Solved

How do you create a Linked Server using Trusted Connection

Posted on 2006-07-06
27
3,326 Views
Last Modified: 2007-12-19
How do you create a Linked Server using Trusted Connection?  Is it something like:

sp_addlinkedserver @server = 'servername'
    , @srvproduct = 'SQL Server'  
    , @provider = 'SQLOLEDB'
    --[ , [ @datasrc = ] 'data_source' ]
    --[ , [ @location = ] 'location' ]
    , @provstr = 'Trusted_Connection=yes;Integrated Security=SSPI;Data Source=servername;Initial Catalog=master'

0
Comment
Question by:bergstpg
  • 13
  • 10
  • 3
  • +1
27 Comments
 
LVL 75

Expert Comment

by:Aneesh Retnakaran
ID: 17051300

EXEC    sp_addlinkedserver    @server='servername', @srvproduct='SQL Server',
                                @provider='SQLOLEDB'


Now the trusted connection comes into picture, when you create the login

This example creates a mapping to ensure that only the Windows NT user  Domain\Mary connects through to the linked server Accounts using the login MaryP and password NewPassword.

EXEC sp_addlinkedsrvlogin 'Accounts', 'false', 'Domain\Mary', 'MaryP', 'NewPassword'
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17051545
Unfortunately I get the following error message using your syntax for sp_addlinkedserver - I changed the servername to my servername:

Server: Msg 15428, Level 16, State 1, Procedure sp_addlinkedserver, Line 67
You cannot specify a provider or any properties for product 'SQL Server'.

To be more clear, I don't want to create a SQL Server login - just use Windows Authentication.
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17051578
What I would really like is to use the OPENROWSET instead of a linked server to connect to a remote server, but all the references I have found on this have said it isn't possible.  It seemed like it might have been in the past:

http://support.microsoft.com/default.aspx?scid=kb;en-us;256052&sd=tech
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17053930
is this SQL 2000 or 2005?

generally you can do

EXEC sp_addlinkedsrvlogin 'ServerName', 'true'

This will use the connected user login to login to the remote server
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17058821
SQL Server 2000

I created a linked server using the following syntax:

EXEC sp_addlinkedserver 'servername','sql server'
EXEC sp_addlinkedsrvlogin 'servername', 'true'

I got the error Login not associated with a trusted connection when I tried to view the tables within EM.  I have sa access to this server.

I then tried the following sytax:

EXEC sp_addlinkedserver 'servername','','sqloledb'
EXEC sp_addlinkedsrvlogin 'servername', 'true'

This showed me tables, but they where the tables in the master database of the local server.

Finally I tried the following sytax:

EXEC sp_addlinkedserver 'servername','','sqloledb','dbname'
EXEC sp_addlinkedsrvlogin 'servername', 'true'

This time when I accessed the tables I got the error Error 6: specified sql server not found.  Both the client and server are using tcpip only in the client and server config utilites.

I am still looking for a solution.  Thx.
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17058825
New points
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17061475
use the one where you could see the data in Master database... then fire this query

SELECT * FROM <Servername>.<DatabaseName>.<userName>.<tableName>

and that should work
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17073115
Sorry, still doesn't work

Tried this:

SELECT top 100 * FROM dsm02415.express.dbo.computer

Got this:

Server: Msg 7314, Level 16, State 1, Line 1
OLE DB provider 'dsm02415' does not contain table '"express"."dbo"."computer"'.  The table either does not exist or the current user does not have permissions on that table.
OLE DB error trace [Non-interface error:  OLE DB provider does not contain the table: ProviderName='dsm02415', TableName='"express"."dbo"."computer"'].

