I have "Computer A" which is running Win2K3 and MS SQL server. And
"Computer B" which is running a service that I have created. If I change
the service on "Computer B" to run as a user my program is able to connect
to the SQL server on "Computer A" correctly. But if I set the service on
"Computer B" to run as a local system then I get an error connecting to the
SQL on "Computer A" --- "NT AUTHORITY\ANONY MOUS LOGON". I understand why I
have the error but would prefer to keep the service set to local system
rather then running it under a user account.
So the question is how to either reconfigure the SqlConnection connection
string so the user is not anonymous or to tell the SQL server it's ok for
this computer to log in. I don't want to allow anonymous log in to my SQL
server obivously but I am not really happy about using the SQL user name and
password either.
Thanks in advance,
John
14  3373 
Well, the reason it is called "local" service is because it is designed to
be used within the computer, not across a network.
There is a special account called "NT AUTHORITY\Netwo rkService" which will
allow you to connect remotely. When configuring the service, you can
specify this as your user account (no password needed). This causes Windows
to send the machines domain credentials to sqlserver, therefore SqlServer
would see something like "mydomain\Compu terB$" (dollar sign is important).
Just add this account to SqlServer and you should be able to connect.
"John J. Hughes II" <no@invalid.com > wrote in message
news:es******** ******@TK2MSFTN GP14.phx.gbl... I have "Computer A" which is running Win2K3 and MS SQL server. And
"Computer B" which is running a service that I have created. If I change
the service on "Computer B" to run as a user my program is able to connect
to the SQL server on "Computer A" correctly. But if I set the service on
"Computer B" to run as a local system then I get an error connecting to
the SQL on "Computer A" --- "NT AUTHORITY\ANONY MOUS LOGON". I understand why
I have the error but would prefer to keep the service set to local system
rather then running it under a user account.
So the question is how to either reconfigure the SqlConnection connection
string so the user is not anonymous or to tell the SQL server it's ok for
this computer to log in. I don't want to allow anonymous log in to my SQL
server obivously but I am not really happy about using the SQL user name
and password either.
Thanks in advance,
John
"Peter Rilling" <pe***@nospam.r illing.net> wrote in message
news:eQ******** *******@TK2MSFT NGP15.phx.gbl.. . Well, the reason it is called "local" service is because it is designed to
be used within the computer, not across a network.
There is a special account called "NT AUTHORITY\Netwo rkService" which will
allow you to connect remotely. When configuring the service, you can
specify this as your user account (no password needed). This causes
Windows
to send the machines domain credentials to sqlserver, therefore SqlServer
would see something like "mydomain\Compu terB$" (dollar sign is important).
Just add this account to SqlServer and you should be able to connect.
This only works when the machine accounts are registered in the AD
(W2K/W2K3), and where your SQL server SPN (Service Principal Name) is
registered in the AD as well.
Willy.
Ok, I guess that sounds logical as far as the local system.
I have several options when installing the service and one of them is
NetworkService which seems to be what you are alluding to. If I change the
service so it's installed as either a NetworkService or a LocalService I get
the following error "Requested registry access is not allowed" which since I
store a bunch of data in the registry causes a problems. I am sure it's a
permission thing but a clue as to what time would be helpful if you know it
off the top of your head.
Thanks,
John
"Peter Rilling" <pe***@nospam.r illing.net> wrote in message
news:eQ******** *******@TK2MSFT NGP15.phx.gbl.. . Well, the reason it is called "local" service is because it is designed to
be used within the computer, not across a network.
There is a special account called "NT AUTHORITY\Netwo rkService" which will
allow you to connect remotely. When configuring the service, you can
specify this as your user account (no password needed). This causes
Windows
to send the machines domain credentials to sqlserver, therefore SqlServer
would see something like "mydomain\Compu terB$" (dollar sign is important).
Just add this account to SqlServer and you should be able to connect.
"John J. Hughes II" <no@invalid.com > wrote in message
news:es******** ******@TK2MSFTN GP14.phx.gbl... I have "Computer A" which is running Win2K3 and MS SQL server. And
"Computer B" which is running a service that I have created. If I change
the service on "Computer B" to run as a user my program is able to
connect
to the SQL server on "Computer A" correctly. But if I set the service on
"Computer B" to run as a local system then I get an error connecting to
the SQL on "Computer A" --- "NT AUTHORITY\ANONY MOUS LOGON". I understand why
I have the error but would prefer to keep the service set to local system
rather then running it under a user account.
