Sql server security patch

Similar Messages

• About SCCM 2012 Primary sites sql server security logins

  Hi, guys!
  I've got some issue or some misunderstanding....In primary site's sql security logins there were same accounts as on CAS sql.....(We've got about ten primary servers)....two days ago someone (i'm going to find out that guy....damned...) from branch administrators
  cleared up security list logins on one of primary server and left only two accounts....one of them it is primary site server installation account, second account - there is SCCM all hierarchy administrators group....
  Most of that....that somebody got lower site server installation account role from sysadmin to public....
  Am I right thinking in that way - all sql server security logins on all primary sites in one hierarchy must be identical....it explains by SQL replication.......?????
  How can i get back sql security logins list on that sccm server to normal way....became after installing primary site server....??? need help......  

  Hi,
  Primary sites do not always have the same security logins.
  You need to add NT... accounts, sa etc into security logins. These accounts were added during SQL installation.
  All site system computer accounts (such as MP, DP) and primary site computer account also need to be added.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SQL SERVER SECURITY Update KB2977321 and KB2716436 Error Code 1642

  I had gone through some of the related question that has been shared over here but since for me there was a definite Error Pop up stating
  SQL SERVER SET UP FAILER "NT Service Unable to start MSSQLSERVER" but i noticed that after each of the update the version had changed and the database is running normally, just want to confirm if the updates are working fine or some
  other measures has to be taken.
  I Ran the discovery report and it shows the latest version
  Can i take this as a successfull installation and no issues will occur?
  Please suggest.

