The Integration Services service relies on a configuration file for its settings. By default, the name for this configuration file is MsDtsSrvr.ini.xml, and the file is located in the folder, %ProgramFiles%\Microsoft SQL Server\100\DTS\Binn.
Typically, you do not have to make any changes to this configuration file, nor do you have to change the file's default location. However, you will have to modify the configuration file if your packages are stored in a named instance or a remote instance of Database Engine, or in multiple instances of the Database Engine. Also, if you move the configuration file to a location other than the default location, you will have to modify the registry key that specifies the file location.
Reference:
http://msdn.microsoft.com/en-us/library/ms137789.aspx
Monday, December 6, 2010
Thursday, December 2, 2010
More Windows Event Log Info
Logon/Logoff Events
http://technet.microsoft.com/en-us/library/cc751315.aspx
http://technet.microsoft.com/en-us/library/cc163121.aspx
- 528 - Successful logon
- 538 - Logoff
- Logon Types: 2 - interactive; 3 - network; 4 - batch job; 5 - service; 7 - lock/unlock
- 560 - Successful object access
- 562 - Object handle closed
- 564 - Object deleted
- 567 - Permission associated with a handle was used.
http://technet.microsoft.com/en-us/library/cc751315.aspx
http://technet.microsoft.com/en-us/library/cc163121.aspx
Thursday, November 18, 2010
Airport Security
Sorry if this is off topic. Ignore this if you wish.
The big topic on the news and on the internet recently has been the screening that goes on at airports. It makes me wonder why there are no systems that use facial recognition to pull up information on each and every passenger going onto a flight.
Faces could be scanned during ticketing and check in and info provided at the ticket desk (ie. name, ID, etc.) could be included to look up each and every passenger that will be travelling. By the time they get to the security checkpoint, passenger profiles could be available to screeners. Anyone not found in the system, would be filtered through a "higher" level of screening. Those that are in the "system" would be directed to the "standard" level of screening.
I'm wondering why this kind of system does not exist today.
References:
http://eyetrackingupdate.com/2010/01/14/accurate-biometric-needed-for-screening-airport-security/
http://www.securitymanagement.com/news/british-airport-tests-facial-recognition-security-gates-005635
http://www.militaryaerospace.com/index/display/article-display/162111/articles/military-aerospace-electronics/volume-13/issue-11/electro-optics-supplement/news/facial-recognition-takes-off-in-airport-security.html
The big topic on the news and on the internet recently has been the screening that goes on at airports. It makes me wonder why there are no systems that use facial recognition to pull up information on each and every passenger going onto a flight.
Faces could be scanned during ticketing and check in and info provided at the ticket desk (ie. name, ID, etc.) could be included to look up each and every passenger that will be travelling. By the time they get to the security checkpoint, passenger profiles could be available to screeners. Anyone not found in the system, would be filtered through a "higher" level of screening. Those that are in the "system" would be directed to the "standard" level of screening.
I'm wondering why this kind of system does not exist today.
References:
http://eyetrackingupdate.com/2010/01/14/accurate-biometric-needed-for-screening-airport-security/
http://www.securitymanagement.com/news/british-airport-tests-facial-recognition-security-gates-005635
http://www.militaryaerospace.com/index/display/article-display/162111/articles/military-aerospace-electronics/volume-13/issue-11/electro-optics-supplement/news/facial-recognition-takes-off-in-airport-security.html
Tuesday, November 16, 2010
Huge Framework.log file?
This seems to occur for SQL 2005 running on Windows 2003 server. Adding DELETE permission to the Network service account fixed it.
To set the permissions on the %systemroot%\system32\ wbem\logs folder, follow these steps:
To set the permissions on the %systemroot%\system32\ wbem\logs folder, follow these steps:
- Locate the %systemroot%\system32\wbem\logs folder, right-click on the folder, and then select Properties.
- On the Security tab, click the Advanced button.
- Select the NETWORK SERVICE account from the Permission entries list, and then click Edit.
- Locate the Delete permission, and then click to select the Allow checkbox.
- Click OK three times.
Reference: http://support.microsoft.com/kb/836605
Monday, November 15, 2010
CrashOnAuditFail regkey
If you have this regkey set to "1", beware of your disk space running out for any reason. If the drive that houses the Windows event logs gets full and the security log is unable to write entries, this regkey gets set to "2" and only local Administrators will be allowed to connect to and from the server.
To restore functionality, you will need to clear up disk space where the event logs are being stored and then reset the regkey to "1" and reboot the server.
Windows NT provides the "Crash On Audit Fail" flag in the Registry key located in SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail.
Reference: http://technet.microsoft.com/en-us/library/cc963220.aspx
To restore functionality, you will need to clear up disk space where the event logs are being stored and then reset the regkey to "1" and reboot the server.
