I am trying to connect an ASP.NET 2.0 application hosted on a client machine to an SQL server 2000 instance which is installed on a domain controller running windows server 2003 (I appreciate this is not best practise, but it is something I cannot change). I am using SQL server authentication, not Windows authentication.
During debugging, the following error is displayed at the point the 'connection' is attempted within the web application (not on running any object within Sql Server):
"An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)"
I have done some research, and have checked a variety of things:
1) I am certain the conection string is correct - in fact I built a little Windows app that uses the same connection information and connection succeeds...
2) This is limited to the web application - a windows application running on the remote client machine connects just fine using the same connection string (see 1).
3) The firewall settings on both computers do not prevent the connection (see 1).
4) I can ping the windows 2003 server (see 1)
5) The SQL Server credentials definitely have the rights to the objects needed
6) If I (temporarily) put the web application on the windows server 2003 and run it, it loads and runs fine (using a browser on a separate machine, or on the client machine I am trying to connect) - suggesting this is only an issue with a remote connection, and confirming the connectivity between the machines again, and also confirming the necessary security right of the SQL Server user.
7) I can start query analyser on the client machine and using the same SQL server credentials, can run the same queries on the target database just fine.
Stumped. Please help!
You need to go into the SQL Server Configuration Manager and make sure the Named Pipes option is turned on. It is not turned on by default when you install SQL Server.
Because of the research I did in the original question covering the ability of a windows app to connect but not the ASP.NET app to connect from the same machine, and the confirmation the web app was working on the server itself, I was convinced SQL server was set up correctly, that connectivity and firewalls were not a problem - it must have been a difference in the security credentials of the windows app versus the web app.
The windows app runs in the security credentials of the logged on windows user and authenticates using that, whereas the webapp runs in a restricted account and does not pass these credentials over when connecting to SQL server by default. I simply added to web.config, which impersonates the user account within which the web app runs, and it all worked!
Problem solved.
Related
I'm developing an ASP.net web application.
My default page is a simple login screen.
I am using Visual Studio to develop the application.
It will run using Visual Studio and when the data is entered to the text boxes and the button is clicked, it sends the request to my own server running Windows Server 2012 with SQL Server 2014 installed.
I will also mention that the ASP application is being created as a secondary application for an Android application. The Android application is using the same database over Internet connection so I know that the server and SQL server both can accept read and write calls.
I have tested the ASP application using WebClient calls to php files which connect to the database (this works on Android) and also OracleClient and SQLClient calls all of which work from Visual Studio on my workstation to the server machine. These all work fine to send and receive data from the database.
The problem is once I deploy the application to my hosting site the calls no longer seem to work. The default login page opens but after attempting to login I receive errors as follows:
Exception Details: System.ComponentModel.Win32Exception: No connection could be made because the target machine actively refused it
[Win32Exception (0x80004005): No connection could be made because the target machine actively refused it]
[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible.
Can anyone help me with this?
It sounds like your database is accepting connections from some clients, but not your hosting server. I would try testing a SQL connection straight from the hosting Server and see if a test connection can be successful. If you can get that to work it should work from the web server.
This article Quick ways to test OLE DB Connection String on creating a empty TestConnection.udl file will be helpful. It is easier to try different connection string settings through the Data Link Properties UI. When you save the file, you can see the connection string if you open it in a text editor (assuming it is successful).
If it's not a problem with he connection string, check that you do not have a firewall blocking connections between the Windows 2012 and SQL servers. It could be the widows firewall on either machine, or another firewall at the network level.
I'm trying to connect and getting an error like:
Login failed. The login cannot be used with Windows Authentication
I'm using mirrored local accounts on SQL Server and web server because I'm simply trying to use a trusted connection between machines not on the same domain. It seems like something that would be fairly common, but after days of trying to find an answer that applied to my situation, I do not recognize that any of the answers were applicable... that or the fact that I'm only a .NET developer and not a sysadmin or DBA means I have it and just don't know it.
Here's what I can say:
CMS web server: ASP.NET 4.0 web app running on Windows Server 2008, IIS7, on corporate DMZ
CMS database server: SQL Server 2008 R2 on a domain server
For various reasons that I won't go in to, encrypting the credentials is not sufficient.
The database port that the application needs to connect on is not the standard port and is set up to listen on a different port.
Setting up DB mirroring isn't an option and doesn't really address the requirements (in my way of thinking)
Also, FYI if this is helpful to know:
Content entry happens on internal web server which publishes content to same DB that is accessed by the DMZ web server.
Content server is set up to have the website run the app pool in integrated mode with a windows domain user that has been set as a service account using the -ga switch and given all the appropriate rights and everything runs perfect.
External web server, without domain access, using mirrored accounts (same username and password set up on the SQL Server machine and web machine).
Local account on the web server set as a service account using -ga switch and running as the app pool identity for my app.
On the SQL Server box, created local user with identical creds and given same permissions that the domain user identity has
Connecting to SQL Server via MGMT studio installed on web server with the SQL Server user creds works fine.
Now, if I put in the username in to the connection strings, everything is perfect. As soon as I put the trusted_connection=yes in the connection string like I did with the domain server connection strings, I get the trust error.
So if my connection string is like this, it works fine:
Server=myServerAddress;Database=myDataBase;Username=MyUser; Password=MyPassword;
If I change my connection string to either of these, it fails:
Server=myServerAddress;Database=myDataBase;Trusted_Connection=True;
or
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
I'm working with one of the client's network admins and he's not necessarily a DBA and doesn't have experience with configuring web apps. So it's possible that we're missing something and any advice or ideas would help. What am I missing?