So the question is how to either reconfigure the SqlConnection connection
string so the user is not anonymous or to tell the SQL server it's ok for
this computer to log in. I don't want to allow anonymous log in to my
SQL
server obivously but I am not really happy about using the SQL user name
and password either.
Thanks in advance,
John
Well, now you get into the opposite problem as "local service", in that
NetworkService is designed to work across the network, not locally.
If you need local resources, then you will need to set those permissions on
any registry keys or folders that your Windows service might need to access.
Again, you would just need to set the ACLs for "NT
AUTHORITY\Netwo rkService."
"John J. Hughes II" <no@invalid.com > wrote in message
news:e8******** ******@TK2MSFTN GP14.phx.gbl... Ok, I guess that sounds logical as far as the local system.
I have several options when installing the service and one of them is
NetworkService which seems to be what you are alluding to. If I change
the service so it's installed as either a NetworkService or a LocalService I
get the following error "Requested registry access is not allowed" which since
I store a bunch of data in the registry causes a problems. I am sure it's a
permission thing but a clue as to what time would be helpful if you know
it off the top of your head.
Thanks,
John
"Peter Rilling" <pe***@nospam.r illing.net> wrote in message
news:eQ******** *******@TK2MSFT NGP15.phx.gbl.. . Well, the reason it is called "local" service is because it is designed
to be used within the computer, not across a network.
There is a special account called "NT AUTHORITY\Netwo rkService" which
will allow you to connect remotely. When configuring the service, you can
specify this as your user account (no password needed). This causes
Windows
to send the machines domain credentials to sqlserver, therefore
SqlServer would see something like "mydomain\Compu terB$" (dollar sign is
important). Just add this account to SqlServer and you should be able to connect.
"John J. Hughes II" <no@invalid.com > wrote in message
news:es******** ******@TK2MSFTN GP14.phx.gbl... I have "Computer A" which is running Win2K3 and MS SQL server. And
"Computer B" which is running a service that I have created. If I
change the service on "Computer B" to run as a user my program is able to
connect
to the SQL server on "Computer A" correctly. But if I set the service
on "Computer B" to run as a local system then I get an error connecting to
the SQL on "Computer A" --- "NT AUTHORITY\ANONY MOUS LOGON". I understand
why I have the error but would prefer to keep the service set to local system
rather then running it under a user account.
So the question is how to either reconfigure the SqlConnection
connection string so the user is not anonymous or to tell the SQL server it's ok
for this computer to log in. I don't want to allow anonymous log in to my
SQL
server obivously but I am not really happy about using the SQL user
name and password either.
Thanks in advance,
John
Again thank you for your support.
I have worked around the registry problem and added the computer name to the
SQL as a valid log in with access to the correct databases.
Now I have the following error message from the connection string:
"Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection."
My connection string is "Data Source=MyServer ;Initial
Catalog=DBData; Integrated Security=SSPI;P ersist Security Info=False;Pack et
Size=4096;Works tation ID=MyWks" which works fine from the user account.
Is this message because my workstation is set as a workgroup and not part of
the Win2K3 domain or do I need to configure the connection string
differently?
Regards,
John
"Peter Rilling" <pe***@nospam.r illing.net> wrote in message
news:ej******** ******@TK2MSFTN GP12.phx.gbl... Well, now you get into the opposite problem as "local service", in that
NetworkService is designed to work across the network, not locally.
If you need local resources, then you will need to set those permissions
on
any registry keys or folders that your Windows service might need to
access.
Again, you would just need to set the ACLs for "NT
AUTHORITY\Netwo rkService."
"John J. Hughes II" <no@invalid.com > wrote in message
news:e8******** ******@TK2MSFTN GP14.phx.gbl... Ok, I guess that sounds logical as far as the local system.
I have several options when installing the service and one of them is
NetworkService which seems to be what you are alluding to. If I change
the service so it's installed as either a NetworkService or a LocalService I
get the following error "Requested registry access is not allowed" which
since
I store a bunch of data in the registry causes a problems. I am sure it's
a
permission thing but a clue as to what time would be helpful if you know
it off the top of your head.
Thanks,
John
"Peter Rilling" <pe***@nospam.r illing.net> wrote in message
news:eQ******** *******@TK2MSFT NGP15.phx.gbl.. . > Well, the reason it is called "local" service is because it is designed to > be used within the computer, not across a network.