Windows NT provides the "Crash On Audit Fail" flag in the Registry key located in SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail.
Reference: http://technet.microsoft.com/en-us/library/cc963220.aspx
Thursday, October 14, 2010
Unable to start execution of step 1
On SQL 2005, I created a simple database and log file backup job using the Maintenance Plan wizard and scheduled it, but it does not work. When I run it, it generates an error:
"Unable to start execution of step 1 (reason: line(1): Syntax error). The step failed."
I can't believe MS would have this kind of bug. Something generated by a wizard needs to work. PERIOD.
Anyway, the fix for me was this:
1. Go to SQL Server Agents\Jobs. Select job and click Properties.
2. Go down to Steps
3. Highlight your SubPlan and click Edit
4. Add a Backslash to the beginning of the path listed in the "Package" box
And, like magic, no error and job runs.
Hope that helps!
"Unable to start execution of step 1 (reason: line(1): Syntax error). The step failed."
I can't believe MS would have this kind of bug. Something generated by a wizard needs to work. PERIOD.
Anyway, the fix for me was this:
1. Go to SQL Server Agents\Jobs. Select job and click Properties.
2. Go down to Steps
3. Highlight your SubPlan and click Edit
4. Add a Backslash to the beginning of the path listed in the "Package" box
And, like magic, no error and job runs.
Hope that helps!
Wednesday, October 13, 2010
Event ID 4292 - The IPSec driver has entered Block mode.
Full event properties:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
Possible Cause:
A corrupted file in the policy store causes this problem. An interruption that occurs when the policy is being written to the disk may cause the corruption.
Check:
When you try to open the Internet Protocol security (IPSec) Microsoft Management Console (MMC) policy on a Microsoft Windows Server 2003-based computer, you receive the following error message:
"The IPSec Policy storage container could not be opened. The following error occurred: The system cannot find the file specified. (80070002)."
Resolution:
References: http://support.microsoft.com/kb/870910
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
Possible Cause:
A corrupted file in the policy store causes this problem. An interruption that occurs when the policy is being written to the disk may cause the corruption.
Check:
When you try to open the Internet Protocol security (IPSec) Microsoft Management Console (MMC) policy on a Microsoft Windows Server 2003-based computer, you receive the following error message:
"The IPSec Policy storage container could not be opened. The following error occurred: The system cannot find the file specified. (80070002)."
Resolution:
- In Registry Editor, locate and then DELETE the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
- Close Registry Editor.
- Rebuild a new local policy store. To do this, Click Start, click Run, type regsvr32 polstore.dll, and then click OK.
References: http://support.microsoft.com/kb/870910
Friday, September 24, 2010
Netbackup Restore to same hardware
Using Netbackup to do an OS restore onto same hardware requires this procedure below.
Running W2koption.exe
1. Begin the recovery of the system by building the PC that you wish to recover. Follow the steps outlined in the Troubleshooting Guide in the section titled Disaster Recovery. (The links to the Troubleshooting Guides can be found in the Related Documents section below.)
2. Before the restore starts, run the w2koption with the following command syntax:
\VERITAS\Netbackup\bin\w2koption -restore -same_hardware 1
3. Then, restore the data files and the System_State. Do not reboot the server yet.
4. Repeat the w2koption command as done earlier.
\VERITAS\Netbackup\bin\w2koption -restore -same_hardware 1
5. Stop the NetBackup Client Service and verify the bpinetd.exe is no longer running.
6. Reboot the PC.
References: http://www.symantec.com/business/support/index?page=content&id=TECH22365
http://www.symantec.com/business/support/index?page=content&id=TECH56473
Running W2koption.exe
1. Begin the recovery of the system by building the PC that you wish to recover. Follow the steps outlined in the Troubleshooting Guide in the section titled Disaster Recovery. (The links to the Troubleshooting Guides can be found in the Related Documents section below.)
2. Before the restore starts, run the w2koption with the following command syntax:
3. Then, restore the data files and the System_State. Do not reboot the server yet.
4. Repeat the w2koption command as done earlier.
5. Stop the NetBackup Client Service and verify the bpinetd.exe is no longer running.
6. Reboot the PC.
References: http://www.symantec.com/business/support/index?page=content&id=TECH22365
http://www.symantec.com/business/support/index?page=content&id=TECH56473
Thursday, September 23, 2010
IIS "The Local Security Authority cannot be contacted"
This one was a strange one. Our WSS server crashed and rebooted. When it came back up again, users could not login to WSS or IIS and got the error above.
Turns out that due to security configuration we have CrashOnAuditFail set to 1 in the registry and when the server ran out of space, it could not log to the Security event log which caused the CrashOnAuditFail to be set to 2. This caused the server to refuse all, but Administrators to login.
