Entered Domain Credentials for SQL Simple Authentication Run As Accounts

Similar Messages

• Download for SQL Server machine running Windows Server 2008 Enterprise SP2

  I am confused what 11g product to download and how to configure for the above server. I just need for SQL Server 2008 to be able to communicate with some Oracle databases. I don't need to manage the Oracle database, nor do I need to create one. I just need to be able to create linked servers, use SQL Plus, and create some SSIS or DTS packages that will bring Oracle data into the SQL Server. I think I just need the client, but for 11g, I see it is less than 1GB in size. I am afraid I may be missing something because I thought the client downloads were about 2GB, but the 2GB downloads are not called "client". This is a 64bit machine running an Intel Xeon X7460 chip.
  Our server has a C:\, D:\, and E:\ drive on it. The data (.mdf) is on drive E:\. The normal environment is on C:\ like usual. I also need to know if I need to set environment variables which I read about, but am not sure how to set them and make them stay, or if the software does that.
  As an aside, I tried installing a 10g on there that the DBA downloaded and could never get it to work, although I was successful in getting tnsping to work, but SQLPlusW would close on me when I tried to connect and SQLPlus failed with some error but can't remember what right now. I uninstalled it. I think it may have been the wrong download.
  I would appreciate any info at all, even if you don't know about everything said here.
  I have a link here where I think I am close, but I still am not sure. Let me know if this is correct and which link to click. If I am wrong, please provide the correct link if you can. Thank you.
  [http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112010-win64soft-094461.html]
  Edited by: user486992 on Oct 20, 2010 11:07 AM

  Hi,
  To integrate Oracle with SQL server you need the following
  Install Oracle 11g Release 2 client software
  Install Oracle 11g Release 2 ODAC software
  Restart SQL services
  Configure OraOLEDB.Oracle provider
  Create linked server
  Add remote logins for linked server
  see this links
  http://www.mssqltips.com/tip.asp?tip=1433
  http://www.easysoft.com/applications/oracle/database-gateway-dg4odbc.html :)

• Using Weblogic LDAP JAAS credentials for 3rd party authentication

  Hello to all!
  I'm posting this question because I'm developing a software layer that will connect a weblogic based web application, with LDAP authentication, to a 3rd party application, also with LDAP authentication, and I'm having difficulties in getting a <b><i>javax.security.auth.Subject</i></b> object from the weblogic server.
  I already have a way of doing it, but it requires that a username and a password exist in some sort of storage, in order to work (either hardcoded (which is to be avoided as much as possible) or stored in a file (which is to be avoided if possible, but if nothing better exists...)).
  I'm using a Weblogic 11g server, with LDAP authentication (LDAP provider placed in last at the provider list, with flag SUFFICIENT) and I'm developing the software layer using Oracle's jDeveloper 11g Release 1.
  Now, this 3rd party application requires a <b><i>javax.security.auth.Subject</i></b> object in order to perform authentication.
  How do I get this from the weblogic server ?
  Of the following approaches, can you tell me which are the most correct ones ?
  <ul>
  a)<b>
      LoginContext lc = null;
      try {
          lc = new LoginContext("<JAAS instance name>");
          lc.login();
      } catch (LoginException e) {
          e.printStackTrace();
      javax.security.auth.Subject subject = lc.getSubject();
  </b>
  </ul>
  <ul>
  b)<b>
      LoginContext lc = new LoginContext("<JAAS instance name>"
          new MyClass.CallbackHandler(userid, password));
      lc.login();
      javax.security.auth.Subject subject = lc.getSubject();
      javax.security.auth.Subject.doAs(subject, myClassObject);
  </b>
  </ul>
  <ul>
  c)<b>
      javax.security.auth.Subject subjectA = weblogic.security.Security.getCurrentSubject();
      subjectA.doAs(subjectA, myClassObject);
  </b>
  </ul>
  Thanks in advance,
  Nuno B.