>
> There is a special account called "NT AUTHORITY\Netwo rkService" which will > allow you to connect remotely. When configuring the service, you can
> specify this as your user account (no password needed). This causes
> Windows
> to send the machines domain credentials to sqlserver, therefore SqlServer > would see something like "mydomain\Compu terB$" (dollar sign is important). > Just add this account to SqlServer and you should be able to connect.
>
>
> "John J. Hughes II" <no@invalid.com > wrote in message
> news:es******** ******@TK2MSFTN GP14.phx.gbl...
>> I have "Computer A" which is running Win2K3 and MS SQL server. And
>> "Computer B" which is running a service that I have created. If I change >> the service on "Computer B" to run as a user my program is able to
>> connect
>> to the SQL server on "Computer A" correctly. But if I set the service on >> "Computer B" to run as a local system then I get an error connecting
>> to
> the
>> SQL on "Computer A" --- "NT AUTHORITY\ANONY MOUS LOGON". I understand why > I
>> have the error but would prefer to keep the service set to local
>> system
>> rather then running it under a user account.
>>
>> So the question is how to either reconfigure the SqlConnection connection >> string so the user is not anonymous or to tell the SQL server it's ok for >> this computer to log in. I don't want to allow anonymous log in to my
>> SQL
>> server obivously but I am not really happy about using the SQL user name > and
>> password either.
>>
>> Thanks in advance,
>> John
>>
>>
>
>
"John J. Hughes II" <no@invalid.com > wrote in message
news:Oe******** ******@TK2MSFTN GP12.phx.gbl... Again thank you for your support.
I have worked around the registry problem and added the computer name to
the SQL as a valid log in with access to the correct databases.
Now I have the following error message from the connection string:
"Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection."
My connection string is "Data Source=MyServer ;Initial
Catalog=DBData; Integrated Security=SSPI;P ersist Security Info=False;Pack et
Size=4096;Works tation ID=MyWks" which works fine from the user account.
Is this message because my workstation is set as a workgroup and not part
of the Win2K3 domain or do I need to configure the connection string
differently?
Regards,
John
I'm unclear on how you were able to (successfully) add a remote machine
account to SQL. Machine accounts are W2K (or higher) domain members and must
be specified as domain\MachineN ame$ where domain is the domain where both
SQL server and client machine are members of. Each machine account is just
like a regular domain user account, so authentication requests are handled
by the DC of the login domain, and as you aren't running in a domain realm
this feature won't work for you.
If you need SQL integrated security to work in a workgroup, you should
create a shadow account on both servers that is an account with the same
identity and password. At the asp.net side you must grant the required
privileges to the local system resources like Filesystem and Registry, on
the SQL side you can grant SQL server access and nothing else.
Willy.
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:ew******** ********@TK2MSF TNGP09.phx.gbl. ..
"John J. Hughes II" <no@invalid.com > wrote in message
news:Oe******** ******@TK2MSFTN GP12.phx.gbl... Again thank you for your support.
I have worked around the registry problem and added the computer name to
the SQL as a valid log in with access to the correct databases.
Now I have the following error message from the connection string:
"Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection."
My connection string is "Data Source=MyServer ;Initial
Catalog=DBData; Integrated Security=SSPI;P ersist Security
Info=False;Pack et Size=4096;Works tation ID=MyWks" which works fine from
the user account.
Is this message because my workstation is set as a workgroup and not part
of the Win2K3 domain or do I need to configure the connection string
differently?
Regards,
John
I'm unclear on how you were able to (successfully) add a remote machine
account to SQL. Machine accounts are W2K (or higher) domain members and
must be specified as domain\MachineN ame$ where domain is the domain where
both SQL server and client machine are members of. Each machine account is
just like a regular domain user account, so authentication requests are
handled by the DC of the login domain, and as you aren't running in a
domain realm this feature won't work for you.
If you need SQL integrated security to work in a workgroup, you should
create a shadow account on both servers that is an account with the same
identity and password. At the asp.net side you must grant the required
privileges to the local system resources like Filesystem and Registry, on
the SQL side you can grant SQL server access and nothing else.
Willy.
Well in regards to add the log in name to the SQL server I just did the
following, no problem.
exec sp_grantlogin 'MyDomain\MyCom puter$'
I had a feeling the domain thing was causing me problems. I am writing and
testing my code on a workstation so there is no second server at this point.
When the code is released it will be on a second server so my current
problem may be mute but it would be nice to test in as close to the same
environment as possible.