To fix, free up disk space, reset CrashOnAuditFail = 1 and reboot server.
References: http://support.microsoft.com/kb/832981
Turns out that due to security configuration we have CrashOnAuditFail set to 1 in the registry and when the server ran out of space, it could not log to the Security event log which caused the CrashOnAuditFail to be set to 2. This caused the server to refuse all, but Administrators to login.
To fix, free up disk space, reset CrashOnAuditFail = 1 and reboot server.
References: http://support.microsoft.com/kb/832981
Thursday, August 5, 2010
VMware virtual machine NIC not working
For a Windows 2003 VM running on ESX appears to be ok, but cannot access the network. The NIC appears to be connected and server is functional, but pings fail.
If you check Windows event viewer, you will see an IPSec error like this:
Event ID 4292: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
To fix, disable the IPSec service and reboot the VM.
If that does not work, as specified in the MS KB below, you will have to rebuild the registry policy.
To resolve this issue, delete the following registry subkey and then rebuild the policy:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Local
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1000797
http://support.microsoft.com/kb/870910
If you check Windows event viewer, you will see an IPSec error like this:
Event ID 4292: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
To fix, disable the IPSec service and reboot the VM.
If that does not work, as specified in the MS KB below, you will have to rebuild the registry policy.
To resolve this issue, delete the following registry subkey and then rebuild the policy:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Local
Delete the local policy registry subkey. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local - On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey.
- Quit Registry Editor
Rebuild a new local policy store. To do this, follow this step:
- Click Start, click Run, type regsvr32 polstore.dll, and then click OK.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1000797
http://support.microsoft.com/kb/870910
Tuesday, August 3, 2010
Upgrading to SQL 2008
Issue: "Rule "Security Group SID (Security Identifier)" failed." from Upgrade Rules check.
Found solution at referenced link, post by nctmyers...
Basically, you need to make sure the group SID of SQLServer... related local groups match with is in the registry. ie.
SQLServer2005MSFTEUser$ServerName$MSSQLSERVER
SQLServer2005MSSQLUser$ServerName$MSSQLSERVER
Download the free PSTools utilities and use "psgetsid.exe" to display the SIDs for the SQL user groups.
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx
psgetsid
Then use "regedit" and go to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup] to see the SIDs for each group...
For example...
AGTGroup="S-1-5-21-2065109431-430523663-1844936127-1037"
FTSGroup="S-1-5-21-2065109431-430523663-1844936127-1039"
SQLGroup="S-1-5-21-2065109431-430523663-1844936127-1038"
ASGroup="S-1-5-21-2065109431-430523663-1844936127-1040"
Replace any SIDs that do not match the local group SIDs found with psgetsid and re-run on the SQL 2008 Upgrade Rules page.
Reference: http://social.msdn.microsoft.com/forums/en-US/sqlsetupandupgrade/thread/0ca885d2-cd8d-4815-a258-d2962d477c35
Found solution at referenced link, post by nctmyers...
Basically, you need to make sure the group SID of SQLServer... related local groups match with is in the registry. ie.
SQLServer2005MSFTEUser$ServerName$MSSQLSERVER
SQLServer2005MSSQLUser$ServerName$MSSQLSERVER
Download the free PSTools utilities and use "psgetsid.exe" to display the SIDs for the SQL user groups.
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx
psgetsid
Then use "regedit" and go to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup] to see the SIDs for each group...
For example...
AGTGroup="S-1-5-21-2065109431-430523663-1844936127-1037"
FTSGroup="S-1-5-21-2065109431-430523663-1844936127-1039"
SQLGroup="S-1-5-21-2065109431-430523663-1844936127-1038"
ASGroup="S-1-5-21-2065109431-430523663-1844936127-1040"
Replace any SIDs that do not match the local group SIDs found with psgetsid and re-run on the SQL 2008 Upgrade Rules page.
Reference: http://social.msdn.microsoft.com/forums/en-US/sqlsetupandupgrade/thread/0ca885d2-cd8d-4815-a258-d2962d477c35
Tuesday, July 20, 2010
Access Denied to SSIS remotely
Note: These steps are performed on the remote server that you cannot connect to:
Reference: http://msdn.microsoft.com/en-us/library/aa337083.aspx
- If the user is not a member of the local Administrators group, add the user to the Distributed COM Users group. You can do this in the Computer Management MMC snap-in accessed from the Administrative Tools menu.
- Open Control Panel, double-click Administrative Tools, and then double-click Component Services to start the Component Services MMC snap-in.
- Expand the Component Services node in the left pane of the console. Expand the Computers node, expand My Computer, and then click the DCOM Config node.
- Select the DCOM Config node, and then select MsDtsServer in the list of applications that can be configured.
- Right-click on MsDtsServerXXX and select Properties.
