Server Access

Similar Messages

• SQL Server Agent running SSIS package fails Unable to determine if the owner of job has server access

  I have a web application developed through VS 2012 which has a button on a form that when operated starts a SQL Server agent job on the server that runs an SSIS package.  The website and the instance of SQL Server with the agent and SSIS package are
  on the same windows 2008 r2 server.  When the button is operated no exceptions are raised but the SSIS package did not execute.
  When I look in the logfileviewer at the job history of the sql server agent job I see that the job failed with message...
  The job failed.  Unable to determine if the owner (DOMAINNAME\userid) of job runWebDevSmall has server access (reason: Could not obtain information about Windows NT group/user 'DOMAINNAME\userid'<c/> error code 0x6e. [SQLSTATE 42000] (Error 15404)).,00:00:00,0,0,,,,0
  ...even though DOMAINNAME\userid is in the logins for the sql server and has admin authorities.
  Could someone show me what I need to do to get this to run?  Thanks tonnes in advance for any help, Roscoe

  This can happen when the network is too slow to allow a timely completion of the verification. Or the account running has no such right.
  I suggest you try using the SA account for the job as it does not require to poll the AD.
  Arthur My Blog

• Non-SysAdmins get error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.

  I have a SQL 2008 R2 system (10.50.4000) where I'm having problems connecting any user that is not a SysAdmin.  Example: I setup a new SQL Login to use Windows Authentication and grant that user db_datareader on the target database.  The user attempts
  to connect using Excel client or Access or SQL Management Studio and receives Error 18456.  The SQL Server Logs shows Error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  The strange part is that if I temporarily grant the user the sysadmin server role then the user can connect successfully and retrieve data.  But, if I take away that sysadmin server role then the user can no longer connect but again receives the Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  We've turned off UAC on the client machine to see if that was the problem, but no change.
  I have dropped and re-added the user's SQL Login (and the related database user login info).  No success.
  The Ring Buffers output shows:
  The Calling API Name: LookupAccountSidInternal
  API Name: LookupAccountSid
  Error Code: 0x534
  Thanks for any help.
  -Walt

  Yes, you understand correctly.  The user is logging onto a workstation (not the server) with a Windows Authenticated id.  The user is using either Excel or Access or SSMS and connecting to the server using a Windows Authenticated SQL Login account.
   If the account has sysadmin role (which is only for testing) then the connection is successful.  If I take away sysadmin role from the account then the connection is unsuccessful and the SQL Server Log shows Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  (SQL Authentication is not an option here.  I must use Windows Authentication).
  Any other troubleshooting assistance you can offer would be appreciated.  Thanks.
  -Walt 

• RE: Database (SQL-SERVER) access problem

  Have you used NT Control Panel/ ODBC to set up the ODBC data source name?
  You have to define the data source (database) SecTrade as well as the
  driver to be used (SQL Server). This can be done by selecting the Add
  button on the Data Sources screen in Control Panel/ ODBC.
  Hope this helps.
  Sanjay Murthi
  Indus Consultancy Services, Inc.
  From: Administrator
  Sent: Wednesday, August 13, 1997 6:49 PM
  To: "'[email protected]'"
  Cc: murthis; thyagarajm; thyagarm; vasasm; chandraa
  Subject: Database (SQL-SERVER) access problems
  MCI Mail date/time: Mon Aug 11, 1997 10:28 pm EST
  Source date/time: Mon, 11 Aug 1997 19:25:34 +0530
  Hi Forte-Users,
  We have a setup a Sql-Server database on a NT server. In the Forte
  EConsole,
  we have
  setup a ODBC-type Resource for this server, named SERVER2_ODBC. This NT
  server
  is configured as a Client Node in the active Forte environment. Note
  that
  Server2 is not
  the Forte server, but has Forte installed. There is another NT server
  which
  acts as the
  Forte server. NODEMGR and Sql-Server are running on SERVER2.
  In our application, we have a DBSession SO with the database source
  as SERVER2_ODBC, Userid=ForteInstructor. When running the application,
  Forte
  throws an exception, the gist of it being as follows:
  USER ERROR: (This error was converted)
  Failed to connect to database: SecTrade, username: ForteInstructor.
  [Microsoft][ODBC Driver Manager] Data source name not found and no
  default
  driver specified
  We have tried
  1) Installing ODBC drivers on the NT server (Server2)
  2) Accessing local databases from Forte clients which works fine
  3) Accessing the Sql-Server database through Isqlw (Sql-Server Client
  s/w) -
  It works.
  Could someone suggest what we should try to get rid of this problem?
  Thanks for any help,
  Kishore Puvvada