I am not using asp.net, this is a normal service which accesses the SQL
server on a second computer which happens to be a Win2K3 server.
Oh well thanks for the pointer, I guess I will read about shadow accounts
today :)
Regard,
John
"John J. Hughes II" <no@invalid.com > wrote in message
news:ew******** ******@TK2MSFTN GP12.phx.gbl...
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:ew******** ********@TK2MSF TNGP09.phx.gbl. ..
"John J. Hughes II" <no@invalid.com > wrote in message
news:Oe******** ******@TK2MSFTN GP12.phx.gbl... Again thank you for your support.
I have worked around the registry problem and added the computer name to
the SQL as a valid log in with access to the correct databases.
Now I have the following error message from the connection string:
"Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection."
My connection string is "Data Source=MyServer ;Initial
Catalog=DBData; Integrated Security=SSPI;P ersist Security
Info=False;Pack et Size=4096;Works tation ID=MyWks" which works fine from
the user account.
Is this message because my workstation is set as a workgroup and not
part of the Win2K3 domain or do I need to configure the connection
string differently?
Regards,
John
I'm unclear on how you were able to (successfully) add a remote machine
account to SQL. Machine accounts are W2K (or higher) domain members and
must be specified as domain\MachineN ame$ where domain is the domain where
both SQL server and client machine are members of. Each machine account
is just like a regular domain user account, so authentication requests
are handled by the DC of the login domain, and as you aren't running in a
domain realm this feature won't work for you.
If you need SQL integrated security to work in a workgroup, you should
create a shadow account on both servers that is an account with the same
identity and password. At the asp.net side you must grant the required
privileges to the local system resources like Filesystem and Registry, on
the SQL side you can grant SQL server access and nothing else.
Willy.
Well in regards to add the log in name to the SQL server I just did the
following, no problem.
exec sp_grantlogin 'MyDomain\MyCom puter$'
I had a feeling the domain thing was causing me problems. I am writing
and testing my code on a workstation so there is no second server at this
point. When the code is released it will be on a second server so my
current problem may be mute but it would be nice to test in as close to
the same environment as possible.
I am not using asp.net, this is a normal service which accesses the SQL
server on a second computer which happens to be a Win2K3 server.
Oh well thanks for the pointer, I guess I will read about shadow accounts
today :)
Regard,
John
John,
Sorry, don't know why I was refering to asp.net, anyway this applies to any
service running on windows.
That means it can be tested (the shadow account) with the file server
service as well.
Create the same account on both machines.
Grant access to a file share on the server.
Runas the "shadow account" on the client, and see you can access the files
on the remote share.
Willy.
Willy.
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:uO******** ******@TK2MSFTN GP12.phx.gbl...
"John J. Hughes II" <no@invalid.com > wrote in message
news:ew******** ******@TK2MSFTN GP12.phx.gbl...
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:ew******** ********@TK2MSF TNGP09.phx.gbl. ..
"John J. Hughes II" <no@invalid.com > wrote in message
news:Oe******** ******@TK2MSFTN GP12.phx.gbl...
Again thank you for your support.
I have worked around the registry problem and added the computer name
to the SQL as a valid log in with access to the correct databases.
Now I have the following error message from the connection string:
"Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection."
My connection string is "Data Source=MyServer ;Initial
Catalog=DBData; Integrated Security=SSPI;P ersist Security
Info=False;Pack et Size=4096;Works tation ID=MyWks" which works fine from
the user account.
Is this message because my workstation is set as a workgroup and not
part of the Win2K3 domain or do I need to configure the connection
string differently?
Regards,
John
I'm unclear on how you were able to (successfully) add a remote machine
account to SQL. Machine accounts are W2K (or higher) domain members and
must be specified as domain\MachineN ame$ where domain is the domain
where both SQL server and client machine are members of. Each machine
account is just like a regular domain user account, so authentication
requests are handled by the DC of the login domain, and as you aren't
running in a domain realm this feature won't work for you.
If you need SQL integrated security to work in a workgroup, you should
create a shadow account on both servers that is an account with the same
identity and password. At the asp.net side you must grant the required
privileges to the local system resources like Filesystem and Registry,
on the SQL side you can grant SQL server access and nothing else.
Willy.
Well in regards to add the log in name to the SQL server I just did the
following, no problem.
exec sp_grantlogin 'MyDomain\MyCom puter$'
I had a feeling the domain thing was causing me problems. I am writing
and testing my code on a workstation so there is no second server at this
point. When the code is released it will be on a second server so my
current problem may be mute but it would be nice to test in as close to
the same environment as possible.