  Here is a document on Monitoring and Reporting Tool Integration into Network Admission Control.
  http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd801dee49.shtml

• Proper way to make bulk changes the Owner ID, Path and file share credentials for my existing subscriptions, ExtensionSettings

  We are going through with an upgrade/migration to SSRS 2012 and moving everything to a different domain. We have about 200 active subscriptions running, the reports are being delivered to a file share.  What is the correct way, in bulk, to change
  the OwnerId, the Path and the FileShare Username password credentials for these subscriptions?  I see these values are being stored in Subscriptions > ExtensionSettings.  I see that the file share path and Owner wouldn't be a problem to change,
  but since I see the file share credentials are encrypted I would not be able change them directly in ExtensionSettings.  Anyone know the proper way to change the Owner ID, Path and file share credentials for my existing subscriptions without having to
  change each one of them manually in the report manager?
  Note: Reporting Services Native upgrade from SSRS 2005 to SSRS 2012.
  Thanks in advance.

  Hi Cygnus46,
  Based on my understanding, you want to change the Owner ID, Path and file share credentials for all existing subscriptions.
  In Reporting Services, the subscription information are stored in the Report Server database. In your scenario, you can go to report server database and run the query to list all the subscriptions, then modify the owner and fileshare paths in the subscriptions
  table. For more information, please refer to this article: Tip: Change the Owner of SQL Reporting Services Subscription. If you want to change
  the file share credentials for subscriptions, you can run the query provided by
  wiperzeus from this similar thread:
  Windows File Share Delivery/ SSRS 2008 R2.
  If you have any question, please feel free to ask.
  Best regards,
  Qiuyun Yu
  Qiuyun Yu
  TechNet Community Support

• Why is Domain required for an identity in the FIM Service?

  I have a scenario where FIM is managing identity, but not all identities have an Active Directory account. I have a flag in the FIM Portal (Service) that indicates if a particular
  user is entitled to an AD account or not. My provisioning setup adds or removes the AD account as appropriate. To support FIM Portal activities for those that do have AD accounts, I populate AccountName, Domain, and ObjectSID in the FIM Service from their
  corresponding attributes in AD.
  What I have noticed is that it does not seem possible to null out or delete the Domain attribute for a user in the FIM Service. I can delete the attributes for both AccountName
  and ObjectSID without issues.
  When attempting to remove the Domain attribute for a user I get the following in the event logs:
  Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain'
  expects parameter '@domainName', which was not supplied.
  I assume that something internal to the FIM Service is trying to do some magic with validating the domain name and the domain configuration. I did found a post saying, “Yeah,
  you have to populate Domain”:
  http://social.technet.microsoft.com/Forums/en-US/f207caa9-3a6f-4f2d-8461-a83777280803/fim-service-ma-export-failedmodificationviawebservices-error?forum=ilm2
  My question is why is Domain required for a user? It is obviously needed for users that have AD accounts an must authenticate with the Portal, but in the case where a user
  does not have an account (and therefore does not have a domain), it feels odd to store the incorrect data for the user. It also looks weird when you bring up list of users in the portal and see domain values for users that do not have accounts. In this particular
  case, the client has many domains and does have the Domain and AccountName attributes displayed on the user search results page.

  Hi Henry,
  Using another domain attribute and workflow to maintain the actual Domain and DomainConfiguration is a good suggestion, thanks.
  My original question still stands however... Why is Domain required in the FIM Service?
  It is sounding like the answer is "It is not really required on it's own, but there is an internal process that requires it if there is a value for DomainContext set (and there is some magic that sets DomainContext, so you have to manually clear it.)"
  Since DomainContext is automatically set when a client writes a value to Domain. I would suggest that it is a bug that DomainContext is not automatically cleared when Domain is cleared.
  I poked around a bit and the bug can be fixed by changing the stored procedure definition to allow null parameters. In the FIM Service database the stored procedure [fim].[GetDomainConfigurationIdentifiersFromDomain] has a parameter declaration of "@domainName
  NVARCHAR(448)". If this is changed to "@domainName NVARCHAR(448) = null" the problem appears to be solved.
  Making this change would of course be totally unsupported, but perhaps it can be included in a future product update.
  For now I will use Henry's workaround, or just live with potential out of date Domain data.
   Thanks

• Accidentally deleted APM Run As Account

  Hey
  While deleting some test Run As accounts, I accidentally deleted the APM Run As Account that gets automatically created. Is there a way to restore this account? I was going to try and re-create it, but I never entered any credentials for it.
  In my test environment, I installed APM and noticed that the account gets created once you start monitoring an application. The credentials for the account are a Binary Account File type with encrypted binary data.
  Any suggestions with how I should proceed?
  Thanks!