  I have pulled this from the Setup Bootstrap log. IN the Administrative log in the event viewer there is nothing helpful.
  2015-03-31 15:07:22 Slp: Sco: Attempting to open service handle for service MSSQLSERVER
  2015-03-31 15:07:22 Slp: Invoking QueryServiceStatusEx Win32 API
  2015-03-31 15:07:22 Slp: Sco: Attempting to close service handle for service MSSQLSERVER
  2015-03-31 15:07:22 Slp: Sco: Attempting to close SC Manager
  2015-03-31 15:07:22 Slp: Sco: Returning service process id 5644
  2015-03-31 15:07:22 Slp: Waiting for nt event Global\sqlserverRecComplete to be created
  2015-03-31 15:07:22 Slp: Waiting for nt event Global\sqlserverRecComplete or sql process handle to be signaled
  2015-03-31 15:07:22 Slp: Error: Failed to start the following NT service after patch action: MSSQLSERVER
  2015-03-31 15:07:22 Slp: Sleeping 10 seconds before retrying NT service start request
  2015-03-31 15:07:32 Slp: Sco: Attempting to start service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Attempting to start service MSSQLSERVER, start parameters
  2015-03-31 15:07:32 Slp: Sco: Attempting to start service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Attempting to open SC Manager
  2015-03-31 15:07:32 Slp: Sco: Attempting to open service handle for service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Service MSSQLSERVER already running or pending start
  2015-03-31 15:07:32 Slp: Sco: Attempting to close service handle for service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Attempting to close SC Manager
  2015-03-31 15:07:32 Slp: Waiting for the following Sql NT service to indicate successful startup: MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Attempting to get service process id for service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Attempting to open SC Manager
  2015-03-31 15:07:32 Slp: Sco: Attempting to open service handle for service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Invoking QueryServiceStatusEx Win32 API
  2015-03-31 15:07:32 Slp: Sco: Attempting to close service handle for service MSSQLSERVER
  2015-03-31 15:07:32 Slp: Sco: Attempting to close SC Manager
  2015-03-31 15:07:32 Slp: Sco: Returning service process id 5644
  2015-03-31 15:07:32 Slp: Waiting for nt event Global\sqlserverRecComplete to be created
  2015-03-31 15:07:32 Slp: Waiting for nt event Global\sqlserverRecComplete or sql process handle to be signaled
  2015-03-31 15:07:32 Slp: Error: Failed to start the following NT service after patch action: MSSQLSERVER
  2015-03-31 15:07:32 Slp: Error: Action "StartPatchedServices" threw an exception during execution.
  2015-03-31 15:07:32 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: The NT service 'MSSQLSERVER' could not be started. ---> Microsoft.SqlServer.Chainer.Infrastructure.ChainerInvalidOperationException: The NT service 'MSSQLSERVER'
  could not be started.
  2015-03-31 15:07:32 Slp:    at Microsoft.SqlServer.Configuration.SetupExtension.StartPatchedServicesAction.ExecuteAction(String actionId)
  2015-03-31 15:07:32 Slp:    at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
  2015-03-31 15:07:32 Slp:    at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
  2015-03-31 15:07:32 Slp:    at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
  2015-03-31 15:07:32 Slp:    --- End of inner exception stack trace ---
  2015-03-31 15:07:32 Slp:    at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
  2015-03-31 15:07:36 Slp: Received request to add the following file to Watson reporting: C:\Users\imchenatadmin\AppData\Local\Temp\2\tmp4C5D.tmp
  2015-03-31 15:07:36 Slp: The following is an exception stack listing the exceptions in outermost to innermost order
  2015-03-31 15:07:36 Slp: Inner exceptions are being indented
  2015-03-31 15:07:36 Slp:
  2015-03-31 15:07:36 Slp: Exception type: Microsoft.SqlServer.Chainer.Infrastructure.ChainerInvalidOperationException
  2015-03-31 15:07:36 Slp:     Message:
  2015-03-31 15:07:36 Slp:         The NT service 'MSSQLSERVER' could not be started.
  2015-03-31 15:07:36 Slp:     Stack:
  2015-03-31 15:07:36 Slp:         at Microsoft.SqlServer.Configuration.SetupExtension.StartPatchedServicesAction.ExecuteAction(String actionId)
  2015-03-31 15:07:36 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
  2015-03-31 15:07:36 Slp:         at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
  2015-03-31 15:07:36 Slp:         at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
  2015-03-31 15:07:36 Slp: Watson Bucket 1
   Original Parameter Values
  2015-03-31 15:07:36 Slp: Parameter 0 : SQL2008@RTM@KB2977321
  2015-03-31 15:07:36 Slp: Parameter 1 : Microsoft.SqlServer.Configuration.SetupExtension.StartPatchedServicesAction.ExecuteAction
  2015-03-31 15:07:36 Slp: Parameter 2 : Microsoft.SqlServer.Configuration.SetupExtension.StartPatchedServicesAction.ExecuteAction
  2015-03-31 15:07:36 Slp: Parameter 3 : Microsoft.SqlServer.Chainer.Infrastructure.ChainerInvalidOperationException@1202@1
  2015-03-31 15:07:36 Slp: Parameter 4 : Microsoft.SqlServer.Chainer.Infrastructure.ChainerInvalidOperationException@1202@1
  2015-03-31 15:07:36 Slp: Parameter 5 : StartPatchedServices
  2015-03-31 15:07:36 Slp:
   Final Parameter Values
  2015-03-31 15:07:36 Slp: Parameter 0 : SQL2008@RTM@KB2977321
  2015-03-31 15:07:36 Slp: Parameter 1 : 0x0EE19F0D
  2015-03-31 15:07:36 Slp: Parameter 2 : 0x0EE19F0D
  2015-03-31 15:07:36 Slp: Parameter 3 : 0xF762992B@1202@1
  2015-03-31 15:07:36 Slp: Parameter 4 : 0xF762992B@1202@1
  2015-03-31 15:07:36 Slp: Parameter 5 : StartPatchedServices
  2015-03-31 15:07:37 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\Microsoft SQL Server to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150331_145638\MSSQLSERVER\Registry_SOFTWARE_Microsoft_Microsoft SQL Server.reg_
  2015-03-31 15:07:37 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150331_145638\MSSQLSERVER\Registry_SOFTWARE_Microsoft_Windows_CurrentVersion_Uninstall.reg_
  2015-03-31 15:07:37 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\MSSQLServer to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150331_145638\MSSQLSERVER\Registry_SOFTWARE_Microsoft_MSSQLServer.reg_
  2015-03-31 15:07:37 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150331_145638\MSSQLSERVER\Registry_SOFTWARE_Wow6432Node_Microsoft_Microsoft
  SQL Server.reg_
  2015-03-31 15:07:37 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150331_145638\MSSQLSERVER\Registry_SOFTWARE_Wow6432Node_Microsoft_Windows_CurrentVersion_Uninstall.reg_
  2015-03-31 15:07:37 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\MSSQLServer to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150331_145638\MSSQLSERVER\Registry_SOFTWARE_Wow6432Node_Microsoft_MSSQLServer.reg_
  2015-03-31 15:07:40 Slp: The NT service 'MSSQLSERVER' could not be started.
  2015-03-31 15:07:40 Slp: Watson bucket for exception based failure has been created
  2015-03-31 15:07:40 Slp: Sco: Attempting to create base registry key HKEY_LOCAL_MACHINE, machine
  2015-03-31 15:07:40 Slp: Sco: Attempting to open registry subkey
  2015-03-31 15:07:40 Slp: Sco: Attempting to open registry subkey Software\Microsoft\PCHealth\ErrorReporting\DW\Installed
  2015-03-31 15:07:40 Slp: Sco: Attempting to get registry value DW0201
  2015-03-31 15:07:40 Slp: Submitted 1 of 1 failures to the Watson data repository
  2015-03-31 15:07:43 Slp:
  2015-03-31 15:07:43 Slp: ----------------------------------------------------------------------
  2015-03-31 15:07:43 Slp:
  2015-03-31 15:07:43 Slp: Error result: -2068709375
  2015-03-31 15:07:43 Slp: Result facility code: 1202
  2015-03-31 15:07:43 Slp: Result error code: 1

• What is the process for SQL Server 2005 patch update

  hi,
  i have 2 production SQL Server2005  Database servers in cluster ,
  what is the process for applying patches.
  Saidireddy

  In 2005 you can do it in two ways...
  Method 1 :
  With SQL Server 2005,
  when you start installing cluster service pack (or hotfix), it must be launched on the active node(node
  that hosts the instance). When installing the Setup will launch simultaneously  "remote silence" on all passive nodes. All nodes in the cluster containing the SQL Server instance are updated in the same time.
  Method 2: First you can install in passive node then you can install in the active node, In this way you can save your down time ( If you start in the active node it will check in the passive, and if its installed already then it skips that
  and start applying in the active node ), but most of the DBA's follows only first method because they may not aware of this or just they follows Microsoft common method. 
  SQL 2008 and Later....
  1.  Apply the hotfix on pasive node N2
  2.  Reboot the passive node N2
  3.  Failover on SQL resource : the passive node become the active node
  4.  Apply the hotfix on the passive node N1
  5.  Reboot the passive node N1
  Raju Rasagounder Sr MSSQL DBA

• How to change SQL Server security groups name after server rename?

  A Windows 2003 server has been renamed from LAMDAMIRROR1A to LAMDAMIRROR2A and the following
  sql has been run in SQL Server 2008 R2 on the server :
  exec sp_dropserver 'LAMDAMIRROR1A'
  exec sp_addserver 'LAMDAMIRROR2A','local'
  However, although everything appears ok, the 5 Windows 2003 Groups (automatically created by
  the SQL 2008 R2 Install) still contain 'LAMDAMIRROR1A' in their name. Does this matter ? Can the Windows Groups be just renamed (right click , rename) or will this cause problems ?
  The Windows Groups are :
  SQLServer2005SQLBrowserUser$LAMDAMIRROR1A
  SQLServerDTSUser$LAMDAMIRROR1A
  SQLServerMSSQLServerADHelperUser$LAMDAMIRROR1A
  SQLServerMSSQLUser$LAMDAMIRROR1A
  SQLServerSQLAgentUser$LAMDAMIRROR1A
  There are also Registry entries containing the old 'LAMDAMIRROR1A' name. Does this matter ?
  Should this be changed ?
  eg. 
  My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\Machines\OriginalMachineName.
  My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Services\Report Server\GroupPrefix.
  My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\printers\Microsoft XPS
  DocumentWriter\DsSpooler\serverName.
  etc

  Hi,
  If you have executed the sp_dropserver and sp_addserver in SQL Server 2008 R2, we need to verify if you renamed the SQL Server instance successfully. You can select information from @@SERVERNAME or sys.servers to verify if the renaming operation is completely
  successful in SQL Server Management Studio (SSMS). If yes, whether you change the registry entries containing the old 'LAMDAMIRROR1A' name or not, there’s no impact on SQL Server Services. For more details, please review this article: 
  How to: Rename a Computer that Hosts a Stand-Alone Instance of SQL Server.
  In addition, if you must rename the windows groups, you can just right-click the group in Computer Management/System Tools/Local Users and Groups/Groups and rename it, or you can create new groups with new names, for more details, please review this article:
  Manage Local Groups. If there are some issues regards the Windows, you can post the question in the Windows Server forums at
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver . It is appropriate and more experts will assist you.
  Thanks                 
  Lydia Zhang                           

• SQL Server Security Logins vs. Databases Security Users

  Why isn't all security needs done just in logins?  When migrating databases, the Logins are not brought over when restoring a backup.  It does not make sense.  Could it not be done all just in the Security > Logins area or why not?  That COULD be designed to track users and rights on various databases rather than a thing owned by each database....
  Thanks for your time.
  Gib

  Understand
  the below points first
  Login are being used to access the server (Server level)
  Database users are being used to access the database.(Database level)
  Why
  isn't all security needs done just in logins?
  Just Imagine the below things:
  I want give the permission to user to take backup for specific databases in this case we will give databasedb_backupoperator
  role. Is this possible with server role to take backup for specific databases
  I want give the permission to user to run the BULK INSERT statement on databases in this case we
  will give bulkadmin server role. Is this possible with database role to run the BULK INSERT statement on databases 
  Thanks-Vanchan
  Please click the Mark as Answer button if a post solves your problem!

• SQL Server Security Hardening utility

  Hi All,
  Is there a list of items performed by this utility?
  Thanks!
  -JT-

  Hi,
  Take a look..
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/ippcenterprise9_0_1/reference/guide/CCMP_BK_I3E02C25_00_icm-security-best-practices-guide_chapter_0111.html#CCMP_RF_SCDB90DA_00
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/ippcenterprise9_0_1/reference/guide/CCMP_BK_I3E02C25_00_icm-security-best-practices-guide_chapter_0111.pdf

• What range TCP/IP Port should be give to default or named instance of sql server for security purpose to sql server ?

  Hi
  i am following technet article for Configure SQL Server security for SharePoint 2013 environments
  https://technet.microsoft.com/en-us/library/ff607733?f=255&MSPPError=-2147217396
  i want to change default TCPIP port from 1433 to which ports to change is securable for sql server
  i mean in what range 
  for example can i change to 1500 or 2000 or 1450 etc .
  if i assign like these portnos it will not affect to other ports in windows server 2012?
  adil

  I agree with Erland. (Always a good idea.) Changing the port doesn't help much to prevent attacks. If you decide to do that see Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager)
  http://msdn.microsoft.com/library/ms177440.aspx. Note
  "When selecting a port number, consult
  http://www.iana.org/assignments/port-numbers for a list of port numbers that are assigned to specific applications."
  It's important that you pick a number that isn't used by some other application. 
  Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• SQL server agent job running as Agent Service Account whose service account does not have r/w access but is still able to write?

  Hi. I am newer to SQL server security and am reviewing some of our SQL server's configuration to make sure the services are running under accounts with least privilege.  I have a SQL server 2012 instance whose Agent service is configured to run
  under an AD user account named 'SQLServices'.  The jobs on this server are configured to run as 'SQL server agent service account', which means they should execute as user 'SQLServices'.  The jobs are set up to execute SSIS packages which read and
  write to a database on the same server where the agent job is scheduled and SSIS package installed (all on same server).  The jobs are currently executing without error and are reading writing data correctly.  Upon close examination, it turns out the
  SQLServices account is not assigned to the 'sysadmin' role and had no users mapped to any databases on this server.  How are these jobs working?  I verified in profiler that the login name indeed is 'SqlServices'.  I also verified
  that SQLServices login has no database access by remote-ing onto the server and trying to log into the DB, and access was denied as expected.  According to the literature, the Agent service needs to be a member of 'sysadmin role' but I am reading
  some cases where that is not necessarily the case.  So this is not so concerning.  What is concerning is that the login 'SQLServices' had no access to the databases on that server yet it is reading and writing to the databases as if it does. 
  The only thing I can think of is maybe jobs run as 'SQL server agent service account' on the same server as the databases it r/w to somehow has some kind of default access.  What am I missing here?  Any input would be helpful.

