I have been through the mill trying to connect to LocalDB. I have been following a two-part article dealing with this issue on my development workstation. In article part two, I opted for the second option of creating a shared instance of LocalDB and get the following runtime error as YSOD:
Cannot open database "DTC" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\DTC'.
DTC is name of Web Forms application and name of application pool in IIS.
Following the steps in the article for creating the shared instance, I got as far as creating the SQL Server login for ApplicationPoolIdentity as follows:
create login [IIS APPPOOL\DTC v4.0] from windows;
exec sp_addsrvrolemember N'IIS APPPOOL\DTC v4.0', sysadmin
Then I get the following error when executing the query in SQL Server Object Explorer:
Msg 15401, Level 16, State 1, Line 1
Windows NT user or group 'IIS APPPOOL\DTC v4.0' not found. Check the name again.
Msg 15007, Level 16, State 1, Procedure sp_addsrvrolemember, Line 33
'IIS APPPOOL\DTC v4.0' is not a valid login or you do not have permission.
Am using VS2013 and SQL Server 2012 on Windows 8.1. Can't believe how difficult it is to set up LocalDB. What I'm actually trying to do is add Identity membership to existing Web Form application and am open to any suggestions...
IrishChieftain,
I don't recommend use LocalDB for this purpose. If you really want to have a lightweight database just to manage the membership, your best option is SQL Express.
LocalDB is intended to be used for development, not in production cases.
The simplest solution was to login under my Windows identity.
Related
This seems to be a common question, however I haven't found a solution out there and many related questions are quite vague. Anyways, I am deploying an ASP.NET MVC 5 application to AWS using the AWS toolkit for Visual Studio Pro 2013. I have successfully published the app to Elastic Beanstalk with the exception of my database file which exists as a localDB database (.mdf). In trying to migrate this (very small) database I have created an RDS DB instance for SQL Server Express. My issue is that I cannot create a SQL Server DB which appears to be a common issue for VS users: I right click on the DB instance, select "Create SQL Server Database", VS is busy for a few moments and then nothing happens.
What I have done thus far:
I have an RDS instance created on a VPC with a security group that has an Inbound rule set to allow all traffic from my IP
I have an IAM user account with the following policies: PowerUserAccess, AmazonS3FullAccess, AmazonVPCFullAccess (I imagine some of this is redundant-I added additional policies to see if it was a permission issue)
So to succinctly state my questions, why is Visual Studio failing to create the SQL Server DB within the database instance? Or alternatively, is there a simpler method of migrating my database to AWS?
Just FYI, these are the references I have been using to deploy my application:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_NET.quickstart.html
https://aws.amazon.com/blogs/aws/net-support-for-aws-elastic-beanstalk-amazon-rds-for-sql-server-/
I'm brand new at AWS so let me know if clarification is needed.
Update: I checked the logs for my instance and I'm getting error logs
2014-12-12 18:16:02.72 Server The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/AMAZONA-E3AJMJI ] for the SQL Server service. Windows return code: 0xffffffff, state: 53. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
And
2014-12-12 18:47:23.72 Logon Error: 17806, Severity: 20, State: 14.
2014-12-12 18:47:23.72 Logon SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed [CLIENT: 113.108.150.211]
2014-12-12 18:47:23.73 Logon Error: 18452, Severity: 14, State: 1.
2014-12-12 18:47:23.73 Logon Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 113.108.150.211]
UPDATE: Issue solved. We use a proxy server in my office which seemed to cause authentication with the RDS instance to fail, not allowing me to connect from my machine. I accepted Ossman's answer as I think it solves a lot of similar questions I've come across trying to solve this.
This is a AWS explorer for Visual Studio 2013 bug and actually occurs because you're using the "default security group" by default when you're creating your DB instance in RDS.
Access the EC2 Service in AWS Management Console.
Click on "Security Groups", and then on "Create Security Group"
Give it a Name, Description and use "vpc-0846aa61" as VPC.
And then add following rule for both "Inbound" and "OutBound" rules
Type: "All traffic"
Source (for Inbound): "Anywhere"
Destination (for Outbound): "Anywhere"
Then Create the Security Group
Go back to your DB Instance and then change the "default" security group to the one you just created. This is done by clicking "Instance Actions" and then "Modify".
Then you should be able to see following window when you right click on your instance in Visual Studio and clicking on "Create SQL Server Database":
My DB Instance:
I am trying to connect to a SSAS Cube which uses windows authentication
My web application is stored on a seperate server the SQL Analysis Instance (lets says ServerWebApp) and the SSAS Cube is on ServerCUBE
OLAPCon = New AdomdConnection("Provider=MSOLAP.4; roles=Administrator; Integrated Security=SSPI; Persist Security Info=True; EffectiveUserName=<Domain\Username>; " _
& " Initial Catalog=<DBName>; Data Source=<ServerCUBE>; ")
As SSAS uses Windows authentication I have tried to impersonate my windows login by specifing EffectiveUserName however, this doesn't seem to work as I am getting the follow error:
Either the user, Domain\ServerWebApp, does not have access to the <DBName> database, or the database does not exist.
As you can see it is using the web apps login ID not my windows ID
How would I impersonate my windows ID in the SSAS ADOMD connection string?