  Rajsarawat wrote:
  Dear sir/mam,
  I have installed sql server 2005 (server) and on another computer installed client. It installed successfully but on client side it does not seen, from where should i start it. so please send me procedure to install sql server 2005 on both side(client and server).You have to turn on network (external to your computer) access.
  Under programs->sql server look for "surface"

• Shared Services and Essbase Server Access Question

  Hi,
  It seems that we have to assign Essbase Server access at the individual username level and that groups don't work when it comes to Essbase Server Access. Is this correct or are we doing something wrong and groups do work with Essbase Server access? We are on 11.1.1.3 Essbase/Planning/Shared Services.
  Thanks

  You can provision Essbase Server Access via groups but it must be the very first thing provisioned and pushed to Essbase. Then after that, provision your groups with other accesses such as Planning, Reports etc....

• Token-based server access validation failed with an infrastructure error

  Hi
  We have a new Win 2008 Enterprise x64 server running SQL 2008
  When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:
  "Token-based server access validation failed with an infrastructure error"
  What needs to be configured here for this to work ?
  Thanks
  Bruce

  Hi,
  I am encountering the same error message but it is more around the login, this problem happens only on one server but it is fine on another three, my investigation show it is a ghost SID associated with AD user account
  Background
      1- An Active Directory (AD) account was created for a user [Domain\UserA]
      2- A SQL login was created for the account above and then granted access to a number of databases
      3- The AD account was renamed/modified to [Domain\UserB]
      At this stage the user would encounter an error when connecting to the server
      The sql log show this error message
      Error: 18456, Severity: 14, State: 11.
      Message
      Login failed for user 'domain\user'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.     [CLIENT: xxx]
  Action on Server 1 SQL (the one with the problem)
      1- Dropped the user from the databases
      2- Re-Created the login from the windows account [Domain\UserB]
      3- Created the user in the respective databases
      But the user still unable to connect to the server
  Investigation
      On server 1, the SID of the user in SYSUSERS was Matching SYSLOGINS and matches with result of SUSER_SID(Domain\UserA)
      But it does not match the SID in the AD
      The rest of the servers all have the correct SIDs
      When I use SUSER_SNAME(Incorrect-Sid) and SUSER_SNAME(Correct-Sid) on this server they both return [Domain\UserB]
      The problematic server is always returning the incorrect SID when recreating the user login and when using SUSER_SID(Domain\UserA) as if it is cached somewhere.
  I can't specify the SID when creating the SQL login because it is using the Windows account
  Your ideas on how to fix this problem are much appreciated
  Regards,
  DGL

• How to determine is it SMB - Remote SAM server access , false positive?

  How to determine is it SMB - Remote SAM server access , false positive?

  5583-0 right?
  I would say that there are different types of false positives. Do you mean, how do I determine if what what was seen actually represents an attempt to access the SAM database? I would start by looking at MySDN (or whatever Cisco is calling it these days...intellishield?). It's often not very up to date and missing information, but it's an easy thing to check. Here's the link for this sig:
  https://intellishield.cisco.com/security/alertmanager/ipsSignature?signatureId=5583&signatureSubId=0
  If you look at the benign triggers, you'll see that it suggests that this only matters if the source is external. It's up to you whether to research any further. If you really want to inspect the signature further, you'll have to add one of the "log packets" actions. This will save a network trace when it fires again and then you can open it up in Wireshark, which understands SMB and will probably decode it enough for you to verify whether it actually was an attempt to access the "Remote SAM server".

• Essbase server access role - delete DB allowed?