  After 2 days on this forum I found the answer to my own question.  In retrospect, I should have posted this under 'SQL Server Security', but I didn't know it existed.
  The 2 threads below explain that Sql agent actually runs using SID (service) NT SERVICE\SQLSERVERAGENT if you chose that when you installed.  This will automatically create an associated login NT SERVICE\SQLSERVERAGENT in SQL server with sqladmin
  role.  This is the login that Agent uses to connect to the local instance of SQL server.  If you changed to domain account to run the service during install or after using config manager, basically NT SERVICE\SQLSERVERAGENT is still
  used to connect to your local instance behind the scenes (even though you will still see your domain user as account), and the domain account is used to reach outside the server. 
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/9e6bb2de-8fd0-45de-ab02-d59bbe05f72e/servicedatabase-accounts-nt-servicemssqlserver-nt-servicesqlserveragent-what-are-they-for
  https://social.technet.microsoft.com/Forums/sqlserver/en-US/b83a52fd-fe11-4c28-a27b-88be8ae79f2a/how-do-i-change-sql-server-agent-service-account-to-nt-servicesqlserveragent?forum=sqlsecurity

• How to install mini SAP in MS SQL Server 2005 Express?

  Hi, is anyone know how to install the mini SAP v4.6 by using MS SQL Server 2005 Express?
  I get error when connecting to the Database at 88% of the installation.
  Please help. Thank you.

  I do not think you can install miniSAP 4.6D on MS SQL server 2005 express.
  1) you need the up todate patch to run on MSSE. If  SAP did the work to allow it to run, it would be patch 55+. As supplied it is patch zero.
  2) You can install on MSDE (MS SQL server 2000) patch 4. Look for my post INFO: Installing MiniSAP 4.6D on a named instance of MSDE (MS-SQL).
  3) after the install on MSDE SP4 you would have to change the database code page to 'BIN2' look for the OSS note.
  4) then you can start patching through to the most recent.
  The main reason you cannot do this is MS have changed the version key format to include '.6' as extra info which SAP cannot interprate, too many dots.
  MattG.
  Message was edited: add URL

• SQL Server 2008 self-signed certificate is 1024bit or 2048bit?

  When there is no user defined certificate available, SQL Server will generate a self-signed certificate when service starts, We have a tool scans and finds that in SQL 2005 the self-signed certificate is 1024bit,  does someone know the default self-signed
  certificate is still 1024bit or is it 2048bit in SQL 2008? Thanks a lot!!!

  I will begin my answer by making an emphasis that the best way to protect your data in-transit is using a 2048 bit certificate signed by a trusted certificate authority (CA) instead of relying on the self-signed certificate created by SQL Server.
   Please remember that the self-signed certificate created by SQL Server usage for data in-transit protection was designed as a mitigation against passive traffic sniffers that could potentially obtain SQL Server credentials being transmitted
  in cleartext, but nothing more. Think of it as a mitigation against a casual adversary.
   The self-signed certificate usage was not intended to replace real data in-transit protection using a certificate signed by a trusted CA and encrypting the whole communication channel. Remember, if it is self-signed, it is trivial to spoof.
  After making this clarification, the self-signed certificate generated by SQL Server uses a 1024 bit key, but that size may be subject to change in future versions of the product. Once again, I would like to strongly discourage relying on the self-signed
  certificate created by SQL Server for data in transit transmission.
  BTW. Azure SQL Database uses a 2048 certificate issued by a valid certificate authority.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Encryption strenght with SQL Server self-signed certificate

  I have SQL Server 2008 R2 Standard (64-bits) on Windows Server 2008 R2 Enterprise (64-bits) and client computers running on Windows 7 Professional (64-bits). If I set "Encrypt=True;TrustServerCertificate=True;" in connection strings, I'm wondering
  what encryption level or strength (40bits, 128bits, or other) are the connections getting?
  Microsoft is not clear about this topic:
  "The level of encryption used by SSL, 40-bit or 128-bit, depends on the version of the Microsoft Windows operating system that is running on the application and database computers."
  I appreciate any comment.

