Another Linked Server Issue

  • I see that there are a ton of these issues already posted, but I can't find one that fits my situation.

    I have no to the oracle server settings so please eliminate those solutions. I've successfully created a linked server to the Oracle server. But can only access it using my own windows credentials. Even though I've set it up so that the all logins are mode using the same security context, where I've hard coded the connection creds.

    I created an SQL account called ETL, and when I connect as that account and try to query the linked server, I get the following error.

    Cannot create an instance of OLE DB provider "OraOLEDB.Oracle" for linked server "AUTO2K".

    But when running the same query under my windows credentials it runs fine. What I'm trying to do is get a SQL Agent job to run a query that hits the linked server, but SQL Agent is setup to run as NT AUTHORITY\SYSTEM. So I set the step to run as user ETL, but get the error above. When I change to run as my windows credentials, I get the following error.

    DOMAIN\cdoise. Access to the remote server is denied because the current security context is not trusted.

    This is extremely frustrating, any advice would be greatly appreciated. Thanks!

  • And you've verified that the 'hard-code creds' work on the Oracle server? Have you set up the Linked Server security by checking 'Be made using this security context', and put the hard-code credentials there?

    _________________________________
    seth delconte
    http://sqlkeys.com

  • Yes to both questions, using my Windows credentials I can query the linked server straight out of mgmt studio, here is the create statement for the linked server.

    /****** Object: LinkedServer [AUTO2K] Script Date: 05/08/2012 12:18:13 ******/

    EXEC master.dbo.sp_addlinkedserver @server = N'AUTO2K', @srvproduct=N'Oracle', @provider=N'OraOLEDB.Oracle', @datasrc=N'AUTO2K'

    /* For security reasons the linked server remote logins password is changed with ######## */

    EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'AUTO2K',@useself=N'False',@locallogin=NULL,@rmtuser=N'AMSCRYSTAL',@rmtpassword='########'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'collation compatible', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'data access', @optvalue=N'true'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'dist', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'pub', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'rpc', @optvalue=N'true'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'rpc out', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'sub', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'connect timeout', @optvalue=N'0'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'collation name', @optvalue=null

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'lazy schema validation', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'query timeout', @optvalue=N'0'

    GO

    EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'use remote collation', @optvalue=N'false'

  • So why would you even notice that Windows Authentication works, when you have designated SQL Server Authentication only, using the AMSCRYSTAL login? Can you run a query straight from SSMS using the AMSCRYSTAL login?

    _________________________________
    seth delconte
    http://sqlkeys.com

  • The AMSCRYSTAL login is one provided by the vendor for the Oracle server only, it's not a valid account in SQL server.

    I noticed that my windows account worked because I built the linked server using my windows creds, tested it, and series of SSIS packages while logged in with my windows account. Never noticed an issue until I tried to schedule the packages as a SQL Agent job.

  • Ah, so you can use the linked server when using your Windows Auth login, but SQL Agent uses NT AUTHORITY and does not have access to the linked server. Can you create a login with appropriate permissions and have SQL Agent use that instead?

    Bad_Karma (5/8/2012)


    The AMSCRYSTAL login is one provided by the vendor for the Oracle server only, it's not a valid account in SQL server.

    I noticed that my windows account worked because I built the linked server using my windows creds, tested it, and series of SSIS packages while logged in with my windows account. Never noticed an issue until I tried to schedule the packages as a SQL Agent job.

    _________________________________
    seth delconte
    http://sqlkeys.com

  • Well, thats what I attempted to do when I created the ETL account, but it's not working. I can only hit the linked directly when logged directly into Mgmt Studio with my windows account. I even tried running the job as my windows account and that doesn't work either.

  • Check this link and make sure you have followed all the steps, including enabling “Allow inprocess” for the OraOLEDB provider:

    http://www.ideaexcursion.com/2009/01/05/connecting-to-oracle-from-sql-server/[/url]

    Bad_Karma (5/9/2012)


    Well, thats what I attempted to do when I created the ETL account, but it's not working. I can only hit the linked directly when logged directly into Mgmt Studio with my windows account. I even tried running the job as my windows account and that doesn't work either.

    _________________________________
    seth delconte
    http://sqlkeys.com

  • Thanks for link, unfortunately after enabling "Allow inprocess", I'm unable to hit the oracle server from any account. However I did notice something that I did not do, and it sounds simple enough to be correct. I never rebooted the server after installing the oracle client..

    Unfortunately this is the only SQL server here and it runs 3 other production apps, so I will have to try this tonight. While we wait, does anyone have any other suggestions?

  • Bad_Karma (5/9/2012)


    Thanks for link, unfortunately after enabling "Allow inprocess", I'm unable to hit the oracle server from any account. However I did notice something that I did not do, and it sounds simple enough to be correct. I never rebooted the server after installing the oracle client..

    Unfortunately this is the only SQL server here and it runs 3 other production apps, so I will have to try this tonight. While we wait, does anyone have any other suggestions?

    The only other thing I can think of is the TRUSTWORTHY=ON setting for the SQL Server database. This is a setting that seems to have fixed the problem for some people, but it's not recommended - it opens up security risks:

    http://technet.microsoft.com/en-us/library/ms187861.aspx

    _________________________________
    seth delconte
    http://sqlkeys.com

  • I'm open to it, but a little confused. This seems to be a database setting, not server setting.

  • Bad_Karma (5/9/2012)


    I'm open to it, but a little confused. This seems to be a database setting, not server setting.

    Yes, you are right - this setting probably doesn't apply to your problem...I found a case where it helped here: http://stackoverflow.com/questions/6828260/access-to-the-remote-server-is-denied-because-the-current-security-context-is-no

    They were getting the same error as you, but they were probably joining a local DB to the Oracle server.

    _________________________________
    seth delconte
    http://sqlkeys.com

  • I can't believe it...Rebooting the server fixed the issue. Thanks for the help, if it wasn't for that link I honestly don't know how long that would have taken me to try.

    And users wonder why the first thing we always ask is "Did you restart your computer?"

  • Bad_Karma (5/10/2012)


    I can't believe it...Rebooting the server fixed the issue. Thanks for the help, if it wasn't for that link I honestly don't know how long that would have taken me to try.

    And users wonder why the first thing we always ask is "Did you restart your computer?"

    Awesome. 🙂

    _________________________________
    seth delconte
    http://sqlkeys.com

Viewing 14 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic. Login to reply