  Good morning everyone.
  We have provisioned a group in Planning with the Essbase server access role which grants read level access to Essbase databases.
  We have checked that a user assigned to this group can actually access Essbase DBs to execute calcscripts and report scripts and that it does not have permission to open the DB outline --but it apparently still has permission to delete a database (as seen in the following image: https://c69ee7db-a-62cb3a1a-s-sites.googlegroups.com/site/ktratsites/Home/delete_Essb_DB.png )
  As you can guess, we have not tried whether this user could actually delete an Essbase database.
  Can anyone confirm whether a user given the Essbase Server Access role could really delete an Essbase DB?
  IMHO, this should not be possible.
  Thanks a lot.
  Best regards,
  G.S.Feliu

  It will show the option to delete but if you select it then it should display "Insufficient privilege for this operation"
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Monitors: SQL Server: Access Methods: Full Scans/sec

  Hello,
  I created a Monitor:
  Monitors: SQL Server: Access Methods:
  Full Scans/sec
  It appears in Heath explorer on the servers
  but is not available in the Performance Data for the Views...
  What did I miss? I need to create a rule but which type ? linked to the monitor?
  Should I use a Rule or a Monitor or a combination?
  Thanks,
  Dom
  System Center
  Operations Manager 2007 / System Center
  Configuration Manager 2007 R2 /
  Forefront Client Security
  / Forefront Identity Manager

  Hello,
  I got on the servers the
  1200:New Management Pack(s) requested. Management group "SCOM-MED", configuration id:"68 D8 86 93 7A 48 27 13 C0 6F B2 76 3C A4 07 87 DA 53 22 7F ".
  1201:New Management Pack with id:"xxxx.SQL.Servers", version:"1.0.0.1" received.
  1207... Rule/Monitor "Microsoft.Windows.SystemCenterDPM.DPMServerDiscovery" running for remote instance "MSQLCL1SQLBU.ad.medctr.ucla.edu" with id:"{A3100D57-1657-A51E-CD3E-6ACF2679A501}" will be disabled as it is not remotable.
  Management group "SCOM-MED".
  1210 New configuration became active. Management group "SCOM-MED", configuration id:"68 D8 86 93 7A 48 27 13 C0 6F B2 76 3C A4 07 87 DA 53 22 7F ".
  still waiting ...
  1204: Management Pack with id:"xxxx.SQL.Servers", version:"1.0.0.1" is no longer used by HealthService and will be deleted from cache.
  Is this 1204 okay !!!!!
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

• How to disable SSLv3 and RC4 on Lync Server Access Edge?

  We use Lync Server 2013.
  How to disable SSLv3 and RC4 on Lync Server Access Edge?
  This solution https://technet.microsoft.com/en-us/library/security/3009008.aspx doesn't work

  Hi dizen,
  To completely disable RC4, you can create the following registry key:
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
  "Enabled"=dword:00000000
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
  "Enabled"=dword:00000000
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
  "Enabled"=dword:00000000
  For more details, please check out this KB.
  http://support.microsoft.com/kb/2868725
  Best regards,
  Eric

• Adding Essbase Server access to Planning Application group

  Hi All,
  How we can add Essbase server access to Planning Application group in Shared services ? Pls. advice

  You can't provision access against any application group.
  However, you can create and use native user groups or use external user groups and provision those groups to have acccess to Essbase and Planning.
  See this post for an example of how I like to set up groups in Shared Services for Planning:
  http://camerons-blog-for-essbase-hackers.blogspot.com/2009/08/planning-security-wrong-way-and-right.html
  The top level group I refer to in the post is where I typically grant Essbase Server Access.
  Regards,
  Cameron Lackpour

• Failed Logins - Token Based Server Access Validation Failed

  Hi All-
  I am trying to track down, well for lack of a better word (an annoyance).  I have a VM running a proprietary utility (VMware update manager) that connects to a remote SQL VM.  This connection is via a service account that from the surface has the
  appropriate permissions.  The setup and utility has been in and is working as it should.  However in our logs we are constantly seeing.
  SQL Event Viewer - Login failed for DOMAIN/REMOTESERVERNAME$ Reason: Token-based server access validation failed with an infrastructure error.  Check for previous errors [CLIENT: REMOTEIP OF REMOTESERVERNAME]
  Then in the SQL Logs I am seeing the same error and also - ERROR 18546, Severity 14, State 11
  I have read dozens of threads - pointing to UAC.  I have elevated SSMS via UAC and allowed it to run as administrator.  Also ran as admin, and reapplied the permissions to that service account, db_owner
  What I have read is about AD/user account.  However in this case I am seeing the remote server name, not service account.  Got me thinking a service is running as network or local system, and phoning home to SQL.  However everything I see
  is using the service account for that utility.  Also in the event viewer in the security portion for that same time, I see the login and log off as successful.  Could anyone try to point me in the right direction, without flat out adding the servername
  to the local SQL VM administrators group.
  Thank you in advance for any assistance.