I tripled checked the table's existance and I have SA.  Any other ideas?
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17075516
add login that you plan to use on both sql servers (make sure they have all needed rights)

then create linked server:


--servername must be your destination sql server name:

USE [master]
GO
EXEC master.dbo.sp_addlinkedserver @server = N'servername', @srvproduct=N'SQL Server'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'collation compatible', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'data access', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'rpc', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'rpc out', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'connect timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'collation name', @optvalue=null
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'query timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'servername', @optname=N'use remote collation', @optvalue=N'true'
GO
USE [master]
GO
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = N'servername', @locallogin = NULL , @useself = N'True'
GO
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17076034
Double check that SA has a user mapped (dbo or others) in the database you are trying to access (Express)

This problem can ONLY happen if you do not have rights or the object does not exist, since the object exists, the user does not have rights.. have seen it over a million time.
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17080336
clarification:
--add login
 NT login - such as  yourdomain\yourusername
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17081521
EugeneZ

I ran your script - adjusted to my environment - and specifically added my domain login to both servers - sa on connected server, dbo in db of destination server - and I get the following error:

Server: Msg 18452, Level 14, State 1, Line 1
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

I am beginning to think this isn't possible.  Has anybody been able to do this?  I have tried about every possible solution without success.
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17081600
Einstine98

I tried connecting to another db that the mapped dbo was sa - still no luck - same errors as seen above.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 42

Expert Comment

by:EugeneZ
ID: 17082639
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17083921
it is possible.
Can you see your NT login (domain\yourlogin) among sql server logins on both servers?
And you connected to sql server in EM with windows authotication?
and you open QA with windows authotication?
And you run
select * from yourlinkedserver.master.dbo.sysobjects?
And get error?
----
What OS do you have where the sql server installed:
if it is windows 2003:

check MS DTC settings:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329332
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17084104
Not sp4 and its fixes, but sp3a and its fixes.  8.00.818

I don't have access to modify Active Directory, nor do I want that responsibility.  If this is the problem, I am abandoning this question.
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17084159
sp3a and its fixes.  8.00.818 - is good:
what is Windows OS do you have on the servers?
--
It is not Active Directory issue
--
When you open logins in Sql server Enterprice Manager for the 2 sql servers -
can you see your NT login ?


0
 
LVL 1

Author Comment

by:bergstpg
ID: 17084252
MS DTC is setup correctly on both servers.

No, because I am part of a domain group.

Earlier I tried adding my login manually to both servers - as seen above - without success.  
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17084297
Windows 2003 - with and without SP1
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17085592
<Earlier I tried adding my login manually to both servers - as seen above - without success.
?
Can you access the QA of the sql server, As let say, 'sa':
and run (it will add your NT login to sql server if it is not there and add ro 'sa' role)?

exec sp_grantlogin N'yourdomain\yourlogin'
exec sp_defaultdb N'yourdomain\yourlogin', N'master'
exec sp_addsrvrolemember N'yourdomain\yourlogin', sysadmin

--please post a result
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17090363
Yeah - I have SA access, thus I can use NT Authentication to connect the SQL Server using QA.  Our group of 11 support 6000 dbs on 300 servers using Windows NT Authentication.  I would expect us to have other problems with Windows NT Authentication than this one.  Again, I am not a believer at this point.
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17094658
did you or did not run (let say on 2 test servers):
exec sp_grantlogin N'yourdomain\yourlogin'
exec sp_defaultdb N'yourdomain\yourlogin', N'master'
exec sp_addsrvrolemember N'yourdomain\yourlogin', sysadmin

--
and what an error message (if there is any) did you get after connecting each other through linked server connection (created as per posts above)  ...?
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17094761
plan B (no linked server for sql server 2000 with SP3 and up):

select * from OPENDATASOURCE('SQLOLEDB','Data Source=yoursqlserver;InitialCatalog=master;Integrated Security=SSPI').master.dbo.sysobjects
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17101439
Result:

Server: Msg 18452, Level 14, State 1, Line 1
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
[OLE/DB provider returned message: Invalid connection string attribute]

Been here done this.  OPENROWSET doesn't work either.
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17101872
can you add your NT login to the destination sql server logins?
0
 
LVL 1

Author Comment

by:bergstpg
ID: 17102183
I can, but I have already tested this.  Is dbo ok to test - even though I have effective SA rights?  If I give myself sa it causes alarms to occur that I want to avoid.
0
 
LVL 42

Accepted Solution

by:
EugeneZ earned 500 total points
ID: 17102398


New resolution for problems that occur when users belong to many groups
http://support.microsoft.com/?id=327825

This is the link to setup Kerberos.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Introduction In my previous article (http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SSIS/A_9150-Loading-XML-Using-SSIS.html) I showed you how the XML Source component can be used to load XML files into a SQL Server database, us…
Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now