  Fixed the issue. Here's what I had to do:
  1. Delete the Run As PROFILE (entitled 'APM CSM Encryption Profile') that was looking for the deleted Run As "APM Account" (pictured above). Once I deleted it that action propagated to all the clients to stop looking for that account to authenticate
  as. I believe this is due to the nature of the account (See: Distribution tab: Less Secure - distributes to ALL managed computers).
  2. Once that profile was deleted, all the alerts entitled: "System Center Management Health Service Credentials Not Found Alert Message" were closed. 
  3. To get the account & profile back, all I had to do was the following: I noticed in my test lab that the APM account and APM CSM Encryption profile get created NOT when you import the APM management back, but once you SETUP your first .NET Application
  to monitor. After the setup of an application to monitor, those accounts get created and linked together. Since I already had a production APM monitor set up, all I had to do was open the properties of the .NET application from the Management Pack Templates
  view, and click Apply again. It sat there for a few moments processing the completion (one of the tasks obviously is creating those accounts if they do not exist), and then the wizard closed. Once closed, I verified the account and profile were created and
  watched the OpsMgr Event log populate as it propagated this account to all managed computers.
  Hope this helps someone if they encounter this in the future!

• Query on Run as accounts

  Hi,
  We are Have SCOM 2012 R2 environment and default agent action account used is local system. I would like to clarify below points on Run as accounts.
  1) Permissions and rights required for SQL run as account.
  2) Permissions and rights required for the Cluster Run as account.
  3) Permissions and rights required for the Exchange 2013 run as account.
  4) Permission and rights required for the AD run as account.
  All the agents in our environment is running with Local system.

  Hi 
  in addition, it is good practice to install agent with Local Account and configure application specific account as run as account.
  refer below link on run as account :
  http://blogs.technet.com/b/kevinholman/archive/2010/09/08/configuring-run-as-accounts-and-profiles-in-r2-a-sql-management-pack-example.aspx
  Regards
  sridhar v

• SSO Authentication asking us to enter credentials for the first time.

  Hi Experts,
  We have implemented SSO using kerberos authentication to our Windows ADS Server. It was working fine quite for few months and able to loging in without entering the credentials.
  Now, after every restart of my PC (client machine) it asks for the user credentials for once. After that it is not asking for credentials again.
  Its asking once only when i restarted the machine.
  Could anyone help me to resolve this. we dont want to enter the credentials atleast for once also.
  We are on Netweaver 2004s SP17.
  Thanks in advance
  Best Regards
  Sunil

  Hi Sunil,
  one idea would be to check whether you have all the necessary Kerberos Tickets, especially the Ticket Granting Ticket (TGT).
  A tool for this check is klist which is part of the MS Windows Resource Kit.
  You would kave to copy klist to your client, open a cmd box, jump to the directory where you have copied klist, and enter klist tgt to check the tgt, and klist tickets to check the service tickets.
  Best regards,
  Jochen

• Windows authentication for SQL Server

  We have a SQL server 2000 resource that we are provisioning to from IdM 7.1. The account to connect to Dev environment SQL server is set up for windows authentication. Lets say this account is Domain\user1. For development purposes, I am using my local machine (running tomcat 5.5) to connect to DEV environment and i logon to my machine as Domain\user2.
  Using SQL Enterprise Manager, i can do a "run as" and ask it to connect to the Dev environment as 'Domain\user1' and it works fine.
  Can i do something similar from IdM . I have tried putting in sqljdbc_auth.dll in the path and turning on the integrated security option in the connection string. However, as expected, it starts using 'Domain\user2' credential (even if I specify Domain\User1 credentials in the connection parameters).
  I would like to be able to use an account other than the user who is logged into the machine to establish connection from IdM to SQL server using windows authentication. Any thoughts?
  Thanks in advance.

  Hi All,
  I am trying to create a data source in oracle console by connecting to SQl server 2008 database using windows authentication.I am able to connect to database using SQL Server Authentication,but
  When i try to connect using Windows Authentication,I am getting errors.
  Please help me in finding a solution.
  Thanks,
  Krishna Gaddam
  To connect to oracle you need to use login created in oracle database. there is no windows authentication in oracle. As Olaf said please post this question in Oracle forum or search web you will find answer
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.
  My TechNet Wiki Articles

• Gtksql pkgbuild. Simple GUI for sql queries.