This is what tripped me up when I used EffectiveUserName. From MSDN:
To use [the EffectiveUserName] property, the caller must have
administrative permissions in Analysis Services.
You need to configure the IIS server first by creating an Application pool first. Then you need to point this pool to the local path ( folder in C drive) which consists of msmdpump.dll and msmdpump files. Edit msmdpump file using notepad (remove localhost name and replace it with your SQL analysis server name). Provide the username of server name in place of domain\username.
I have a web site in ASP.NET 4 that need Connect to SQL Server 2008 R2 with Parallelism, Also Use IIS 7 and Windows authentication, I use Parallel.Foreach expression, When I use Foreach every thing is fine, but in Parallel.Foreach I get an error: Login failed for user: 'IIS APPPOOL\\MyAppPool'., So after some search I found need to change Process Model identity in Application pool From ApplicationPoolIdentity to LocalSystem:
Or I can add specific user:
But the last one is not a proper solution.
So I check in SQL SPs modified it and add line:
Then the result is: When I use foreach (mean without parallelism) all the registered user is MyLoginUser but with Parallel.foreach (And LocalSystem Identity) the first user registered is MyLoginUser and the others is NT Authority System.
Also I found Parallel Impersonation but not worked either and I got the same error.
As I understand MyLoginUser have not permission to Multi Connect to sql, Am I right?
if yes, so how can I add permission to this user?
In final I try to use ApplicationPoolIdentity and MyLoginUser to use Parallelism to connect to SQL. Does any one have any suggestion?
UPDATE:
I found that the first connection to db is the MyLoginUser then the ASP.NET try to connect more and let ApplicationPool do this, but the applicationpool can not login because have not permission and I also don't want to let it, the only user could connect must be myloginuser.
So the question could be:
How config IIS or ASP.NET to use myloginuser (the same of first user)
to connect with all connections to db (also in Parallel connections)?
When I start the application pool, and request a page in an application in that pool, I get a "HTTP Error 503. The service is unavailable."
If I look at the application pools in IIS, I can see that it has now stopped. Going to the event viewer I find this error message:
'The identity of application pool Badge.Web is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.'
I'm very sure the credentials I'm using is correct. Something else is causing the app pool to stop.
I had similar problem today when an application pool using Windows user identity X stopped working after password change for that user.
Apparently, some information linked to old credentials was stored in the system, and I solved the problem by:
switching app pool identity to NetworkService
switching it back to X using the new password
So far it's working fine.
I found an article saying
The fix is to ensure that the Service/AppPool accounts have the ‘Log on as a batch job’ and ‘Log on as a service’ user rights on the server. This right can be found in Local Security Policy > Computer Configuration > Windows Settings > Local Policies > User Rights Assignment. Either remove the conflicting Group Policy and fix the Local Policy or add the rights to the Group Policy.
http://waveformation.com/2009/06/08/event-5021-the-identity-of-application-pool-lsgroupexpapppool-is-invalid/
While there may be several reasons why this may occur, in this specific case, the 503 error was occurring because the Application pool failed to start. This was because the password was changed recently for the Identity under which the application pool was trying to run. Fix was to go to the IIS Manager-> Application Pool -> Advanced Settings -> Process Model -> Identity and set the password to the new one.
It would also help to check the Event Viewer Logs(Event Viewer (Local) -> Windows Logs -> Application to look for specific causes of failure before proceeding to troubleshoot any further.
My problem was solved by changing Application Pool Identity to NetworkService, going to Advanced Settings > Process Model > Identity > NetworkService with the desired Application Pool selected.
I had the same issue and my solution was: Manager -> Application Pool -> "Select the pool" -> Advanced Settings -> Process Model -> Identity -> NetworkService
I am not used to work with SQL Server(usually I just use express). I run it on windows server 2008, iis7.
I have attached the database to my sql server. I made a web site in iis7 but I get this error message.
Cannot open database "Phaeton.mdf" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Connectionstring I use
<add key="PhaetonConnectionString" value="Data Source=.;Initial Catalog=Phaeton.mdf;Integrated Security=True"/>
Thanks
Since you are using Integrated Security the SQL connection will use the windows identity which is passed from ASP.NET.
You can either change your security to mixed-mode which will involve removing the integrated security. Or use impersonation (check IIS and your web.config) and grant that user access to the database.
Hope that helps
You need to configure your application in IIS to turn off anonymous access and turn on Windows authentication(If yoy want to use integrated security).
Access SQL Server Using Windows Integrated Security
The other way, you can use a connection string with user/password ... with the appropriate login
Problem was that the database I tried to attach was sql express
The problem is here:
Initial Catalog=Phaeton.mdf
In SQL Server Express, you can attach a filename as a local database. That's not how it works on a production SQL Server. In non-Express versions you attach a database permanently, which it looks like you've already done, and you give it a logical name, which is not the same as the primary file name.
I would guess that if the file name was "Phaeton.mdf" then you probably named the database "Phaeton". In which case that part of the connection string should simply be:
Initial Catalog=Phaeton
If that's not the right name, you can get a list of database names from the server using the following script:
USE master;
SELECT name FROM sys.databases