Re: NT AUTHORITY\ANONYMOUS LOGON --- SQL server

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: John J. Hughes II (no_at_invalid.com)
Date: 03/24/05 

Date: Thu, 24 Mar 2005 09:56:34 -0500

Again thank you for your support.

I have worked around the registry problem and added the computer name to the
SQL as a valid log in with access to the correct databases.

Now I have the following error message from the connection string:
"Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection."

My connection string is "Data Source=MyServer;Initial
Catalog=DBData;Integrated Security=SSPI;Persist Security Info=False;Packet
Size=4096;Workstation ID=MyWks" which works fine from the user account.

Is this message because my workstation is set as a workgroup and not part of
the Win2K3 domain or do I need to configure the connection string
differently?

Regards,
John

"Peter Rilling" <peter@nospam.rilling.net> wrote in message
news:ejcJnFAMFHA.2912@TK2MSFTNGP12.phx.gbl...
> Well, now you get into the opposite problem as "local service", in that
> NetworkService is designed to work across the network, not locally.
>
> If you need local resources, then you will need to set those permissions
> on
> any registry keys or folders that your Windows service might need to
> access.
>
> Again, you would just need to set the ACLs for "NT
> AUTHORITY\NetworkService."
>
> "John J. Hughes II" <no@invalid.com> wrote in message
> news:e8APwn$LFHA.3708@TK2MSFTNGP14.phx.gbl...
>> Ok, I guess that sounds logical as far as the local system.
>>
>> I have several options when installing the service and one of them is
>> NetworkService which seems to be what you are alluding to. If I change
> the
>> service so it's installed as either a NetworkService or a LocalService I
> get
>> the following error "Requested registry access is not allowed" which
>> since
> I
>> store a bunch of data in the registry causes a problems. I am sure it's
>> a
>> permission thing but a clue as to what time would be helpful if you know
> it
>> off the top of your head.
>>
>> Thanks,
>> John
>>
>>
>> "Peter Rilling" <peter@nospam.rilling.net> wrote in message
>> news:eQlvrq%23LFHA.580@TK2MSFTNGP15.phx.gbl...
>> > Well, the reason it is called "local" service is because it is designed
> to
>> > be used within the computer, not across a network.
>> >
>> > There is a special account called "NT AUTHORITY\NetworkService" which
> will
>> > allow you to connect remotely. When configuring the service, you can
>> > specify this as your user account (no password needed). This causes
>> > Windows
>> > to send the machines domain credentials to sqlserver, therefore
> SqlServer
>> > would see something like "mydomain\ComputerB$" (dollar sign is
> important).
>> > Just add this account to SqlServer and you should be able to connect.
>> >
>> >
>> > "John J. Hughes II" <no@invalid.com> wrote in message
>> > news:esWADk#LFHA.2492@TK2MSFTNGP14.phx.gbl...
>> >> I have "Computer A" which is running Win2K3 and MS SQL server. And
>> >> "Computer B" which is running a service that I have created. If I
> change
>> >> the service on "Computer B" to run as a user my program is able to
>> >> connect
>> >> to the SQL server on "Computer A" correctly. But if I set the service
> on
>> >> "Computer B" to run as a local system then I get an error connecting
>> >> to
>> > the
>> >> SQL on "Computer A" --- "NT AUTHORITY\ANONYMOUS LOGON". I understand
> why
>> > I
>> >> have the error but would prefer to keep the service set to local
>> >> system
>> >> rather then running it under a user account.
>> >>
>> >> So the question is how to either reconfigure the SqlConnection
> connection
>> >> string so the user is not anonymous or to tell the SQL server it's ok
> for
>> >> this computer to log in. I don't want to allow anonymous log in to my
>> >> SQL
>> >> server obivously but I am not really happy about using the SQL user
> name
>> > and
>> >> password either.
>> >>
>> >> Thanks in advance,
>> >> John
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Difference with using between 1.1 and 2.0?
    ... It's looking for some registry entries to assemble a Sql ... connection string. ... I see the entering log message but no Leaving... ...
    (microsoft.public.dotnet.framework.clr)
  • Re: Protecting Connection String Data from End-Users
    ... You could store the connection string in an encrypted format in the ... application configuration file or the registry and store the registry ... reference in your configuration file. ...
    (microsoft.public.sqlserver.programming)
  • Re: How to use ADO fast?
    ... I used to do the Registry thing but a lot of our clients don't ... config files. ... >> Cor, hardcoding connection string is silly by any mean, trust us. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Are Macros Evil?
    ...  > As to evil, I like Oscar Wilde's quote "There is no good or evil. ... I'd say that the Windows Registry is definately tedious ... The production connection string and the development ... connection string to an XML file. ...
    (comp.databases.ms-access)
  • RE: SQL connection string security
    ... There is a scriptable com object that can read from the registry which is ... We use appropriate permissions on both the registry ... > keys themselves (along with the obscurity of an attacker having ... > With the importance of not letting the connection string used to ...
    (Focus-Microsoft)