Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Another Linked Server Issue Expand / Collapse
Author
Message
Posted Tuesday, May 8, 2012 10:07 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, July 30, 2014 3:39 PM
Points: 48, Visits: 163
I see that there are a ton of these issues already posted, but I can't find one that fits my situation.

I have no to the oracle server settings so please eliminate those solutions. I've successfully created a linked server to the Oracle server. But can only access it using my own windows credentials. Even though I've set it up so that the all logins are mode using the same security context, where I've hard coded the connection creds.

I created an SQL account called ETL, and when I connect as that account and try to query the linked server, I get the following error.

Cannot create an instance of OLE DB provider "OraOLEDB.Oracle" for linked server "AUTO2K".

But when running the same query under my windows credentials it runs fine. What I'm trying to do is get a SQL Agent job to run a query that hits the linked server, but SQL Agent is setup to run as NT AUTHORITY\SYSTEM. So I set the step to run as user ETL, but get the error above. When I change to run as my windows credentials, I get the following error.

DOMAIN\cdoise. Access to the remote server is denied because the current security context is not trusted.

This is extremely frustrating, any advice would be greatly appreciated. Thanks!
Post #1296599
Posted Tuesday, May 8, 2012 10:48 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, February 21, 2014 7:54 AM
Points: 1,619, Visits: 1,233
And you've verified that the 'hard-code creds' work on the Oracle server? Have you set up the Linked Server security by checking 'Be made using this security context', and put the hard-code credentials there?

_________________________________
seth delconte
http://sqlkeys.com
Post #1296630
Posted Tuesday, May 8, 2012 11:18 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, July 30, 2014 3:39 PM
Points: 48, Visits: 163
Yes to both questions, using my Windows credentials I can query the linked server straight out of mgmt studio, here is the create statement for the linked server.

/****** Object:  LinkedServer [AUTO2K]    Script Date: 05/08/2012 12:18:13 ******/
EXEC master.dbo.sp_addlinkedserver @server = N'AUTO2K', @srvproduct=N'Oracle', @provider=N'OraOLEDB.Oracle', @datasrc=N'AUTO2K'
/* For security reasons the linked server remote logins password is changed with ######## */
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'AUTO2K',@useself=N'False',@locallogin=NULL,@rmtuser=N'AMSCRYSTAL',@rmtpassword='########'

GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'collation compatible', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'data access', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'dist', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'pub', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'rpc', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'rpc out', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'sub', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'connect timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'collation name', @optvalue=null
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'lazy schema validation', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'query timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'use remote collation', @optvalue=N'false'

Post #1296646
Posted Tuesday, May 8, 2012 12:29 PM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, February 21, 2014 7:54 AM
Points: 1,619, Visits: 1,233
So why would you even notice that Windows Authentication works, when you have designated SQL Server Authentication only, using the AMSCRYSTAL login? Can you run a query straight from SSMS using the AMSCRYSTAL login?

_________________________________
seth delconte
http://sqlkeys.com
Post #1296675
Posted Tuesday, May 8, 2012 1:06 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, July 30, 2014 3:39 PM
Points: 48, Visits: 163
The AMSCRYSTAL login is one provided by the vendor for the Oracle server only, it's not a valid account in SQL server.

I noticed that my windows account worked because I built the linked server using my windows creds, tested it, and series of SSIS packages while logged in with my windows account. Never noticed an issue until I tried to schedule the packages as a SQL Agent job.
Post #1296696
Posted Tuesday, May 8, 2012 1:09 PM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, February 21, 2014 7:54 AM
Points: 1,619, Visits: 1,233
Ah, so you can use the linked server when using your Windows Auth login, but SQL Agent uses NT AUTHORITY and does not have access to the linked server. Can you create a login with appropriate permissions and have SQL Agent use that instead?


Bad_Karma (5/8/2012)
The AMSCRYSTAL login is one provided by the vendor for the Oracle server only, it's not a valid account in SQL server.

I noticed that my windows account worked because I built the linked server using my windows creds, tested it, and series of SSIS packages while logged in with my windows account. Never noticed an issue until I tried to schedule the packages as a SQL Agent job.


_________________________________
seth delconte
http://sqlkeys.com
Post #1296699
Posted Wednesday, May 9, 2012 7:27 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, July 30, 2014 3:39 PM
Points: 48, Visits: 163
Well, thats what I attempted to do when I created the ETL account, but it's not working. I can only hit the linked directly when logged directly into Mgmt Studio with my windows account. I even tried running the job as my windows account and that doesn't work either.
Post #1297093
Posted Wednesday, May 9, 2012 7:48 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, February 21, 2014 7:54 AM
Points: 1,619, Visits: 1,233
Check this link and make sure you have followed all the steps, including enabling “Allow inprocess” for the OraOLEDB provider:
http://www.ideaexcursion.com/2009/01/05/connecting-to-oracle-from-sql-server/

Bad_Karma (5/9/2012)
Well, thats what I attempted to do when I created the ETL account, but it's not working. I can only hit the linked directly when logged directly into Mgmt Studio with my windows account. I even tried running the job as my windows account and that doesn't work either.


_________________________________
seth delconte
http://sqlkeys.com
Post #1297104
Posted Wednesday, May 9, 2012 8:22 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, July 30, 2014 3:39 PM
Points: 48, Visits: 163
Thanks for link, unfortunately after enabling "Allow inprocess", I'm unable to hit the oracle server from any account. However I did notice something that I did not do, and it sounds simple enough to be correct. I never rebooted the server after installing the oracle client..

Unfortunately this is the only SQL server here and it runs 3 other production apps, so I will have to try this tonight. While we wait, does anyone have any other suggestions?
Post #1297137
Posted Wednesday, May 9, 2012 8:36 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, February 21, 2014 7:54 AM
Points: 1,619, Visits: 1,233
Bad_Karma (5/9/2012)
Thanks for link, unfortunately after enabling "Allow inprocess", I'm unable to hit the oracle server from any account. However I did notice something that I did not do, and it sounds simple enough to be correct. I never rebooted the server after installing the oracle client..

Unfortunately this is the only SQL server here and it runs 3 other production apps, so I will have to try this tonight. While we wait, does anyone have any other suggestions?


The only other thing I can think of is the TRUSTWORTHY=ON setting for the SQL Server database. This is a setting that seems to have fixed the problem for some people, but it's not recommended - it opens up security risks:
http://technet.microsoft.com/en-us/library/ms187861.aspx


_________________________________
seth delconte
http://sqlkeys.com
Post #1297153
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse