AD sync service account for cloud based application

Similar Messages

• Service accounts for the Workspace Database service permission Error while creating Tabular Mode from PowerPivot

  Hi All,
  Please help me out against this issue. I have spent so much (3 working days) time just figuring out what is the issue and its solution.
  I am learning Tabular Mode and trying to create a mode based on PowerPivot model. I am getting following error message:
  'The PowerPivot workbook could not be imported. The service account for the workspace database server does not have permission to read from the PowerPivot workbook.'
  Here is my infrastructure:
  1. SSAS in Tabular Mode is installed on my Windows 8 Laptop
  2. PowerPivot is also in my laptop
  3. There is only my account (as Admin of course) for SSAS
  Here are my questions:
  1. What is this error and how can I cope with that? A step by step explanation would be highly appreciated :-)
  2. Do I need to change something in Windows settings or in SSAS?
  3. I am confused about my workspace database server as well, Do I have to install SSAS twice; one for development and one for workspace?
   Looking forward for the expert advise.
  Tahir
  Thanks, TA

  Hi,
  I suspect you might have more luck if you try the SSAS forum: http://social.msdn.microsoft.com/Forums/sqlserver/en-US/home?forum=sqlanalysisservices
  Regards
  Jamie
  ObjectStorageHelper<T> – A WinRT utility for Windows 8 |
  http://sqlblog.com/blogs/jamie_thomson/ |
  @jamiet |
  About me

• Using Managed Service Accounts for App Activities

  I know and understand the introduction of windows service accounts, and how various applications run as Windows Service Account or a virtual account. I also know that one can connect to things such a File Share etc using a Managed Service Account.
  Has anyone ever tried to do anything like FTP or anything with a Managed Service Account?
  If so do can you provide locations on where this information is documented.
  Currently we have applications & scripts that rely on things like FTP, for doing their various jobs, these apps & scripts use, domain creds like FTPUser to connect to the FTP service. Having these domain level (user accounts) for these types of a tasks
  is a maintenance nightmare and a security risk. I would like to replace FTPUser with something like TRANS_APP_FTP_USER$ (Managed Service Account) so that the transfer app, will use a MSA instead of a domain account to connect to the FTP server.
  So far all the docs I've seen have explained how to get the TransApp to run using an MSA... but I want the TransApp to connect to something like an FTP server.
  Some documentation (links) discussing this would be helpful.

  Hi,
  >>these apps & scripts use, domain creds like FTPUser to connect to the FTP service. Having these domain level (user accounts) for these types of a tasks
  is a maintenance nightmare and a security risk.
  As stated in the Wikipedia article:
  FTP users may authenticate themselves using a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects
  the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS).
  File Transfer Protocol
  http://en.wikipedia.org/wiki/File_Transfer_Protocol
  Besides, for FTP related questions, in order to get better help, it’s recommended that we ask for suggestions in the following IIS forum.
  IIS
  http://forums.iis.net/
  Best regards,
  Frank Shen

• Utilities and SDK for Subsystem for UNIX-based Applications in Windows 8 doesn't install

  Trying to install the package and well into the process I get an error message saying that my processor isn't supported and to contact my vendor..  I have a Lenovo U 410 LT with Win 8 Pro.  It has an Intel Core i7 processor.   I also tried the AMD version thinking they may have been swapped but it also does not install.  How to get it installed?  I really need the NFS in it.

  Hi stewartmcadoo,
  Welcome back to Lenovo Community Forums!
  I’m sorry to hear that there is an error message displayed in your U410 Laptop while installing “Utilities and SDK for Subsystem for UNIX-based Applications in Windows 8”, make sure you are installing this application as an Administrator User, if the issue is same even in this user account, I suggest you to download the package again and right click in the downloaded file select “Run as administrator” to get it installed in administrator mode, below is the link to download the SDK package:
  Utilities and SDK for Subsystem for UNIX-based Applications in Windows 8
  Hope this helps!!!
  Do post us back if the issue still persists.
  Best Regards
  Shiva Kumar
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• Use SIA service account for SQL Server reporting connections (BIP4.1)

  Is it possible to use the SIA service account as a proxy for a SQL Server connection using OLE DB? This way, anytime a report was refreshed, the SIA service account would be used when authenticating to the reporting database? This is a common pattern in software development to minimize database maintenance (when there is sufficient security being enforced at the application layer - BOBJ provides this).
  This would make SQL Server database security management very easy for the DBAs (just add the BOBJ service account to the database and assign dbreader).
  I would think this would be an option, but a Relational Connection only provides the following 3 Authentication modes when using the IDT to create and publish a Relational Connection (OLEDB/MSSQL):
  Use BusinessObjects credential mapping
  This takes the username and password from the "Database Credentials" section of the BusinessObjects User object for the user in the current session. It passes the info as hard-coded SQL authentication.
  Use single sign-on when refreshing reports at view time
  This is ONLY for end-to-end single-sign-on (as the error message in the next paragraph specifies) and uses the Windows AD credentials for the user in the current session. It is this method of authentication that I'd like to use, i.e. Windows Integrated Security, but I'd like to have the SIA account act as the account that makes the connection, not end-to-end.
  Use specified username and password
  This is for hard-coding usernames and passwords (only SQL authentication in OLE DB).
  I've tried leaving the "Cache security context" option OFF in Windows AD Authentication settings, hoping it would default to using the service account for authentication to the database... to no avail. It fails during tests in the IDT with the message:
  "Single Sign-On failed in the CMS. Please contact your system administrator for details. : The authentication provider (secWinAD) associated with this logon session does not have inter-process Single Sign-On enabled. Contact your system administrator for details. (FWB 00019)"
  Alternatively, a SQL user could be hard-coded into the connection (same simple maintenance on the DBA side), but we'd really like to rely on Windows Integrated Security if possible!
  Is there a way?
  Any help is greatly appreciated!
  David

  Hey David,
  Did you ever solve this? We get the same SSO error when indexing information spaces in Explorer.
  Thanks,
  Brandon

• Okay... try #3... I spend 80% of my life off line... off the grid, as I live in a remote area, power produced by wind/water. Is CS5 or 6 still available? I hate cloud based applications too.. any help here ??

  okay... try #3... I spend 80% of my life off line... off the grid, as I live in a remote area, power produced by wind/water. Is CS5 or 6 still available? I hate cloud based applications too.. any help here ??

  Yes, you can buy CS6, PC or Mac, Standard or Extended. Here is the purchase page.
  Creative Suite 6
  You will need to download it and your email receipt will have the serial number. Plus the serial number will be stored with under under your account should you ever lose the email or the number.
  Gene

• Service Accounts for Reporting Service in SQL Server Failover Cluster setup

  I am setting up 2 Report Services (SSRS) in SQL Failover Clustering (Version: 2012SP1) on Windows 2012, as part of scale out architecture.
  There are 2 options to configure the service account for SSRS:
  Option 1) Using domain accounts, as what I have done for DB Engine and SQL Agent.
  Option 2) accept the default, which is virtual account for SSRS. Per documentation URL:
  http://msdn.microsoft.com/en-us/library/ms143504.aspx
  which is the recommended one? is it option 2?
  There is security note on above URL as well, but does not clearly mention that option 1 is not recommended.
  Security Note:  Always run SQL Server services by using the lowest possible user rights. Use a MSA or  virtual account when possible. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead
  of a shared account for SQL Server services. Use separate accounts for different SQL Server services. Do not grant additional permissions to the SQL Server service account or the service groups. Permissions will be granted through group membership or granted
  directly to a service SID, where a service SID is supported.
  Thanks very much for your help!

  Hi Luo Donghua,
  In SQL Server Failover Cluster Instance, personally two options can run well. If you use the virtual account for SQL Server Reporting Service. Virtual accounts in Windows Server 2008 R2 and Windows 7 are managed local accounts that provide the features to
  simplify service administration. The virtual account is auto-managed, and the virtual account can access the network in a domain environment.
  Of cause, you can also use domain accounts in your clustering. 
  Just make sure your service account is set up here, or that it is using a proper built-in account.For more information, see:http://ermahblerg.com/2012/11/08/cluster-ssrs-in-2008/
  Thanks,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• Service Account for SQL Server Agent on SQL Server 2008 R2

  This SQL Server instance is SQL Server 2008 R2 (10.50.4000).  We had Active Domain Service accounts created to run the service accounts for SQL Server and SQL Server Agent.
  It has become company policy to alter the service accounts that run SQL Server and SQL Server Agent.  Currently, both were running under the Local System Accounts.  We have altered the SQL Server but we are having issues with the SQL Server Agent. 
  I am told by another DBA that
  "The agent is requiring elevated rights.  It will startup if it has local admin rights, but not with domain accounts without admin rights."
  So I was wondering if anyone has come across this issue and how did they resolve it.
  lcerni

  "The agent is requiring elevated rights.  It will startup if it has local admin rights, but not with domain accounts without admin rights."
  This is completely not true. It is indeed possible to run agent as a domain account without giving it local admin. Chances are you'll need to update the local acls by adding the account to the local security groups. Please see this article for more information:
  http://technet.microsoft.com/en-us/library/ms143504(v=sql.105).aspx
  Edit: In addition, it'll need rights to SQL server for that account to connect and do its work. It will need to be given sysadmin:
  http://technet.microsoft.com/en-us/library/ms191543.aspx
  Sean Gallardy | Blog |
  Twitter

• Service Accounts for Browser Services and FD Launcher (Full-text Search)

  I am setting up SQL Failover Clustering (Version: 2012SP1) on Windows 2012. There are 2 options to configure the service account for Browser Services and FD Launcher :
  Option 1) Using separate domain accounts, as what I have done for DB Engine and SQL Agent.
  Option 2) accept the default, which is  local service for
  browser, and virtual account for
  FD Launcher. Per documentation URL: http://msdn.microsoft.com/en-us/library/ms143504.aspx
  which is the recommended one? is it option 2?
  There is security note on above URL as well, but does not clearly mention that option 1 is not recommended.
  Security Note:  Always run SQL Server services by using the lowest possible user rights. Use a
  MSA or
  virtual account when possible. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead of a shared account for SQL Server services. Use separate accounts for different SQL Server services. Do not
  grant additional permissions to the SQL Server service account or the service groups. Permissions will be granted through group membership or granted directly to a service SID, where a service SID is supported.

  Hi Luo Donghua,
  In SQL Server Brower, the default logon account is NT Authority\Local service and cannot be changed during SQL Server setup.SQL Server Browser is not a clustered resource and does
  not support failover from one cluster node to the other. SQL Server Browser should be installed and
  turned on for each node of the cluster. SQL Server Browser should be run in the security context of a low privileged user to minimize exposure to a malicious attack.
  You can change the account after the setup has been completed; For more information, see:http://msdn.microsoft.com/en-us/library/hh510203.aspx.
  In SQL Server full text filter daemon launcher, on Windows Vista and Windows Server 2008, the FDHOST Launcher service account also defaults to LOCAL SERVICE. If you provide a domain account in which to run the FDHOST Launcher service, we highly recommend
  that you use a low privilege account. On Windows 7 and Windows Server 2008R2 , we use Virtual Account or Managed Service account(MSA) in FD Launcher . We also need to note the account you used for
   FD Launcher should be different from the account that you use for the SQL Server service. For more information, see:
  http://msdn.microsoft.com/en-us/library/cc281953(v=sql.100).aspx
  So I recommend you use the option 2 to configure the service account for Browser Services and FD Launcher.
  Thanks,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• ECATT for ITS based applications

  Is eCATT recordings / testing possible for ITS based applications?. If yes, could you please list out the limitations also if possible.
  I for sure know that eCATT does not support BSP applications but about ITS .... I m not sure
  Hoping for some replies ....
  Btw, are there any other tools out in the market that help in the testing of ITS based applications?
  How about Watir? (Refer : /people/justin.ramel/blog/2006/07/28/automated-functional-testing--part-1-of)

  Hey Guyzz....
  Thanks for your inputs on other integrable tools (certified by SAP too) with eCATT for testing SAPGUI with HTML (ITS).
  Justin, Did you setup worksoft certify with ecatt for ITS applications?. Also, can it support recordings of BSP and webdynpro applications?.
  Thnx in advance!

• Creating Service Accounts For Components of SQL Server

  Hello , am trying to install SQL Server 2014 on a windows  8 but dont know how to create the service accounts for the various components . 

  Hello , am trying to install SQL Server 2014 on a windows  8 but dont know how to create the service accounts for the various components . 
  Hi,
  You need to refer to below BOL article
  Configure service account
  Service account setup
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
  My Technet Wiki Article
  MVP

• Service account for Windows Update sync

  Hi all,
  I would like to know if it's possible to change service account used by WSUS 2008R2 SP1 to sync with Windows Update servers, and if so how.
  Thanks. Have a good day.
  FXE

  Hi,
  Do you want to use the different account for the WSUS management? Is so, that account must be a member of either the WSUS Administrators or the local Administrators security
  groups on the server on which WSUS is installed in order to use the WSUS console.
  The related KB:
  Step 4: Configure and Synchronize WSUS
  http://technet.microsoft.com/en-us/library/cc708455(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Do we need separate Unattended service account for each SharePoint Server 2013 BI service applications?