I am not using asp.net, this is a normal service which accesses the SQL
server on a second computer which happens to be a Win2K3 server.
Oh well thanks for the pointer, I guess I will read about shadow accounts
today :)
Regard,
John
John,
Sorry, don't know why I was refering to asp.net, anyway this applies to
any service running on windows.
That means it can be tested (the shadow account) with the file server
service as well.
Create the same account on both machines.
Grant access to a file share on the server.
Runas the "shadow account" on the client, and see you can access the files
on the remote share.
Willy.
Willy.
Willy,
How is this different then just going to properties of the service and
setting the "Log On" property to "This Account" and using a local account?
Currently if I change the log on account for this service to my user account
the system works fine. I am trying to test as a network service which seems
to have a whole bunch of other problems. The problem is when I run as a
network service then the user name is <null> when trying to log on to the
SQL server. Will this shadow account allow me to in some way convince the
network service it has a valid name?
Regards,
John This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Patrick |
last post by:
Hello
I have 3 Servers, all running Windows 2000. On two (WEB-1 & WEB-2) machine I
run a website with IIS 5.0 and on the other an MS SQL Database 2000
(SQL-01). So I connect from the Websites to the Server using the following
connection-string
Provider=SQLOLEDB.1;Password=mypw;Persist Security Info=True;User
ID=myuser;Initial...
|
by: Arun T M |
last post by:
I have a Windows Service written in VB .NET which
connects to an Exchange Server and accesses the messages
in the Public Folders. I am using Collaborative Data
Objects to do this. When I run the service, I get the
following error...
System.Runtime.InteropServices.COMException (0x80010106):
]
at...
|
by: George Hester |
last post by:
http://support.microsoft.com/default.aspx?scid=kb;en-us;301464
Look down at the MyPage.asp example. You will see that Microsoft does this:
'Costruct the URL for the current page
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
If Request.QueryString.Count > 0 Then
s = s & "?" &...
|
by: heyitsme_ryan |
last post by:
Ei guys I’m Ryan from Philippines, I need your advice and
recommendations about Windows 2003 Server and SQL Server 2000
installation. Well, here’s the scenario.
First is for windows 2003 server:
We have a windows 2003 server that is a Logon Server and we have at
least 90 workstation here in our office to manage. The problem is when
we...
|
by: Gary K |
last post by:
After a bit a trouble getting VS to create a project on a different web
server (I forgot to apply the 'fix'), I get the following error when trying
to debug my web application.
Error while trying to run project: Unable to start debugging on the web
server. There appears to be no suitable logon session on the server. Please
verify that you...
| | |
by: Nils Magnus Englund |
last post by:
Hello,
I am having trouble using Integrated Windows Authentication between our
intranet server and our database server, both of which are on our local
domain.
Windows authentication works for our intranet server - my domain user
"DOM\nme" is correctly authenticated and authorized to view the ASP.NET page
on our intranet. The ASP.NET...
|
by: gerry |
last post by:
I am almost at the end of my rope - I have to go through this process
everytime a new version of studio is released or it is installed on a new
machine - what a (^%&$^& pain.
I am trying to debug a web app from within vs.net 2005 locally on windows
2003 server
I just cannot get debugging to work anywhere other than localhost
I completely...
|
by: Jon B |
last post by:
Hi All!
I have a ASP.NET 2.0 site that works on the Windows 2000 Server. However,
when I tried to view this site on my local Windows XP machine, I get "Server
Unavailable". If I switch the Windows XP IIS back to ASP.NET 1.1 then I get
the Configuration Error (which is understandable because I'm trying to run
an ASP.NET 2 site with 1.1...
|
by: lmttag |
last post by:
ASP.NET 2.0 (C#) application
Intranet application (not on the Internet)
Using Windows authentication and impersonation
Windows Server 2003 (IIS6)
Server is a member server on a domain
Logged into server as a domain user that is in the local Administrators
group on the server
Workstation is on the same domain
Logged into the workstation as...
|
by: =?Utf-8?B?QWRyaWFuTW9ycmlz?= |
last post by:
Hello!
I'm trying to copy a file from another computer on the network that I do not
have permission with my current logon details to access.
If I open the folder using the Windows file manager with the path "\\
192.168.2.2\temp" (where temp is a shared directory on server \\192.168.2.2),
windows prompts for a User Name and password of a...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |
