How to add a new SQL Server machine account - iis

I've been following this guide on deploying an ASP.NET web application with CI. It has all been going smoothly till I got to the Configure Logins and Database Permissions stage. Particularly when entering the login name.
http://www.asp.net/web-forms/overview/deployment/configuring-server-environments-for-web-deployment/configuring-a-database-server-for-web-deploy-publishing
For the life of me I cannot discover what must go in this field
The author supplies the following instruction
Machine accounts take the form [domain name][machine name]$ —for example, FABRIKAM\TESTWEB1$.
Despite scouring the internet I have found very little in regard to discovering the domain name and machine name values to be inserted here. Almost everything I enter results in
Create failed for Login 'HISSAP\matt$'. (Microsoft.SqlServer.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=13.0.15600.2+((SSMS_Rel).160712-1724)&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Login&LinkId=20476
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
Windows NT user or group 'HIAP\matt$' not found. Check the name again. (Microsoft SQL Server, Error: 15401)
Now I know that 'matt' is a user account entered above and not a machine account, but I am at a loss in determining what needs to go into the Login Name for the machine account described above in the tutorial. When I use "Search" next to the field I have many options to select many different accounts, but how am I to know which one to select? The tutorial does not specify.
Could I just use a user account for the machine account? If so which one? If not what should I enter as the machine name?
I think the domain name is HIAP, I tried the computer name for the machine name which is also hiap, I tried different cases, with and without the $ at the end. I also went into IIS and tried the host name in site bindings which is hiapdev. Did not work.
I am remotely connecting to a Windows Server 2012 R2.

Don't try the Search... button in General tab to search machine account. Machine account cannot be searched in Select User or Group dialog box. Please follow below mentioned steps to add a machine account to a SQL Server instance:
Open a new login window.
Click General page in the left navigation pane.
Give input in the Login name field in the format [domainName]\[MachineName]$. In your case it is FABRIKAM\TESTWEB1$
Now go to Server Roles page. Check sysadmin server role as shown below:
Press OK. Now, you can see your machine's account under Security > Logins node.
Credits: Garth Jones

Related

Visual Studio: User account you used to sign in is not supported for this application

I use to sign-in to server explorer & query AzureTable entities.
However since I have updated to Visual Studio Update 4, I have not been able to login.
I tried using same credentials on azure portal & they work perfectly fine.
Visual Studio
Sorry, but we're having trouble signing you in
User account you used to sign in is not supported for this
application. Please use a different account to sign in.
To my surprise, Google did not return any relevant search result for this error.
P.S. I have double checked my Microsoft account credentials & they are working. This issue has been happening with other team members on different PCs as well.
I have learned to live with this error. This is definitely a bug in VS-2013 Update 4 which Microsoft should look into.
I use to sign-out from current subscription in Azure
Right click Azure in server explorer
Click Connect to Microsoft Azure Subscription
It works for one and only time. Next time repeat the process 1 to 3 again.
I believe I've had the exact same issue. Here's how I resolved it:
In the log-in page that "pops up" from Visual Studio I deleted the Microsoft account id that I usually sign in with and entered a different account ID that I own.
As soon as I finished typing the account id in, the page was refreshed and I was redirected to a Microsoft account log-in page. In that log-in page I made sure to type in the correct Microsoft account ID (the one I use for Azure) and its password. Having successfully signed in there, I was able to continue working as usual.
This was roughly based on guidance I found in this Microsoft Technet discussion.
Same here with Visual Studio 2015. I did logout user from visual studio and log in again and problem went away for good.
I recently received the same error after deploying an app to Azure and trying to connect to a DB server I had launched. When you first create an account, MS gives you a default active directory where you're sign in account is assigned the role of global administrator. You need to create a user account for this directory and use these credentials to sign in (different from signing into Visual Studio, you're providing credentials to access something on Azure).
In the Azure Portal, open up Active Directory and click on the default directory (or whichever one your project lives in). Go to the Users tab and select "Add User" from the panel at the bottom of the window. For "Type of User" select "New user in your organization", fill in the rest of the details and create the account. You get a temporary password and an awkward username. Now if you refresh server explorer you should be able to enter these credentials (and get prompted to enter a new password).
Just wanted to inform all of you that I had the same problem. Since this Sunday it disappeared magically on my VS 2013 Update 4 on all my machines. Here are my experiences:
Last week I had to re-enter my subscription after any VS-restart.
Sunday I opened VS and I was asked to reenter my VS-credentials in the upper-right corner.
I did not reenter my VS-credentials but simply expanded "Azure" in the Server Explorer and then expanded "SQL Databases" which led to the login-prompt formerly. Now the "Server Explorer" acted as expected.
I thought that the missing VS-login was the solution but I was wrong. Even with my VS logged on I know can restart the Studio as many times I want -> it works.
To ensure this I did several restarts of my machine too.
This is a stuff up on Microsoft's side, just replace your email address with one that isn't linked already and it will work.
To fix it: Use your a different email address with the same account through visual studio.

TFS2012 Wrong user missing workspaces

I have a very unusual issue with TFS2012, We've just migrated across domain and upgraded from TFS2010 to TFS2012.
All seems to work apart from one user, who we don't seem to be able to get his workspaces to work.
When I make a connection to the TFS Server, I enter the server name and port number, this connects, but in the 'Connect to Team Foundation Server' window, bottom left it shows my login credentials, even though the user logged in is categorically the user, he gets all my tfs administrator permissions.
If we connect, it shows a workspace, MB2, this workspace doesn't exist anywhere in the tfs server (used TF Sidekick to find that information as well as confirmation using tf commandline.
I think the issue is more to do with the TF connecting with my user account as all his workspaces are being labelled MB2;Paul Talbot as opposed to his user name and as such he cannot see any of these workspaces being created.
Does anyone have any idea where VS2012 is getting the user credentials from, up until this moment I had never logged onto this laptop.
I've solved it, in some bizarre circumstances (I saved credentials), my user details had been entered into Credential Manager, which caused VS2012 to connect to TFS using my account.

SSRS and UAC problem

I have using SSRS 2008r2 on Windows2003 server and added Domain Users group as a System Administrator via report manager. However, when I mimic an ordinary user in report manager web interface on my computer(member of the domain) I get;
User 'usera' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
if I try with user a on the server by using FQDN, it it shows same error above.
If I type localhost instead, it does work. while using localhost, it I navigate to a folder and while I am in a folder and change the localhost to FQDN, it still works.
There are lots of solutions on the web, like the one on http://skamie.wordpress.com/2010/06/24/ssrs-and-uac/, but it did not work..
Does anyone have any idea?
Many Thanks
Regards
Have you tried right-clicking on IE and select Run as Administrator?
I have to do that from time to time on my development machine so it is sort of first solution that came to mind. Hope it helps.
Additional answer:
So the Domain Users group has System Admin role. You can try adding that group as Browser role or Content Manager role at the root folder.

Force sharepoint to ask for authentication

Is there a way to force sharepoint 2010 to popup the dialog to ask the user for a username and password and not use the computers logged in user, if that user doesn't have access.
We need an internal sharepoint website to not use the windows credentials, since these are computers used by many people. The windows user doesn't have access to the site, so currently it shows an access denied, click here to log in as another user. We would prefer if it just asked for credentials in a more graceful manner.
There is a way to configure Internet Explorer to do this. In Internet Explorer(IE),
Go to Tools
Click Internet Options
Click on the Security tab
Click on the button labeled Custom Level.
Scroll to the very bottom of the list
Select the option labeled Prompt for user name and password.
The default option Automatic logon only in Intranet zone' is what is causing IE to send the credentials to SharePoint. This of course would force everyone to log in on that computer.
Forms Based Authentication is the answer. You can modify the Login page and even where the users credentials (username/password) are stored (e.g. a SQL database rather then AD).
Use browser other than IE to access the SharePoint site from the community computers.
I am guessing you work in a corporate environment, which would mean your computers are probably managed by your IT department and part of your domain. Because they are part of your company's AD (Active Directory), your systadmins Should be able to modify the existing policy (i say existing, because in IE, the defaults for the settings relating to logging on are by default set so that you WOULD have gotten a logon prompt, i am guessing a group policy is already in effect). If it does not exist, have your admins create one.
The setting Jeremy mentions is one option. It could also be that the site is in included in your IE's "Local Intranet Zone". If it is, or, more probable, there is a wildcard *.yourdomainname.yourdomainextension).
Use the setting mentioned by jeremy to override the default logon behavior (automatic logon) associated with sites listed in the intranet zone.
A group policy can be applied to a group of computers or all the computers in the domain. If the policy should be applied to a small group of computers only, put those computers in a separate OU (Organisation Unit) in AD and apply the policy to that OU.
What about creating a new zone, secured with FBA, for those community computers? As long as the users of the community computers are given only URL for the new zone, you should be OK.
You can create 2 registry files to turn this behavior on and off for the Internet Explorer. Use Notepad to paste the values below, ensure that Windows Registry Editor Version 5.00is the first line, and that you're appending 2 blank lines at the end of the file (press 2x Enter).
To turn it on (i.e. always ask for credentials): AlwaysAsk.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1] "1A00"=dword:00010000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1] "1A00"=dword:00010000
To turn it off (automatically use credentials, only ask if necessary): AutomaticLogon.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1] "1A00"=dword:00020000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1] "1A00"=dword:00020000
This is useful for testing, espcecially if you're a developer in a corporate environment where you can't easily change the policy settings on your PC (but you need elevated rights, i.e. you have to run it as Administrator).
Note that the 1st key is for the local machine, the 2nd key is for the current user (currently logged in), which is needed to activate it immediately.
If you need more details about the values, check out this link:
Internet Explorer security zones registry entries for advanced users

sharepoint search is not working

I have an issue with SharePoint search.
The situation
The server is installed with
SharePoint on a farm with 2 servers.
A new app pool is created and that app pool is using a domain account called moss_service.
moss_service is set to be in the administrator group in both server.
moss_service is also set to be the db_creator in the content database.
When I checked it initially, the search's default content access account is using another different account, I changed that to be using moss_service account.
I didn't do IIS reset because this is a production server, they dont want frequent iis reset.
Strangely, checking the services.msc under "office sharepoint server search" the account is still using an old one. (and apparently it's only running on 1 server, the other server is not running) I then change that to the following:
domain\moss_service with the password.
and then I rerun the crawl.
How do I diagnose the issue
Basically everytime I change something I restart the crawl and then check the event viewer. Multiple things come out but the following is the major ones:
The start address cannot be
crawled. The password for the content
access account cannot be decrypted
because it was stored with different
credentials. Re-type the password for
the account used to crawl this
content. (0x80042406)
Performance monitoring cannot be
initialized for the gatherer object,
because the counters are not loaded or
the shared memory object cannot be
opened. This only affects availability
of the perfmon counters. Restart the
computer.
Access is denied. Check that the
Default Content Access Account has
access to this content, or add a crawl
rule to crawl this content.
(0x80041205)
Crawl Logs Result
The crawl log is showing this:
The password for the content access account cannot be decrypted because it was stored with different credentials. Re-type the password for the account used to crawl this content.
I tried changing it again at service.mstsc and the rerun the full crawl again but then it doesn't work. I have tried entering it using the following way:
moss_service#domain.local
and
domain\moss_service
My Questions are:
How do I fix this?
Is this the right way to setup the
search?
Does the search account has to be
using a different domain account?
Seemed like one fix complicates the
other, how do I set this right?
Is it worth it to upgrade to sp2?
Google this you will get answer " Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. "
Alex, I think you need to completely reconfigure the search services. Keep in mind that the search crawler should be an account with least privileges (not your application service account!). Also, the indexer only runs on one server and whether the search crawler runs on one or more machines is another configuration issue. Also, some settings changes (like changing the crawled File Types) even require the search engine to be restarted.
The start address cannot be crawled. The password for the content
access account cannot be decrypted because it was stored with
different credentials. Re-type the password for the account used to
crawl this content.
For this error,
Open the Sharepoint administration
Click on "Application Management"
Click on "Manage service applications"
Click on "Search Service Application"
Click on the current value for "Default content access account" and re-enter the user's password, or update to another admin user.

Resources