  This is simple program for running sql queries. I made this pkgbuild some time ago but I'm not sure how much it is good. Gtksql should support both mysql and postgresql but postgresql support is broken (probably to old). Developer promises a brand new gtk2 based application. We will see...
  Since I can't make this pkgbuild any better I'm just posting it.
  gtksql PKGBUILD
  pkgname=gtksql
  pkgver=0.4.2
  pkgrel=1
  pkgdesc="Gtk front-end for sql queries"
  url="http://gtksql.sourceforge.net/"
  depends=('lua' 'gtk')
  makedepends=('mysql')
  source=(http://dl.sourceforge.net/sourceforge/gtksql/$pkgname-$pkgver.tar.gz)
  md5sums=('a0ba598027cd49f69f951a31342b51fd')
  build() {
  cd $startdir/src/$pkgname-$pkgver
  ./configure --prefix=/usr
  --with-mysql
  --with-lua
  make || return 1
  make prefix=$startdir/pkg/usr install

  Hello:
  I'm trying to do add a calculated variable to my view that isn't an Entity
  Attribute, its simple really but i don't know if I'm leaving something out or
  not.
  I add the "new Attribute" , call it nCompleted, type - number
  I then check off everything as is required(as documented in Help)
  for an Sql Derived Attribute, the following code is entered in the
  Expression Box :
  Select group_services.office, count(client_group_services.clnt_group_services_id) as nCompleted
  Where group_services_id=client_group_services_id(+)
  And client_group_services_id.result="Completed";
  It isn't working, what am I missing???? Sheena:
  It probably isn't working because of missing 'group by' clause. I don't know the exact detail of your query statement, but suppose you want to count number of employees in a dept, then you're query should look like:
  select dept.deptno, dept.dname, count(emp.empno) as nCount
     from dept, emp where dept.deptno = emp.deptno(+)
     group by dept.deptno, dept.dname  // This group-by is important
  OR if you want to use nested SELECT
  select dept.deptno, dept.dname,
     (select count(emp.empno) from emp where dept.deptno=emp.deptno(+)) as nCount
     from dept

• SCCM 2012 MDT 2012 UDI Require domain credentials to run task sequence

  We are in the process of moving to SCCM 2012 integrated with MDT 2012 for OSD from using MDT 2012 by itself. We're trying out UDI task sequences and have noticed a pretty gaping hole in functionality vs MDT 2012 by itself: password protecting a task sequence.
  In MDT 2012 there was a built-in feature that required domain credentials to run a task sequence. If one exists using SCCM/MDT 2012, I haven't been able to find it. I've only found stuff like this http://www.windows-noob.com/forums/index.php?/topic/2336-password-protect-a-task-sequence/ which
  would allow you to set a password, but not authenticate against AD. So, I'm wondering if there are any options to protecting a task sequence with domain authentication?
  My understanding is that the Refresh and Replace StageGroup only run when you kick off a UDI task sequence in Windows. That means I have to make a task sequence available to the Configuration Manager Client in order for a tech to run a Refresh/Replace. And,
  that in turn means that the UDI task sequence will be visible to all users since it needs to be available to their computer. Or, am I completely missing how UDI OSD should flow?  If so, then I hope someone can correct me.
  I'd appreciate any help or advice you can give. Thanks. 

  Hi,
  I am sorry to say that you are correct in your conclusions. There is no builtin way in ConfigMgr/MDT/UDI to require a domain username/password to run a task sequence, your option from Windows-noob.com is one way of solving it.
  Regards,
  jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec
  Thanks for the info. What about workflow? How do you usually handle UDI in Replace and Refresh scenarios? Do you deploy the task sequence to collections that users can access?

