Microsoft Security Bulletin Advance Notification for June 2011

I've just read the advanced notification for June and noticed Bulletin 15 which lists SQL 2005, 2008 and 2008r2 as affected software.
The patch is due out on the June 14.

 

MS09-062 Time to start testing sql 2005

 

As mentioned last week. Microsoft have released a new security patch for SQL Server 2005 today.
From a quick glance the versions are as follows

 Service pack 2 GDR release is version 9.00.3080.00 with the SP2 QFE release being 9.00.3353.00
 Service pack 3 GDR release is version 9.00.4053.00 with the SP3 QFE release being 9.00.4262.00

http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx

Also in this bulletin are patches for SQL 2000 reporting services, Visual Studio 2003, 2005 & 2008 plus a range of other software.

Posted by StevenWhite with no comments

Patch time yet again

I've just read October's security bulletin advance notification, and sql server 2005 is listed under bulletin 13.
So look forward for a patch next week.

Note: 'SQL Server 2000 Reporting Services Service Pack 2' is also listed

http://www.microsoft.com/technet/security/Bulletin/MS09-oct.mspx

Posted by StevenWhite with no comments

Setting the Service Principal Name (SPN)

I've noticed that there are various posts and articles on setting the SPN for sql server.

Setting the SPN this will firstly allow client connections using Kerberos, and secondly get rid of this error in the sql errorlog.

The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b, state: 3. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

Most articles suggest adding the SPN manually using the SETSPN tool
e.g.

SETSPN -A MSSQLSvc/<SQL Server Name> <service account>

SETSPN -A MSSQLSvc/<SQL Server Name>:<port> < service account>

SETSPN -A MSSQLSvc/<Fully Qualified SQL Server Name> < service account>

SETSPN -A MSSQLSvc/<Fully Qualified SQL Server Name>:<port> < service account>

However another method is documented in the Microsoft support article KB811889.
This article explains how to configure the SQL Server service to crate the SPN dynamically by granting the service account the “Read servicePrincipalName” and “Write servicePrincipalName” rights in AD.

 

Posted by StevenWhite with 1 comment(s)
Filed under:

MSSQL 2008 SP1 Install - Server is in script upgrade mode. Only administrator can connect at this time

After taking the usual database backups etc. I went to install SP1 on a SQL 2008 server (RTM)
following the normal routine of stopping the sql server services and firing up the service pack install.

All went fine, and the service pack finished. Anyway I rebooted the server to check everything was clean on startup.

When the server came back I checked the eventlog, and that the services started fine etc.
Next I used management studio to connect to the server only to get the message
'Server is in script upgrade mode. Only administrator can connect at this time.'

Firstly I checked the sql log file and the event log - nothing to say why.
Hence while I searched the web for this message and found a MS connect article

http://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=416860

It turns out that the upgrade scripts run on the first startup, hence the message.
Once the scripts have completed (which took a while), evertthing was sorted and normal access restored.

 

 

Posted by StevenWhite with 1 comment(s)
Filed under:

Microsoft recommendations on SQL Server service accounts.....

I've been spending some time reading up on the SQL 2005 Papers.
If you haven't taken a look, there is lots of interesting things to read. Well worth a browse espically the operations section. http://www.microsoft.com/technet/prodtechnol/sql/2005/library/default.mspx)
Anyway it would be nice to see consistant advice from MS about sql service accounts....

In the  'Setting Up Windows Service Accounts'  document is states

Microsoft recommends that you do not use the Network Service account for the SQL Server or SQL Server Agent services. Local User or Domain User accounts are more appropriate for these SQL services.
(http://msdn2.microsoft.com/en-us/library/ms143504.aspx)

Whereas in the 'Physical Database Storage Design' paper  it recommends 'Use the Windows Network Service Account for security.'
(http://www.microsoft.com/technet/prodtechnol/sql/2005/physdbstor.mspx)

Happy Reading
Steven

Posted by StevenWhite with no comments

Run away framework.log file (eating up the space on the c drive)

Today I noticed that the space on the c drive on one of my sql 2005 servers was going down. After investigation I found that the c:\windows\system32\wbem\log\Framework.log file was growing above the 64k limit.

Afterway after a quick search I found the fix http://support.microsoft.com/?kbid=836605

Steven

Posted by StevenWhite with no comments

TheRegister interview with Jim Gray

The register have just posted an interview with Jim Gray

http://www.regdeveloper.co.uk/2006/05/30/jim_gray/

Posted by StevenWhite with no comments

SQL Server 2005 SP1

Well I've installed this on my desktop (Core DB, tools and reporting services), and all seems well.

I see that MS have improved the delivery of the service pack, no more expanding the files into a directory.

Just waiting  for the updated BOL and MOM packs :)

Posted by StevenWhite with no comments