs while executing the "CREATE DATABASE" command. I tried creating a database manually, and it takes about 50 seconds for some reason. This database is S0 tier and is not under any load
Running aspnet_regsql again on the already-created database (because it's idempotent, right?) leads to the "Database already exists" error, as does pre-creating an empty database for it to start from.
There's no flag that lets me increase the timeout, and I can't set command timeout using the -C (connection string) flag
Adding the -sqlexportonly flag to generate a script and just running that directly doesn't work either (yes, I know I'm not supposed to run InstallSqlState.sql directly). It throws a whole load of error messages saying things like:
Reference to database and/or server name in 'msdb.dbo.sp_add_job' is not supported in this version of SQL Server.
USE statement is not supported to switch between databases.
Which makes me think this script might have some issues with an Azure SQL database...
Does anyone have any ideas?
Update:
It looks like all the errors involving 'msdb' are related to removing and re-adding a database job called 'Job_DeleteExpiredSessions'. Azure SQL doesn't support database jobs, so the only options I can see are
Run SQL on a VM instead (vastly more expensive, and I'd rather stick with the platform services than have to manage VMs)
Implement one of those "Elastic Job Agents"
Perhaps move the same functionality elsewhere (e.g. a stored proc)?
Turns out Microsoft has an article about how to do exactly what I need, which I somehow
missed during my searching yesterday. Hopefully this answer saves someone else a few hours of frustration. All the info you need is at https://azure.microsoft.com/en-au/blog/using-sql-azure-for-session-state/ earlier.
Note that YMMV since it's from 2010 and also says in scary red letters
"Microsoft does not support SQL Session State Management using SQL Azure databases for ASP.net applications"
Nevertheless, they provide a working script that seems to do exactly what I need.
I have been sent a RMAN backup, which is dual encrypted, wallet and password.
The Oracle version is 11.1.0.7.
I am trying to restore the database on a new server.
I performed the following steps:
Create database with ORACLE_SID THEDB using a minimal init.ora file.
Configure the Wallet by copying the ewallet.p12 and cwallet.sso files to a directory, and then adding the ENCRYPTION_WALLET_LOCATION entry into sqlnet.ora.
The next steps are:
sqlplus / as sysdba
startup nomount
select status from v$encryption_wallet;
STATUS
----------------
OPEN
quit
Then RMAN:
rman target / nocatalog
set decryption identified by 'the_backup_pwd';
restore controlfile from 'THEDB_CF_xxxxx_yyy';
ORA-19913: unable to decrypt backup
Now, the backup was taken using AES256 encryption, but the default encryption for this empty database is AES128.
I cannot issue the CONFIGURE ENCRYPTION ALGORITHM 'AES256' command in RMAN as it fails with "database not mounted".
I am certain the wallet and password are correct, but still this error occurs.
What step is missing?
We found out that this only happened if the RMAN Encyrption password had special characters like '$' etc.
The only workaround was to use a heredoc with the password hardcoded .. not great ...
rman / target << EOF
set decryption 'ThePa$$Word'
run {
..
}
EOF
Even when run interactively and the password was manually key it we still got the ORA-19913: unable to decrypt backup. It is obviously a Oracle RMAN bug.
I support an application who call a CMD line to decrypt a file.
The application is a .exe file that is called by the Windows Task Scheduler and is execute as the same user who have all right.
The application run every week day in the evening at 6h30pm and sometimes the CMD line return the message: no secret key.
The application failed because the file was not decrypted. But it doesn't failed every evening, just random evening. It looks totally random.
And if I run the application myself after it failed with the same user, it worked.
The secret key is imported in Kleopatra and it work fine with other application that run in the morning. And it work fine when I used it.
What can cause this?
Thank you
We fix the problem. We must not log off the application user.
If we log off the user, one key is not working, but the others are working.
Some ideas to help you run down the problem:
Check the private keys available to the machine on which the application fails
gpg --list-secret-keys
(IIRC Kleopatra runs on top of GnuPG, so I assume your application does as well. I've been wrong before.) You might notice something out of place with your private (decryption) keys. For example, if the key is listed as either
sec#
ssb>
Then it's a (primary or sub respectively) key located on a smart card for storage. If the card, for whatever reason, isn't in the machine when the app runs it'll fail to decrypt.
Check the disk containing the private keyring is attached/inserted/mounted at the time the application ran and failed to decrypt. If the keys are stored on removable (or unreliable) media then that could also result in a failure to decrypt.
Check that the item failing to decrypt was encrypted properly. If there is some secondary recipient necessary for the app to run there may be a required key that you don't know about (I gather from your post you didn't create this app, just maintain it.) It may even be that the app is trying to decrypt a different file erroneously, but that kind of thing can only be found out by stepping through your source code and resident files.
Failing those, pray for #Jens Erat to notice your question.
Workstation: Win7 Pro
Server: Win 2008
VB.net - using the System.Diagnostics.Process tools
Gpg4win 2.2.5 in stalled on both computers.
The Key Pair was generated on Win 7 and backed up to the server.
A public key was provided by the recipient.
Both keys were moved to a file share
Both gpg installations were cleared of all keys.
The Backup of the key pair was imported as well as the Public key of the recipient.
Both keys were trusted. This was all done in DOS command window.
gpg --allow-secret-key-import --import "//fileshare/KeyBackup.gpg"
(results indicate Secret key is available)
gpg --allow-secret-key-import --import "//fileshare/PUBLIC.asc"
gpg --edit-key pairkey#mycompany.com (trusted "ultimately")
gpg --edit-key publicKeys#their.com (trusted "ultimately")
In visual studio, on my work station, a vb.net app successfully encrypts and signs a file.
Move the app to the server and run under IIS, encryption fails with message, "No Secret Key". To make it more fun, encryption DOES work on the server if you use manual DOS commands.
The file to be encrypted is on a share and both applications reference it.
That I can tell both Gpg4win installations are identical and have the very same keys. Both keys were imported from the same location in the same manner.
I await the opinions of the superior minds of Stackoverflow.
Thanks
I tried setting the GNUPGHOME environmental variable to a specific location, my ASP.NET application running from IIS didn't seem to honor it and couldn't find my keys.
Eventually I discovered it kept trying to find the key files from c:\gnupg on the iis server (irrespective of GNUPGHOME). I copied all the keyring files to that location, and it finally worked.