  Rather than adding the machine account to the admin group, you could do:
    GRANT CONNECT TO [Domain\Remoteservername$]
  And then you could set up a logon trigger that captures information about the login. That would include app_name() as well as the Windows process id. This could help you track exactly which process that is knocking on the door.
  Erland Sommarskog, SQL Server MVP, [email protected]

• BI Server Access

  Hi all,
  where would i get temporary BI server access to practice config (sand box env)?
  Thanks

  Hi,
  You have to Pay you can get it from LearnSAP.com.You have to pay for there membership.Need any help
  mail me [email protected] I am a member I can get you for less.
  Regards,
  Andy

• VI Server access denied

  I am receiving "LabVIEW: VI Server access denied." from TestStand 2010. This is using LabVIEW 2011 on Windows 7 but only started happening after I had transitioned to using the Run-Time engine for a while.
  I ran into this when trying to convert back to the development system for the configuration adapter due to needing to update some 130 steps worth of prototypes which takes a long time to do while running the run-time engine version.
  Thanks

  Thanks for the response Alexandra,
  1) The project and VI both run perfectly fine on the same system from the development environment.
  2) The LabVIEW module is a conglomeration of various instrument calls to accumulate some amount of data which is returned to Test Stand for Pass/Fail status and logging.
  3) I can run the sequence with TestStand LabVIEW Adapter configured for the RunTime, setting the LabVIEW adapter to Development System is when the VI Server access denied appears.
  4) System has always been a development system, I just switched the adapter over to RunTime engine to speed up operation of the test, now I am in integration with hardware and made a few changes that need to be updated in the sequence. I brute forced the update with runtime, but it took several hours to do for a 140+ step test.
  5) The only additional toolkit for LabVIEW is the FPGA one I believe, everything else is standard LabVIEW Professional.
  Thanks,
  James

• BizTalk Published Web Service unable to consume, Token-Based Server access validation error

  Hi, We have developed a BizTalk application and we have published as web service, but when we are trying to consume the application we are getting the an error and its logged
  in event log.
  While deploying we have allowed Anonymous user access for the web services as well.
  Following are the errror details -
  "Login failed for user 'IIS APPPOOL\ASP.NET v4.0 Classic'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]"
  I tried to change it other App pool as well. It seems an issue with permissions related to BizTalk user's/Group,
  Please suggest which app pool should we select or should we give permissions to App Pools.

  The User of App Pool should be part of "BizTalk Isolated Host Users Group".
  In your case user is "IIS APPPOOL\ASP.NET v4.0 Classic", so either you add this user to BizTalk Isolated Host Users
  Group or create a new App Pool with new user. I would suggest to go for new user specific to BizTalk.
  This permission is required because IIS(App Pool(w3wp.exe)) will be publishing new messages to BizTalk Databases. So they should have required permissions to do that and in BizTalk we have a default group for the same, as suggested by Shankycheil.
  BizTalk Isolated Host Users
  The default name of the first Isolated BizTalk Host Group created by Configuration Manager. Isolated BizTalk hosts not running on BizTalk Server, such as HTTP and SOAP.
  Use one BizTalk Isolated Host Group for each Isolated Host in your environment.
  Contains service accounts for the BizTalk Isolated host instance in the host that the Isolated BizTalk Host Group is designated for.
  BTS_HOST_USERS SQL Server Database Role in the following databases:
  BizTalkMgmtDb
  BizTalkMsgBoxDb
  BizTalkRuleEngineDb
  BizTalkDTADb
  BAMPrimaryImport
  Thanks,
  Prashant
  Please mark this post accordingly if it answers your query or is helpful.

• "mail" server access info and messages deleted

  Earlier today through an errant instruction, the server access info for Mail 4.6 was inadvertently deleted.  This process also deleted all the messages viewable in
  Mail's mailboxes: In/Sent/Trash !
  From Time Machine, I restored the server access information and the deleted messages!
  All of the restored messages now appear as nnnn.emix (as expected) in Home/Mail/POP email address/INBOX.mbox/messages.  Similarly for Sent Messages & Deleted Messages.
  However, only new messages since restore appear in Mail!!!  The restored messages do not appear (although they appear as nnnn.emix in Finder)!
  What am I missing here?

  WOOPS!
  My statement above about seeing current messages in Mail is only "partially correct."  I find that if I close out Mail... then reopen the program, the messages that were there have disappeared... and, they've similarly disappeared from the nnnn.emix files in Finder!
  So... something is clearly amiss!