  SharePoint 2013 - I'm planning to use 'unattended service account' method of Secure Store Service - for Excel, Performance Point and Visio services. I'm about to create Active directory accounts for them.
  Question: Do we need separate Active directory accounts for each service
  DomainName\ExcelUnattendedAccount
  DomainName\PPSUnattendedAccount
  DomainName\VisioUnattendedAccount
  (or)
  Can I have just one Active Directory account DomainName\SharePointUnattendedAccount ?
  Are there any drawbacks having a single account? Any best practice around this? For all the three services the data sources are going to be the same. 
  Subash.S

  Security is the only reason you would separate accounts (as these accounts must have access to the source data). There should be no other drawbacks.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Managed Service Accounts for Cluster

  Hi,
  Is it possible to use a MSAs for a 2012 FCI on windows 2008 R2?  Since a MSA can only be associated with one computer, you would have to use multiple MSA accounts, but I've not heard about using service accounts with different names to run a clustered
  SQL service.
  Thanks,
  Sam

  Hi sam_squarewave,
  We can configure the SQL 2012 standalone instance to utilize the new Managed Service Accounts feature in Windows 2008 R2. Usually
  setup the MSA in Active Directory,
  install the MSA on the target server and change the SQL Service account. The managed service account is designed to provide crucial applications such as Exchange Server and IIS with the isolation of their own domain accounts, it should not support
  with SQL 2012 Failover Clustered Instances(FCI). For more information about Managed Service Accounts (MSA) and SQL 2012, you can review the following article.
  http://blogs.msdn.com/b/arvindsh/archive/2014/02/03/managed-service-accounts-msa-and-sql-2012-practical-tips.aspx?PageIndex=5
  In addition, when you configure Windows Failover Clustering for SQL Server (Availability Group or FCI), if you want to other accounts,
   the accounts and permissions required to create and maintain your HADR solution. For guidance configuring the required account permissions for WSFC clusters and clustered services, see Failover Cluster Step-by-Step Guide: Configuring Accounts
  in Active Directory (http://technet.microsoft.com/en-us/library/cc731002(WS.10).aspx).
  There is detail about configure Windows Failover Clustering for SQL Server (Availability Group or FCI) with Limited Security, you can review it.
  http://blogs.msdn.com/b/sqlalwayson/archive/2012/06/05/configure-windows-failover-clustering-for-sql-server-availability-group-or-fci-with-limited-security.aspx
  Regards,
  Sofiya Li
  If you have any feedback on our support, please click here.
  Sofiya Li
  TechNet Community Support

• JRE1.6 in Windows Vista for Swing based application

  Hi,
  I am running a Swing based and applet based application in Windows VISTA using JRE 1.6_U13. The text font is appearing bold in JRE 1.6_U13 whereas it is appearing normal while using JRE 1.5, though the style of the Font
  is "SansSerif", PLAIN and size 12 for both JRE 1.6 and JRE 1.5.
  Reason for the Issue:
  Swings follows the concept of taking the display values from the Windows UIManager(). The UIManager consists of keys and values. The values for the keys change from OS to OS. As a result, if the UIManager key values are not overridden with the customized values, the display will change from OS to OS. Hence the issue has occurred.
  Analysis:
  Case-1:
  1.     CALM is setting the font style to “Font("SansSerif", Font.PLAIN, 12)”.
  2.     This font is being set to the Label and Text components in swings.
  3.     The font class consists of Font.PLAIN argument whose value is 0 as per the java API.
  4.     This value can’t be changed.
  5.     Hence we couldn’t solve.
  Case-2:
  1.     We tried to get the key value for the key “Label.font” and tried to override its value.
  2.     But then the issue is with the Font.Plain which is one of the arguments in Font object.
  3.     Hence couldn’t achieve it.
  Case-3:
  1.     We thought of creating a new font where in we can have control over the weight and width of the text. Then set this font to respective key of the UIManager.
  2.     Here the weight indicates the bold thickness. As a result of which we thought of changing the weight.
  3.     But then the options that we have in the API are less and the least weight value is “TextAttribute.WEIGHT_EXTRA_LIGHT” which is equal to “0.5”.
  4.     This value is not sufficient as the boldness of the text is comparatively more than the text that is appearing in jre-1.5.
  5.     Then we tried to give the value manually, instead of using the API. But then, it was mentioned in the API that any values mentioned other than the ones specified in the API will be rounded to the nearest integer.
  6.     By doing this we have customized the boldness of the Label, but could not achieve the required boldness of the Label.
  Please need a urgent solution.

  Hi,
  The reason of the problem is Antialiasing effect of the graphics. In Control Panel -> Performance Information and tools -> Adjust visual effect, if the 'Smooth edges of screen font' is unchecked then the boldiness of the font or the Antialiasing effect is not there.
  But this effect is reflecting not only on my swing based and applet based application but also on the whole system.
  I tried to call the renderingHint method and change default value of the key KEY_TEXT_ANTIALIASING to VALUE_TEXT_ANTIALIASING_OFF, to make the antialiasing effect off for the application.
  I implemented the below code:
  Graphics g= new Graphics();
  Graphics2D g2d = (Graphics2D)g;
  g2d.setRenderingHint(RenderingHints.KEY_TEXT_ANTIALIASING,
  RenderingHints.VALUE_TEXT_ANTIALIAS_OFF);
  But I am not able to create an object of Graphics.