Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Another Linked Server Issue


Another Linked Server Issue

Author
Message
Bad_Karma
Bad_Karma
SSC Rookie
SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)

Group: General Forum Members
Points: 49 Visits: 172
I see that there are a ton of these issues already posted, but I can't find one that fits my situation.

I have no to the oracle server settings so please eliminate those solutions. I've successfully created a linked server to the Oracle server. But can only access it using my own windows credentials. Even though I've set it up so that the all logins are mode using the same security context, where I've hard coded the connection creds.

I created an SQL account called ETL, and when I connect as that account and try to query the linked server, I get the following error.

Cannot create an instance of OLE DB provider "OraOLEDB.Oracle" for linked server "AUTO2K".

But when running the same query under my windows credentials it runs fine. What I'm trying to do is get a SQL Agent job to run a query that hits the linked server, but SQL Agent is setup to run as NT AUTHORITY\SYSTEM. So I set the step to run as user ETL, but get the error above. When I change to run as my windows credentials, I get the following error.

DOMAIN\cdoise. Access to the remote server is denied because the current security context is not trusted.

This is extremely frustrating, any advice would be greatly appreciated. Thanks!
seth delconte
seth delconte
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1627 Visits: 1360
And you've verified that the 'hard-code creds' work on the Oracle server? Have you set up the Linked Server security by checking 'Be made using this security context', and put the hard-code credentials there?

_________________________________
seth delconte
http://sqlkeys.com
Bad_Karma
Bad_Karma
SSC Rookie
SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)

Group: General Forum Members
Points: 49 Visits: 172
Yes to both questions, using my Windows credentials I can query the linked server straight out of mgmt studio, here is the create statement for the linked server.

/****** Object:  LinkedServer [AUTO2K]    Script Date: 05/08/2012 12:18:13 ******/
EXEC master.dbo.sp_addlinkedserver @server = N'AUTO2K', @srvproduct=N'Oracle', @provider=N'OraOLEDB.Oracle', @datasrc=N'AUTO2K'
/* For security reasons the linked server remote logins password is changed with ######## */
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'AUTO2K',@useself=N'False',@locallogin=NULL,@rmtuser=N'AMSCRYSTAL',@rmtpassword='########'

GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'collation compatible', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'data access', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'dist', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'pub', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'rpc', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'rpc out', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'sub', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'connect timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'collation name', @optvalue=null
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'lazy schema validation', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'query timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'AUTO2K', @optname=N'use remote collation', @optvalue=N'false'


seth delconte
seth delconte
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1627 Visits: 1360
So why would you even notice that Windows Authentication works, when you have designated SQL Server Authentication only, using the AMSCRYSTAL login? Can you run a query straight from SSMS using the AMSCRYSTAL login?

_________________________________
seth delconte
http://sqlkeys.com
Bad_Karma
Bad_Karma
SSC Rookie
SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)

Group: General Forum Members
Points: 49 Visits: 172
The AMSCRYSTAL login is one provided by the vendor for the Oracle server only, it's not a valid account in SQL server.

I noticed that my windows account worked because I built the linked server using my windows creds, tested it, and series of SSIS packages while logged in with my windows account. Never noticed an issue until I tried to schedule the packages as a SQL Agent job.
seth delconte
seth delconte
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1627 Visits: 1360
Ah, so you can use the linked server when using your Windows Auth login, but SQL Agent uses NT AUTHORITY and does not have access to the linked server. Can you create a login with appropriate permissions and have SQL Agent use that instead?


Bad_Karma (5/8/2012)
The AMSCRYSTAL login is one provided by the vendor for the Oracle server only, it's not a valid account in SQL server.

I noticed that my windows account worked because I built the linked server using my windows creds, tested it, and series of SSIS packages while logged in with my windows account. Never noticed an issue until I tried to schedule the packages as a SQL Agent job.


_________________________________
seth delconte
http://sqlkeys.com
Bad_Karma
Bad_Karma
SSC Rookie
SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)

Group: General Forum Members
Points: 49 Visits: 172
Well, thats what I attempted to do when I created the ETL account, but it's not working. I can only hit the linked directly when logged directly into Mgmt Studio with my windows account. I even tried running the job as my windows account and that doesn't work either.
seth delconte
seth delconte
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1627 Visits: 1360
Check this link and make sure you have followed all the steps, including enabling “Allow inprocess” for the OraOLEDB provider:
http://www.ideaexcursion.com/2009/01/05/connecting-to-oracle-from-sql-server/

Bad_Karma (5/9/2012)
Well, thats what I attempted to do when I created the ETL account, but it's not working. I can only hit the linked directly when logged directly into Mgmt Studio with my windows account. I even tried running the job as my windows account and that doesn't work either.


_________________________________
seth delconte
http://sqlkeys.com
Bad_Karma
Bad_Karma
SSC Rookie
SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)SSC Rookie (49 reputation)

Group: General Forum Members
Points: 49 Visits: 172
Thanks for link, unfortunately after enabling "Allow inprocess", I'm unable to hit the oracle server from any account. However I did notice something that I did not do, and it sounds simple enough to be correct. I never rebooted the server after installing the oracle client..

Unfortunately this is the only SQL server here and it runs 3 other production apps, so I will have to try this tonight. While we wait, does anyone have any other suggestions?
seth delconte
seth delconte
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1627 Visits: 1360
Bad_Karma (5/9/2012)
Thanks for link, unfortunately after enabling "Allow inprocess", I'm unable to hit the oracle server from any account. However I did notice something that I did not do, and it sounds simple enough to be correct. I never rebooted the server after installing the oracle client..

Unfortunately this is the only SQL server here and it runs 3 other production apps, so I will have to try this tonight. While we wait, does anyone have any other suggestions?


The only other thing I can think of is the TRUSTWORTHY=ON setting for the SQL Server database. This is a setting that seems to have fixed the problem for some people, but it's not recommended - it opens up security risks:
http://technet.microsoft.com/en-us/library/ms187861.aspx

_________________________________
seth delconte
http://sqlkeys.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search