• SMB printer authentication by domain credentials

  On our network, the Macs are set up to authenticate with Active Directory. Our printers are accessible through SMB shares from our Windows print server. Our help desk recently brought up an issue with this, though.
  When users first try to print to a printer, they are shown a prompt asking for their username and password (http://imgur.com/j6fp7). Mac OS X fills in their pretty username ("John Smith") instead of their domain username ("smith"). Users assume this is correct, try to authenticate, and then call the help desk when the printer doesn't print their stuff.
  As we've learned, the correct format for authentication is "DOMAIN\username", but since it's unintuitive, it almost always leads to a help desk call. Even worse, because the authentication isn't visibly rejected (the printer just won't print), the keychain will now store the user's incorrect credentials, leading to even more confusion. When you pile on our 270-day mandatory password reset policy, now the users' keychains have multiple sets of invalid credentials for the same printer, and they're calling back every several months about the same issue.
  There are several ways to approach this, but I'm not sure which would be best. I've been trying to Google up a solution, but no luck. Is there any way to get Mac OS X to show the prompt with the domain field instead (http://students.jccc.edu/documents/images/osx-smb_login.jpg)?

  Hello and welcome to Apple Discussions.
  I don't have a solution but a suggested workaround. Instead of using SMB to connect to the Windows shared printers, you could enable Unix Print Services on the Windows print server and then use LPR for the Mac print queues. This avoids the need for the Mac users to authenticate when printing.
  With the Mac client the LPR queue would consist of entering the Windows server name or IP address for the host name and the Windows printer share name for the LPR queue.