If using SQL credentials are not an option, then you should use Active Directory and create a one-way trust (have DMZ server domain trust your internal domain), create a service account in your internal domain which your DMZ application can use, and grant that account access to the database. Then it will be able to generate SSPI context.
We are upgrading from an environment where the development web server, the SQL Server 2005, and SQL Server data are all on the same machine, a Windows XP Machine. We are upgrading to having the web server on one Windows 2008 server, the SQL Server on a 2nd Windows 2008 Server, and to Server to a Windows 2008 server, nd the data on a SAN.
Now we are getting the error message:
A connection was succesfully established with the server, but then
an error occured during the login
process. (provider: named pipes
provider, error 0, no process is on
the other end of the pipe.)
The network guy thinks it is a problem with the connection string:
<add name="CNString"
connectionString="Data Source=WEBSERVER;
Initial Catalog=PCIdb;
User ID=sa;Password=pass;"
providerName="System.Data.SqlClient"/>
Can anyone help out here?
Is your SQL Server really called WEBSERVER (DataSource="WEBSERVER") ??
Also, I would never EVER use the sa account in a connection string - NEVER, period. Use an application specific user or something, but do not use the sa account under any circumstances.
This can be caused by any number of reasons, but the first thing to look at is the configuration and setup of the SQL Server itself.
Are named pipes enabled on the server? You can check this through the server configuration manager (on the SQL Server machine itself).
Is the user on the connection string (or the connection pool user if you are using SSPI) setup on the server?
Note:
I do hope the connection string you put up is an edited version of your real one, as there are a couple of issues with it:
Using the sa login - you should never do that as now any SQL exploit can do any damage it wants
Calling a sql server "webserver" - a really confusion naming decision
When it comes to connection strings, look at connectionstrings.com - they hold a good list of valid connection strings to many databases using different providers.
I got that error before...Make sure SQL server services are started
If that's not it, change the authentication mode to both server and windows.
It could be a connectionstring problem. Try comparing your connectionstring to the connectionstrings at http://www.connectionstrings.com but it could also be that the remote connection or the remote server (the webserver in this case) isn't allowed to connect to SQL.
Check if remote connections are allowed and named pipes and/or TCP/IP protocols are enabled on the database server.
But, based on the scenario you've described, I'd say it's the database-end that's refusing the connection (since you've already had a working solution).
I can neither login from my application nor connect using the wizard to my Membership Provider on my local machine. My other DBs can connect from my application just fine. My connection string is correct, it has not been changed (I was able to login using membership previously, this is a new issue).
I created a new App to see if it could be the config, threw a login on it and registered and ran into the same issue.
This is the error message I am getting: "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) "
Though my other DB can connect I still checked:
TCP/IP enabled
Multiple connections enabled
Firewall down
Correct instance of sql server being referred to in Machine config.
Also, my network service account has rights to the DB, but should there be an ASPNET user?
I can't think of a single thing I have changed to this machine since this was working previously.
Thank you.
EDIT DETAILS: There are no aliases, yet, but if my other connections are working that shouldn't be the issue. I understand these things can be wonky though, so that's something I'm going to try now. Thanks. I will also try and take a look at what's going on while trying to connect. Best way: event logs?
I am using Windows Auth, I'm connecting locally, using Windows 7 and SQL Server 2008 along with VS 2008. I can connect with Management Studio and query the DB, yes. NetworkService account has rights to the DB.
Check the Server name in the connection-string if the Sql-Server is in the same machine with the web application use "."(dot) without quotes instead of the computer-name in your connection string.
Have you tried sniffing it to see if there's anything you can see on the wire when the connection attempt is made?
Are there any aliases around the server/DB name? Have you tried creating one and connecting to it?
Are the other instances you can connect to on the same machine? Same SQL Server instance?
If you use impersonation, does the problem go away?
It sounds like you can connect to one database, but not the one you need. Is that correct?
The ASPNET user is a Windows XP thing. You should generally use NETWORK SERVICE for server-based deployments.
So, you can connect from Management Studio, but not from IIS? What identity are you using for the IIS AppPool?
Can you connect if you use Cassini (the web server that comes with Visual Studio)? That should pass through your user ID.
Our website connects to a database correctly when running the website locally using the built-in web server. But, when we deploy the site to our server running IIS, we get a database connection error. The database server is different from our IIS server. Note that a trusted connection to a different database on the SAME server as IIS works fine.
What do we need to do to connect to a SQL database on a different server with a trusted connection?
When you're running a web site using Cassini, the account used by the web server process is your own account that you use to log on to your Windows machine. That account will be different on IIS.
Consider the security implications of opening the database up to a broader access than you may need with trusted connection. Perhaps you could use Windows authentication with a service account. That is, create an application-specific user in SQL Server with limited permissions. Then, you will get the benefits of connection pooling while avoiding passing credentials.
I'd check the user account that app domain in IIS is using to connect to SQL Server. The account in IIS may not have access to network resources as well which would explain the trouble reaching the other database server.
Sounds like you need to configure the database server to provide access to the database you're trying to connect to.
Assuming SQL Server, log into SQL Server Enterprise Manager and under Security -> Logins, open the properties for the applicable user (probably the Network Service or ASP.NET account of the web server) and go to the Database Access tab and ensure that the Permit checkbox is ticked for the database you are connecting to.