  Please see the discussion thread on this other post:
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/ee159a8b-0b07-4637-83e7-d0487fc63a9e/which-cipher-current-supported-after-force-encryption?forum=sqlsecurity
  Hopefully this information will help.
  -Raul Garcia
    SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Configuration manager requires microsoft sql server 2008 sp2 with cumulative update 9 or higher

  Hi,
  I have this error during setup of SCCM 2012 R2 to a sql server. Patch level is higher then what is mentioned in popup.
  Please advise.
  Note: build of SQL is 10.50.4000
  J.
  Jan Hoedt

  Thanks. There is no c:\configmgrprereq.log but there is a configmgrsetup.log:
  INFO: setupdl.exe: Finish  $$<Configuration Manager Setup><12-16-2013 13:33:10.799-60><thread=1660 (0x67C)>
  CWmiRegistry::GetStr: Failed to get string value MSSQLSERVER  $$<Configuration Manager Setup><12-16-2013 13:34:56.756-60><thread=3068 (0xBFC)>
  Failed to retrieve SQL Server instance name[MSSQLSERVER].  $$<Configuration Manager Setup><12-16-2013 13:34:56.761-60><thread=3068 (0xBFC)>
  WARNING: failed to retrieve port number for SQL.ourcompany.com.  $$<Configuration Manager Setup><12-16-2013 13:34:56.763-60><thread=3068 (0xBFC)>
  WARNING: failed to retrieve port number for SQL.ourcompany.com.  $$<Configuration Manager Setup><12-16-2013 13:34:56.763-60><thread=3068 (0xBFC)>
  INFO: Registered type SQL.ourcompany.com MASTER for SQL.ourcompany.com master  $$<Configuration Manager Setup><12-16-2013 13:34:56.763-60><thread=3068 (0xBFC)>
  INFO: Registered type SMS Master for SQL.ourcompany.com master  $$<Configuration Manager Setup><12-16-2013 13:34:56.764-60><thread=3068 (0xBFC)>
  INFO: Registered type SQL.ourcompany.com SCCM2012R2 for SQL.ourcompany.com SCCM2012R2 $$<Configuration Manager Setup><12-16-2013 13:34:56.764-60><thread=3068 (0xBFC)>
  INFO: Registered type SMS ACCESS for SQL.ourcompany.com SCCM2012R2 $$<Configuration Manager Setup><12-16-2013 13:34:56.764-60><thread=3068 (0xBFC)>
  *** [08001][14][Microsoft][ODBC SQL Server Driver][DBNETLIB]Invalid connection.  $$<Configuration Manager Setup><12-16-2013 13:35:57.478-60><thread=3068 (0xBFC)>
  *** [01000][14][Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (Invalid Instance()).  $$<Configuration Manager Setup><12-16-2013 13:35:57.478-60><thread=3068 (0xBFC)>
  *** Failed to connect to the SQL Server, connection type: SQL.ourcompany.com MASTER.  $$<Configuration Manager Setup><12-16-2013 13:35:57.479-60><thread=3068 (0xBFC)>
  *** [08001][14][Microsoft][ODBC SQL Server Driver][DBNETLIB]Invalid connection.  $$<Configuration Manager Setup><12-16-2013 13:36:58.135-60><thread=3068 (0xBFC)>
  *** [01000][14][Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (Invalid Instance()).  $$<Configuration Manager Setup><12-16-2013 13:36:58.135-60><thread=3068 (0xBFC)>
  *** Failed to connect to the SQL Server, connection type: SQL.ourcompany.com MASTER.  $$<Configuration Manager Setup><12-16-2013 13:36:58.136-60><thread=3068 (0xBFC)>
  Could the error be related to other prereqs not met?
  Jan Hoedt

• Sharepoint 2013 Workflow manager setup SQL serverinstance "Failure in connecting to SQL Server"

  Hi Guys
  im having issues with installing work flow manager.
  this installation has gone ok, but when I'm in the configuration stage, and type in the SQL server instance, it returns with failure in connecting to SQL server.
  this happens with SSL and with out SSL
  I look forward to your responses
  Kindest regards
  Jack

  Make sure that you have installed workflow manager updates on the server.
  Follow these two steps first:
  Add
  WFSetup account (installer account) to SQL Server security group and give him
  SysAdmin permission.
  Add WFSetup to Workflow server in machine
  administrator group, so user can login as worklfow administrator.
  Enter database machine name and test it.
  Adnan Amin MCT, SharePoint Architect | If you find this post useful kindly please mark it as an answer :)