- In the MsDtsServer Properties dialog box, select the Security tab.
- Edit "Launch Permissions" to include the Distributed COM (DCOM) user group with
- Remote Launch
- Remote Activation
- Be sure to customize “Access permissions” to include the Distributed COM (DCOM) user group with "Remote Access"
- Make sure all remote access boxes are checked appropriately
- Restart the SSIS Service after making these changes.
Reference: http://msdn.microsoft.com/en-us/library/aa337083.aspx
Wednesday, June 30, 2010
Friday, June 4, 2010
Monday, May 24, 2010
SQL 2005 Encryption
See reference for tutorial on SQL 2005 encryption...
References: http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sql2005symmetricencryption/2291/
References: http://www.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sql2005symmetricencryption/2291/
Wednesday, May 5, 2010
SQL 2005 Performance Monitor Counter problem
Use this article below to manually increment the counter registry key.
Reference: http://msdn.microsoft.com/en-us/library/ms143215.aspx
Reference: http://msdn.microsoft.com/en-us/library/ms143215.aspx
Wednesday, April 14, 2010
SQL 2000 DTS Security
Some excerpts from link below:
Reference: http://www.databasejournal.com/features/mssql/article.php/3404791/SQL-Server-2000-Security---Part-11---DTS-Security.htm
- If you want to alter this default behavior and restrict the ability to create new or modify existing packages, you can modify permissions on the sp_add_dtspackage, sp_enum_dtspackages, and sp_get_dtspackage stored procedures in the MSDB database. The first one contains T-SQL code for creating DTS packages, the second one provides ability to list them and the third one is used for retrieving them. By removing permissions to run them from the public role, you can restrict these activities to specific fixed or custom database roles.
- Another possibility to secure packages saved to SQL Server or a Structured Storage file (but not to Meta Data Services or a Visual Basic file) is by assigning owner and user passwords. This is done from the DTS Designer interface, by selecting the Save As... item from the Package top level menu. In the resulting "Save DTS" Package dialog box, you can type in the owner and user password (note that you cannot set a user password without defining the owner password). An owner password secures opening and modifying the content of a package; knowledge of the user password allows its execution (you are prompted for them whenever you try to execute or open the package to which they were assigned). Keep in mind that there is no direct way to change these passwords. The only way to accomplish this is to save the package using a different name, then delete original package, and finally rename back the new one (this is clearly much more complicated than it should be).
- Each package has an owner, which is the login that created it (or saved an existing one to a new server - when transferring packages between computers). Identifying information is recorded in the syspackages table of the MSDB databases in the owner and owner_sid columns. Only package owners (and members of Sysadmin fixed server role) have the ability to alter packages and save them with the same name (they are still, however, required to provide passwords in order to open or execute their packages).
Reference: http://www.databasejournal.com/features/mssql/article.php/3404791/SQL-Server-2000-Security---Part-11---DTS-Security.htm
Thursday, April 1, 2010
Extracting Intel NIC drivers
The files listed below are for Windows XP* or Windows Server 2003*, 32-bit editions.
Reference: http://www.intel.com/support/network/sb/CS-026658.htm
- Download the latest driver package (PROWin32.exe) from Download Center.
- Create a temporary folder for the extracted driver files. (Example: C:\Temporary)
- Open an command-line prompt window, then go to the directory where the downloaded driver file was saved and enter “PROWin32.exe /s /e /f c:\Temporary”.
- When the command prompt appears, the files have been extracted successfully.
Reference: http://www.intel.com/support/network/sb/CS-026658.htm
Thursday, March 11, 2010
IIS 6 and Application Pools
Here is a nice explanation regarding IIS 6 application pools...
The 2nd one explains how to configure a new Application pool identity account.
Reference: http://www.developer.com/net/asp/article.php/2245511/IIS-and-ASPNET-The-Application-Pool.htm
http://support.microsoft.com/kb/832770
The 2nd one explains how to configure a new Application pool identity account.
Reference: http://www.developer.com/net/asp/article.php/2245511/IIS-and-ASPNET-The-Application-Pool.htm
http://support.microsoft.com/kb/832770
Saturday, January 16, 2010
Wednesday, January 13, 2010
How to Install NetBackup 6.5 Client and/or patches on a Cluster without the PBX Cluster Resource Groups
Otherwise, assuming Netbackup was not installed cluster-aware, from Cluster Adminstrator, take the PBX stuff offline and delete.
Reference: http://seer.entsupport.symantec.com/docs/304228.htm
Reference: http://seer.entsupport.symantec.com/docs/304228.htm
Thursday, January 7, 2010
8925 Tilt Mac Address
With the wireless adapter on, if you go into Settings - Connections (tab) - Wireless LAN - Advanced (tab). You should see a line for the MAC.
Subscribe to:
Comments (Atom)