Hey All,
More fun and games with SQL Server 2005.
Mike: thanks for your help before on the Beta. I was able to uninstall and
regain connectivity. I didn't have to wipe the box, but came close!!
Here is a new twist:
Previous situation:
- One data server
- 2 instances: SQL Server 2000 in a named instance; SQL Server 2005 Beta 2
in the default instance.
- Access to the legacy database (2000) is controlled through a trusted
connection, using an Active Directory Group (MSA Users). This group is
granted public role access with various pre-defined rights on the objects.
- Access to the beta is for a website we are developing, and is done
through a SQL Server connection. This connection is granted public role,
with limited access to objects--mostly stored procedure executions only.
- Everything running well.
Now:
- SQL Server Beta 2 expired.
- Uninstalled and cleaned SQL Server 2005 Beta 2.
- Installed SQL Server 2005 April CTP.
- Databases are running well, however:
- Trusted connections to the legacy database are all messed up: the Windows
group controlling access to the SQL 2000 database still exists, but members
of the group can no longer connect. Some weird behavior ensues:
* Some get an 18456. Messages include: "Cannot find the specified server"
* Some can connect via the IP, but not the DNS
DANGEROUS, but working (WHY?)--
* When I add the users to a completely unrelated AD group (with no
particular access to SQL Server, AND I make group associated with the truste
d
connection members of the local Administrators group on the data box, THEN
they can connect. If I remove the user from the unrelated group OR I remove
the trusted group from the local Administrators group , they cannot connect.
Of course, this is less than desirable. What happened to the security?
HELP!!
Mike--I see you live in Zurich. I once lived in Yverdon.
--
Graeme MartinI spoke with some folks at Microsoft who were very helpful. Just thought I
would share with you what we found--
1. The named instance (2000) wasn't showing up to users trying to connect:
* Check SQL Browser service is running.
* Check the following key in the registry:
HKLM/Software/Microsoft/Microsoft SQL Server/90/SQL Browser/SsrpListener
(REG_DWORD). This value needs to be (1).
2. The user was denied access from the trusted group. Run this SQL:
USE master
GO
SELECT name, denylogin, hasaccess FROM syslogins
-- denylogon should be 0; hasaccess should be 1 for your logins.
3. Use sp_grantlogin 'DOMAINNAME\username' to add logins. This SP will
ensure the proper fields are filled out.
4. Still can't figure out why the website won't show up, but I think it's an
unrelated issue.
Thanks all! Hope this helps you too!
Graeme Martin
"The Oracle" wrote:
> Hey All,
> More fun and games with SQL Server 2005.
> Mike: thanks for your help before on the Beta. I was able to uninstall an
d
> regain connectivity. I didn't have to wipe the box, but came close!!
> Here is a new twist:
> Previous situation:
> - One data server
> - 2 instances: SQL Server 2000 in a named instance; SQL Server 2005 Beta
2
> in the default instance.
> - Access to the legacy database (2000) is controlled through a trusted
> connection, using an Active Directory Group (MSA Users). This group is
> granted public role access with various pre-defined rights on the objects.
> - Access to the beta is for a website we are developing, and is done
> through a SQL Server connection. This connection is granted public role,
> with limited access to objects--mostly stored procedure executions only.
> - Everything running well.
> Now:
> - SQL Server Beta 2 expired.
> - Uninstalled and cleaned SQL Server 2005 Beta 2.
> - Installed SQL Server 2005 April CTP.
> - Databases are running well, however:
> - Trusted connections to the legacy database are all messed up: the Windo
ws
> group controlling access to the SQL 2000 database still exists, but member
s
> of the group can no longer connect. Some weird behavior ensues:
> * Some get an 18456. Messages include: "Cannot find the specified serve
r"
> * Some can connect via the IP, but not the DNS
> DANGEROUS, but working (WHY?)--
> * When I add the users to a completely unrelated AD group (with no
> particular access to SQL Server, AND I make group associated with the trus
ted
> connection members of the local Administrators group on the data box, THEN
> they can connect. If I remove the user from the unrelated group OR I remo
ve
> the trusted group from the local Administrators group , they cannot connec
t.
> Of course, this is less than desirable. What happened to the security?
> HELP!!
> Mike--I see you live in Zurich. I once lived in Yverdon.
> --
> Graeme Martin
>sql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment