Allen Kinsel - SQL DBA

SQL Server, PASS, and other data mishaps

Shadows Rock, Filtering Platform not so much!

By Allen Kinsel, 23 days ago

RDP remote control (shadowing) of multiple sessions is a great way to allow geographically separated teams to work on the same Server console.  You can do this from task manager

Control your co-workers!

Control your co-workers!

 

Today I had a new install of windows 2008 that was rejecting the attempts at remote control, the error was »remote control failed», nothing was logged in the System or Application event logs. In the Security event log was only one error: «The Windows Filtering Platform has blocked a bind to a local port»

Keep reading →

Related posts

Share this post

Sql Server and SSPI handshake failed error hell

By Allen Kinsel, 2 months and 22 days ago

The infamous SSPI Failed error strikes again!

One of our SQL servers was generating these errors for «some» Windows logins but not all.

Error: 17806, Severity: 20, State: 2.

SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.1]

Keep reading →

Related posts

Share this post

Allowing effective developer access to SQL Server

By Allen Kinsel, 4 months and 10 days ago

When creating a new application, after going through the entire business analysis & requirements gathering process, normally you wind up with a datamodel that includes many tables and relationships.  By this time, depending on the size of the datamodel/system there has been considerable amounts of time invested on all sides.  We need a way of preserving this investment of time while still allowing developers to do their thing!

Deploy

Most shops have policies in place for what level of access developers can have in each environment.  In many places I've seen, developers are allowed DBO access in development, and some lesser access in the higher environments (read only usually).

After you've deployed the datamodel to the physical database in a development environment, before you grant the developer group dbo access consider all of the time/effort that has been spent making the datamodel what it is.  In order to allow the developers to do their jobs but not allow them to modify the actual table/schema layout you can grant a combinations of privileges.

Keep reading →

Related posts

Share this post

Follow Me


Tags

Allen Kinsel on Twitter

Categories

Most Recent Posts

Subscribe

Archives

Next Posts

Latest comments

  • Allowing effective developer access to SQL Server:
    • Karen Lopez: Another approach I use: Be generous in granting privileges in the DEV database (but still lock down the server environment), but don't let Devs promote any DDL to the next environment. Only the DBAs can deliver/apply DDL to the next (usually QA) environment. So if the devs modify their tables/columns without the architect...
  • PASS Summit Community Choice Session results revealed:
    • Andy Warren: Allen, nice job on this. Great to see the community get a chance to participate in building the program and share in the excitement of the upcoming Summit. Andy
  • Community Choice Sessions at the PASS Summit 2010:
    • Allen Kinsel: Thanks, We hope that this will be a good test of community selections, and hope to expand it a bit in the future
    • robert cook: glad you decided to keep blogging and gracias to you and your amigos for giving an opportunity to the sql community for direct involvement with session choices
  • Sql Server and SSPI handshake failed error hell:
    • Robert L Davis: I agree about the reboot. That's why I check SPN's before DC/Kerberos errors. An SPN can be fixed without rebooting, but if the issue is DC connection and no one can log in to the SQL Server, you're down anyway so a reboot shouldn't be out of the question. The problem with having a...
    • Allen Kinsel: I guess should have worded that a little differently, in my experience in a lot of environments kerberos isnt used since its not configured, so it always falls back to NTLM, with only NTLM and no Kerberos in the result list, its usually safe to say that SPN's arent the issue. I...

Most commented posts