• Unable to enter a Division for which I have proper credentials, via the GUI

  I have a Division which I am unable to enter, either as a student or as the full site Administrator, from the GUI.
  When I log into the main Site page, I see the link for the Division (as I should - I have DOWNLOAD permissions for the Division). However when I click the link (the thumbnail image) I am always, 100% of the time, rejected and sent to the login page. Ignoring that, I still have all of my proper credentials and may continue to freely access other parts of the site.
  In the past, I had this exact behavior on (1) a Division "RobotCourses:PSYC" (Psychology), and (2) my main site breadcrumb, which appears at the top of the site page to the right of the "iTunes U" breadcrumb and says "Maiko Covington @ University of Illinois..." For reasons completely unknown to me, this behavior resolved itself yesterday, clicking both of those objects works as expected, although NO one at our site with any edit access did anything on the server.
  However, the same behavior has now reappeared, this time on a Division "RobotCourses:CLCV" (Classical Civilizations). Again, I have not done any editing of that Division, nor had anyone logged into it (these Divisions are in a test area where I am developing automation tools).
  I am, quite frankly, stumped. But I've done some investigation.
  SETUP:
  The Division has identity "RobotCourses:CLCV".
  This Division contains a single Course with identity "RobotCourses:CLCV:CLCV115:CLCV115All-13564".
  Both the Division and the Course are restricted to properly registered academic students. I have developed automation code in a login portal which grants credentials for RobotCourses:CLCV to students registered for courses in the CLCV department (Classical Civilizations) and credentials for RobotCourses:CLCV:CLCV115:CLCV115All-13564 to students registered for CLCV 115 (Classical Civilizations 115 - Mythology of Greece and Rome) specifically.
  The Permissions set on RobotCourses:CLCV in particular are:
  <Permission>
  <Credential>Authenticated@urn:mace:itunesu.com:sites:illinois.edu</Credential>
  <Access>No Access</Access>
  </Permission>
  <Permission>
  <Credential>gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV</C redential>
  <Access>Download</Access>
  </Permission>
  The point is to deny access to Authenticated@ (merely authenticated students) and then specifically grant it for people given a "gakusei" credential for RobotCourses:CLCV in particular.
  (Note here that "gakusei" is a Japanese word meaning "student," I am using it in my credentials to ensure that my credentials and permissions are not affected by other credentials named "student" set at upper levels and used by some live users of the site, as we do not have a segregated development environment. It is our lowest level of access beyond mere Authenticated@..., designed to give students access to download and "surf to" Divisions and Courses.)
  *LOGIN: ISSUING CREDENTIALS:*
  The login portal code works successfully, and so when a student "Jane Doe" logs in, she is in fact given appropriate credentials (as she is actually registered for CLCV 115 here at UIUC). From the code generating her login URL, I see:
  Issued credentials:
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  (You can see she is also registered for STAT 100).
  With the default login URL thus generated, she is taken to the top level of the Site in iTunes, and in fact sees thumbnail links for both STAT (Statistics) and CLCV (Classical Civilizations). Clicking on STAT takes her to the STAT Division where she can then enter the Course STAT 100 with no problems.
  *PROBLEM: CAN'T GET TO CLCV FROM THE MAIN PAGE IN THE GUI*
  HOWEVER! Clicking on CLCV brings up the login page. If she ignores the login page, she can still access the rest of the site, including STAT, just fine. Logging in again (reissuing her credentials) does not help the situation.
  Note that this is not a problem only for Jane Doe, the same thing happens for anyone in CLCV and in fact happens for me as Administrator of the whole site with full access, even.
  *ACCESS DIRECTLY TO THE DIVISION BY URL WORKS*
  With a slight modification to the login to allow access directly to the RobotCourses:CLCV Division (by adding the handle of the Division to the end of the location), credentials are issued exactly as before:
  Issued credentials:
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  and she is taken to the Division page, SUCCESSFULLY. So, it seems she actually HAS access, as expected.
  *ACCESS CONFIRMED WITH DEBUGGING:*
  Writing some code to generate not the actual login URL but rather a link that takes me to an "iTunes U Access Debugging" page for the Division (figured this out by reading some other posts! :)) I am taken to a page with the following:
  (at generated URL https://deimos.apple.com/WebObjects/Core.woa/Browse/illinois.edu.1945806043/xxx5 64?credentials=....)
  Received
  Destination illinois.edu.1945806043
  Identity "Jane X Doe" <[email protected]> (jxdoe) [xxxxxxxxx]
  Credentials gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV; ​ gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564; ​gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT;​ gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  Time 1236877947
  Signature 42ccef92a3298684a7a09eed45adb6b788a700c01645b8b423d33ace120650b0
  Analysis
  The destination string is valid and the corresponding destination item was found.
  The identity string is valid and provides the following information:
  Display Name Jane X Doe
  Email Address [email protected]
  Username jxdoe
  User Identifier xxxxxxxxx
  The credential string is valid and contains the following 4 recognized credentials:
  1. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  2. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  3. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  4. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  The time string is valid and corresponds to 2009-03-12 17:12:27Z.
  The signature string is valid.
  Access
  Because the received signature and time were valid, the received identity and credentials were accepted by iTunes U.
  In addition, the following 2 credentials were automatically added by iTunes U:
  1. All@urn:mace:itunesu.com:sites:illinois.edu
  2. Authenticated@urn:mace:itunesu.com:sites:illinois.edu
  With these credentials, you have browsing and downloading access to the requested destination.
  (In case you think to check the sums, be aware I've actually changed the student's name for this example.)
  So, as expected, I have access, in fact the student DOES have access, visiting the Division page directly (specifiying its handle as part of the desired location).
  *IT'S ONLY CLICKING THE THUMBNAIL ON THE MAIN PAGE THAT BREAKS*
  Because the problem is only apparent when clicking the icon for the Division on the main Site page, I have no way (that I know of) to get any information about precisely WHAT is going on, what possibly differs in the GUI-click situation from the "generate me a URL that takes me right there" situation.
  At that point I'm fully in the GUI, I'm not sending anything via web services, so I have no idea how I can proceed to debug this from here.
  I'm also quite confused at the sudden appearance of this behavior, and the disappearance of this behavior from RobotCourses:PYSC, another Division that was broken in this same way all last week but which magically resumed allowing me access yesterday.
  Any suggestions, hints, or advice would be very welcome. Has anyone else even seen behavior similar to this?
  Thanks for any information you might have.

  Maiko,
  I'm confess I'm still trying to get a handle on your problem. You do a fantastic job of describing it ... but I'm just trying to picture it accurately in my head.
  I think, were I in your shoes, I'd begin by looking at what the debug page has to say for the specific destination in which you're interested in fixing. In other words, I'm not clear on where, exactly, this destination points ...
  Destination illinois.edu.1945806043
  Is that your site, or the division within your site that you want to fix? "Normally", you do not need to specify a site handle to get to your site within your transfer CGI ... if you say "uillinois.edu", it's enough to transfer your users to iTunes U ... but every site still has a handle, and you could, if you wanted to, actually specify it in your transfer CGI. For example, this:
  Destination uic.edu.1139051993
  is for my entire site ... it's my site handle. Whereas this:
  Destination uic.edu.1991288441
  is for a division within my site ... but it's impossible to tell the difference between "site" and "division" from just the handle (I mean, if I didn't say "this is a site" and "this is a division", there'd be no way for you to know). So when I look at your creds and permissions on your debug page, I can't quite tell if they give you download access for your site, or for the specific division you want to fix. If you could open the debug page with your division as destination (or confirm that that's what we're looking at), it'd rule out some things.

