Solved

Bulk Insert Access Denied

Posted on 2013-01-08
18
1,063 Views
Last Modified: 2013-10-16
Hi,
 I'm using VB.Net with an SQL Server 2008 R2 DB.
I've got a stored procedure that uses bulk insert to import some files in from a location on the network. It works great when I execute it from sql server.

When I try to execute from the VB app it throws an exeption stating: ex = {"Cannot bulk load because the file "\\usoscs101\DATA\INCOMING\TmTly\GET\Sortfill.TXT" could not be opened. Operating system error code 5(Access is denied.)."}

I haven't been able to grant myself permission for Administer bulk operations. So I'm thinking that might be the problem, but then I'm not sure why I could go into the sp and execute it.  I'm pretty much my own DBA so I'm figuring out some SQL Server as I go.

Thanks,
David
SPcode.txt
VBcode.txt
0
Comment
Question by:coperations07
  • 7
  • 5
  • 3
  • +2
18 Comments
 
LVL 22

Expert Comment

by:Steve Wales
ID: 38757023
Does the user that the SQL Server service runs under have access to the Network Share you're trying to read from ?
0
 

Author Comment

by:coperations07
ID: 38757072
Yes. I drilled down to it just to make sure but it will open when I log in. It uses Windows Authentication.

I also have other applications that hit the same path and execute stored procedures that are running without issue.
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 38757158
Check the Security Sections of these two documents:

http://msdn.microsoft.com/en-us/library/ms188365.aspx
http://msdn.microsoft.com/en-us/library/ms175915.aspx

I don't know a great deal about the finer details of Windows Security, but between them and this thread: http://social.msdn.microsoft.com/Forums/en-US/transactsql/thread/35578a01-5859-4277-9b70-fc61e3b48813

It seems that the section on "Security Account Delegation (Impersonation)" is what may be relevant.
0
 
LVL 39

Expert Comment

by:appari
ID: 38757331
>>It works great when I execute it from sql server.
Are you using same credentials when executing from sqlserver and vb?
0
 
LVL 10

Expert Comment

by:sqlservr
ID: 38758057
0
 

Author Comment

by:coperations07
ID: 38758884
Yes I'm using the same credentials for vb and sqlserver.

I added the shared path...or atleast followed the steps and executed this:
USE master
go
exec xp_cmdshell 'net use z: \\usoscs101\DATA\INCOMING\TmTly\GET'

I ran the app again and got the same message. Then I changed the path in the SP to 'z:\filename.txt' and it changes the message to an error code 3(file not found).
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 38758930
What user is the SQL Server service running as ?

Is it the same user you're connecting as ?  The SQL Server service owner, if different from your user, is the user that needs to have access to the file and path.

Does that user have the required permissions ?
0
 

Author Comment

by:coperations07
ID: 38758954
I remote into the server using the same windows login and password that I use to login to my computer that runs the vb app. Is this what you are asking?
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 38758964
No.

Do Start/Run and and then services.msc.

In the list of Services, you'll see SQL Server (MSSQLSERVER) - assuming it's the default instance.

The last column is usually "Log On As".

What do you see there ?  If it's "Local System" - then it won't have access to the network share.  

SQL Server uses the credentials of the service owner to access that file, not the credentials you use to connect to the SQL Server database engine.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:coperations07
ID: 38759029
Ah...ok.  It doesn't say local system, but it doesn't show my id either. It shows YYYPlantSQLAdmin, which is probably the guy that installed the server. I'll check out the security for that id.
0
 

Author Comment

by:coperations07
ID: 38761002
I got full control rights for the Admin user to that network path, but I'm still running into the same issue.
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 38761050
Seems like you may need to go back to this:  http://msdn.microsoft.com/en-us/library/ms188365.aspx and visit the section on Security Account Delegation (Impersonation).

I've never done that and am not familiar with that aspect of Windows, so I'm of limited help with that exact setup, sorry.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 38761542
Provided that the SQL Server service account has the appropriate permissions as indicated previously, then you should be able to access the files using a UNC path (don't use mapped drives).
0
 
LVL 10

Expert Comment

by:sqlservr
ID: 38761794
alter database      dbname set partner timeout 60

change the  database name with dbname
0
 

Author Comment

by:coperations07
ID: 38762994
I'm using the UNC paths. I tried to map the driver earlier, but it didn't fix so I changed back.

sqlservr - when I execute that alter db command I get a message saying the database is not configured for mirroring.
0
 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 500 total points
ID: 38765587
I'm using the UNC paths. I tried to map the driver earlier, but it didn't fix so I changed back.
That is just the point you cannot use a mapped drive when using a service.  So if you are using UNC path, then the only reasons that it would fail is that the SQL Server service account:
1. Does not have the appropriate permissions in SQL Server and/or
2. It is not a domain account or does not have access to the folder on the remote server.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 38765635
when I execute that alter db command I get a message saying the database is not configured for mirroring.
Just a word of caution:  Please, please read up on any advice provided here, before trying it, a lot of suggestions are useless and some are downright dangerous.  Just a cursory look in SQL Server's BOL would have told you that:
A. It is related to database Mirroring and
B. Setting the timeout period between mirrored instances.

Neither one have anything remotely to do with your question.

Please be careful.
0
 

Author Comment

by:coperations07
ID: 38766945
Thanks ac. I'm going to dig into the security and see what I can find.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Suggested Solutions

In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now