• How to Create a SQL Agent Job For A SSIS Package with Sql Server Authentication

  Hi ALl,
  I have a SSIS package which basically has a data flow task in which i pull the data from one server and copy it into another server and my source server is the one where i dont have windows authentication and i have to only use a sql server authentication
  . This package runs fine if i click the server connection properties type the password and save it.
  Now, my task is to set up a sql agent job which basically uses a proxy account and takes this package from the file system and runs it.But when i try to run this package, its failing with an error saying 
  "Login Failed For rpt5user" where rpt5user is the username for my sql server authentication of the source connection.
  Can someone please help me with any suggestions on how to do this?
  I have heard that we can achieve it by using xml config file which i have never used and i am trying to google around but for no luck.
  So, If someone can please throw any suggestions or ideas on this it would be great.
  Thanks

  You need to add password as a config item and set it from the file source or sql table
  see this as an example
  http://blogs.msdn.com/b/runeetv/archive/2009/12/22/ssis-package-using-sql-authentication-and-dontsavesensitive-as-protectionlevel.aspx
  Please Mark This As Answer if it solved your issue
  Please Mark This As Helpful if it helps to solve your issue
  Visakh
  My MSDN Page
  My Personal Blog
  My Facebook Page

• Is it possible to have different authentication mode for SQL Server Database Engine and corresponding SQL Server instance?

  Hi,
  I have installed the x64 SQL Server 2008 R2 Express with default settings and run MBSA 2.3 (using default settings too). It shows three SQL Server instances: MSSQL10_50.SQLEXPRESS, SQLEXPRESS and SQLEXPRESS (32-bit). For the first, authentication
  mode is Windows, for the rest two - mixed. Here https://social.msdn.microsoft.com/Forums/sqlserver/en-US/03e470dc-874d-476d-849b-c805acf5b24d/sql-mbsa-question-on-folder-permission?forum=sqlsecurity question
  about such multiple instances was asked and the answer is that "MSSQL10.TEST_DB
  is the instance ID for the SQL Server Database Engine of the instance, TEST_DB", so in my case, it seems that MSSQL10_50.SQLEXPRESS is the instance ID for SQL Server Database Engine  of the SQLEXPRESS instance.
  I have two questions:
  1) How can it be that SQL Server DB Engine instance has different authentication mode than corresponding SQL Server Instance?
  2) Why 32-bit instance reported although I installed only 64-bit version?
  Also, this https://social.technet.microsoft.com/Forums/security/en-US/6b12c019-eaf0-402c-ab40-51d31dce968f/mbsa-23-reporting-sql-32bt-instance-is-running-in-mixed-mode-when-it-is-set-to-integrated?forum=MBSA question seems to be related to this
  issue, but there is no answer :(.
  Upd: Tried on clean Windows 8 installation and Windows 7 with the same result.

    Because I DO NOT want the three people who will be having access to the production SQL Server to also have access to the primary host ProductionA.  Since I have to allow them to RDC into the box to manage the SQL Server, I figure why not create
  a separate VM for each one of them and they can RDC into those instead.
  Does this make any sense?
  Any tips are greatly appreciated.  The main reason for doing this is because the three people who will be accessing the box, I need to isolate each one of them and at the same time keep them off of the primary ProductionA.
  Thanks for your help.
  M
  Hello M,
  Since you dont want the 3 guys to have access to Production machine A.You can install SQL Server client .By client i mean SQL server management studio(SSMS) on there local desktop and then create login for them in SQL Server.Open port on which your SQL server
  is running for three of the machines so that they can connct.Now with SSMS installed on each machine each can connect to SQL server from there own machine.
  I would also like you to be cautious with giving Sysadmin privilege to all three of them ,first please note down what task they would do and then decide what rights to be provided.
  Your option will also work but you need to create 3 VM for that .Which is more tedious task.
  Hope this helps
  Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers