Search Results

Search found 20204 results on 809 pages for 'denial of service'.

Page 8/809 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Integration Patterns with Azure Service Bus Relay, Part 3.5: Node.js relay

    - by Elton Stoneman
    This is an extension to Part 3 in the IPASBR series, see also: Integration Patterns with Azure Service Bus Relay, Part 1: Exposing the on-premise service Integration Patterns with Azure Service Bus Relay, Part 2: Anonymous full-trust .NET consumer Integration Patterns with Azure Service Bus Relay, Part 3: Anonymous partial-trust consumer In Part 3 I said “there isn't actually a .NET requirement here”, and this post just follows up on that statement. In Part 3 we had an ASP.NET MVC Website making a REST call to an Azure Service Bus service; to show that the REST stuff is really interoperable, in this version we use Node.js to make the secure service call. The code is on GitHub here: IPASBR Part 3.5. The sample code is simpler than Part 3 - rather than code up a UI in Node.js, the sample just relays the REST service call out to Azure. The steps are the same as Part 3: REST call to ACS with the service identity credentials, which returns an SWT; REST call to Azure Service Bus Relay, presenting the SWT; request gets relayed to the on-premise service. In Node.js the authentication step looks like this: var options = { host: acs.namespace() + '-sb.accesscontrol.windows.net', path: '/WRAPv0.9/', method: 'POST' }; var values = { wrap_name: acs.issuerName(), wrap_password: acs.issuerSecret(), wrap_scope: 'http://' + acs.namespace() + '.servicebus.windows.net/' }; var req = https.request(options, function (res) { console.log("statusCode: ", res.statusCode); console.log("headers: ", res.headers); res.on('data', function (d) { var token = qs.parse(d.toString('utf8')); callback(token.wrap_access_token); }); }); req.write(qs.stringify(values)); req.end(); Once we have the token, we can wrap it up into an Authorization header and pass it to the Service Bus call: token = 'WRAP access_token=\"' + swt + '\"'; //... var reqHeaders = { Authorization: token }; var options = { host: acs.namespace() + '.servicebus.windows.net', path: '/rest/reverse?string=' + requestUrl.query.string, headers: reqHeaders }; var req = https.request(options, function (res) { console.log("statusCode: ", res.statusCode); console.log("headers: ", res.headers); response.writeHead(res.statusCode, res.headers); res.on('data', function (d) { var reversed = d.toString('utf8') console.log('svc returned: ' + d.toString('utf8')); response.end(reversed); }); }); req.end(); Running the sample Usual routine to add your own Azure details into Solution Items\AzureConnectionDetails.xml and “Run Custom Tool” on the .tt files. Build and you should be able to navigate to the on-premise service at http://localhost/Sixeyed.Ipasbr.Services/FormatService.svc/rest/reverse?string=abc123 and get a string response, going to the service direct. Install Node.js (v0.8.14 at time of writing), run FormatServiceRelay.cmd, navigate to http://localhost:8013/reverse?string=abc123, and you should get exactly the same response but through Node.js, via Azure Service Bus Relay to your on-premise service. The console logs the WRAP token returned from ACS and the response from Azure Service Bus Relay which it forwards:

    Read the article

  • Crash when attempting to install 32bit delphi service on 2008 r2

    - by Oded
    I have an old 32bit delphi application (with no source code), that is used as a windows service. It runs fine on windows 2003 32bit. I do not know if it has been created as a service originally, or converted to one later on. It is supposed to get installed to the server using a /install flag on the command line. When attempting to install it on a Windows 2008 R2 virtual machine, I am getting an APPCRASH event in the event log. The service is supposed to read a blob from a remote SQL Server instance and write it out to the local HD. It also reads some initialization data from the registry. Is there any way I can install this application as a service on windows 2008 r2 64bit? If not, are there any workarounds I can try? What are your suggestions?

    Read the article

  • Starting/Stopping Custom PHP Chat Server Linux Service (CentOS)

    - by chad
    I have been trying all night to get this service working properly. I created this script from a template and am very new to bash coding. I wrote a fully functioning chat server in php which runs endlessly, but now want to make it a dedicated service. I want to do this so that it starts on server boot and boots back up if possible when there are any down-times with the server. The issue is that I need this thing to run in a detached screen so that I can monitor packet data or send server commands via SSH when need-be. The main problem that i'm having is that it needs to have its own PID when it starts so that I can stop/restart it when needed. I am the type who grinds on coding until I figure it out, but this is so new to me that it seems the learning curve here is very steep and frustrating. Below is my code if anybody can please help me with this one, i've gotten so tired I can't even concentrate any more :( #!/bin/sh # # chatserver # # chkconfig: 345 20 90 # description: chatServer Linux Service Daemon \ # for general server handling ### BEGIN INIT INFO # Provides: chatserver # Required-Start: $local_fs $network $named $syslog # Required-Stop: $local_fs $syslog # Default-Start: 3 4 5 # Default-Stop: 0 1 2 6 # Short-Description: This service maintains the chatServer # Description: chatServer Linux Service Daemon # for general server handling ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions exec="screen php -q /var/www/html/chatServer.php" prog="chatserver" config="/etc/sysconfig/$prog" pidfile="/var/run/chatserver.pid" [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog lockfile=/var/lock/subsys/$prog start() { #$exec || exit 5 echo -n $"Starting $prog: " daemon $exec --name=$exec --pidfile=$pidfile retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc -p $pidfile rm -f $pidfile retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { stop start } reload() { restart } force_reload() { restart } rh_status() { # run checks to determine if the service is running or use generic status status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 2 esac exit $?

    Read the article

  • windows service "soft link"

    - by fred smith
    I would like to be able to have a nice management tool to allow the rollout of different versions of a windows service over time. for example I would like to deploy my software (windows service) in version numbered folders, e.g. c:\wss\v1.0 c:\wss\v1.1 etc however I dont want to have to reinstall the windows service each time but rather would like to be able to easily point the windows service manager to the new folder. Are there tools to get this done? NB: I have used Windows Junctions before (from sysinternals) however I am wondering if there is a nice GUI tool to do this.

    Read the article

  • Team Foundation Service Preview now open for all!

    - by Tarun Arora
    The concept of TFS in the cloud was first presented back in early 2010, the product team worked hard to preview a constantly evolving solution at the BUILD conference last year and after having completed 31 Sprints today the preview service has been opened for all. No more invitation codes required, TfsPreview has been made public! “Since we announced the Team Foundation Service Preview at the BUILD conference last year, we’ve limited the on boarding of new customers by requiring invitation codes to create accounts.  The main reason for this has been to control the growth of the service to make sure it didn’t run away from us and end up with a bad user experience.  In this time period, we’ve continued to work on our infrastructure, performance, scale, monitoring, management and, of course, some cool new features like cloud build. ”   - Brian Harry Since the service is still in preview, it is free for all… If you haven’t, now is the best time to try out the offering. There is no fixed time line on how long before service becomes chargeable but the terms of service support production use, the service is reliable and the product team committed to carry all of your data forward into production. “The service will remain in “preview” for a while longer while we work through additional features like data portability, commercial terms, etc but the terms of service support production use, the service is reliable and we expect to carry all of your data forward into production. ”  - Brian Harry As of today it’s possible to use TFS Preview with VS 2012 RC, VS 2010 SP1, VS 2008 SP1, the service currently does not work with VS 2005, this is something the product team is actively working on. You can refer to Brian’s announcement blog post here, http://blogs.msdn.com/b/bharry/archive/2012/06/11/team-foundation-service-preview-is-public.aspx

    Read the article

  • After installing Windows XP Service Pack 3 - Generic Host Process For Win32 Services problem starts

    - by Muhammad Kashif Nadeem
    After installing Service Pack 3 I am getting this error "Generic Host Process For Win32 Services Encountered A Problem and needs to close. When this message pops my computer just stuck and I can not even restart it normally. The only fix of this problem is to un-install service pack 3 and run fix from Microsoft which is available for Service Pack 2. Any help to fix this. Thanks.

    Read the article

  • Basic AppFabric Service Bus Programming Lifecycle

    - by kaleidoscope
    The tasks required to create an application that access the AppFabric Service Bus are as follows: Create a service namespace. This service namespace contains the resources used by the AppFabric Service Bus to support the application. Define the AppFabric Service Bus contract. A contract specifies the signature of the service, the data it exchanges, and other required inputs, behavior specifications, and object invariants. Implement the contract. To implement a service contract, create a class that implements the interface and specify custom runtime behaviors. Configure the service by specifying endpoint and other behavior information. Build and run the service. Build and run the client application. As with any iterative, service-oriented software development, it may not always be appropriate to follow the preceding steps sequentially, or even start from step 1. For example, if you want to build a client for a pre-existing service, you start at step 5. Or, if you are building a host service that others will use, you can skip step 6. Source: http://msdn.microsoft.com/en-us/library/ee173580.aspx   Sarang, K

    Read the article

  • From a DDD perspective is a report generating service a domain service or an infrastructure service?

    - by Songo
    Let assume we have the following service whose responsibility is to generate Excel reports: class ExcelReportService{ public String generateReport(String fileFormatFilePath, ResultSet data){ ReportFormat reportFormat = new ReportFormat(fileFormatFilePath); ExcelDataFormatterService excelDataFormatterService = new ExcelDataFormatterService(); FormattedData formattedData = excelDataFormatterService.format(data); ExcelFileService excelFileService = new ExcelFileService(); String reportPath= excelFileService.generateReport(reportFormat,formattedData); return reportPath; } } This is pseudo code for the service I want to design where: fileFormatFilePath: path to a configuration file where I'll keep the format of my excel file (headers, column widths, number of columns,..etc) data: the actual records returned from the database. This data can't be used directly coz I might need to make further calculations to the data before inserting them to the excel file. ReportFormat: Value object to hold the report format, has methods like getHeaders(), getColumnWidth(),...etc. ExcelDataFormatterService: a service to hold any logic that need to be applied to the data returned from the database before inserting it to the file. FormattedData: Value object the represents the formatted data to be inserted. ExcelFileService: a wrapper top the 3rd party library that generates the excel file. Now how do you determine whether a service is an infrastructure or domain service? I have the following 3 services here: ExcelReportService, ExcelDataFormatterService and ExcelFileService?

    Read the article

  • Service tag urls

    - by Joshua
    I like to keep links to my various laptop support pages in my wiki. Dell makes it easy if you know the service tag. http://support.dell.com/support/topics/global.aspx/support/my_systems_info/details?ServiceTag={Your Service Tag} Are there any equivalent urls for HP, IBM, etc where you can just plug in your service tag equivalent and get a page with links to drivers and what not.

    Read the article

  • puppet restart service failure

    - by Roman
    help me please with service restart # changing iptables` file { "/etc/sysconfig/iptables": ensure => "present", content => template("all_in_one/iptables.erb"), owner => root, group => root, mode => 600, } service { "iptables": ensure => running, enable => true, hasstatus => true, hasrestart => true, subscribe => File["/etc/sysconfig/iptables"] } output is: err Failed to call refresh: Could not restart Service[iptables]: Execution of '/sbin/service iptables restart' returned 1

    Read the article

  • Problems installing Windows service via Group Policy in a domain

    - by CraneStyle
    I'm reasonably new to Group Policy administration and I'm trying to deploy an MSI installer via Active Directory to install a service. In reality, I'm a software developer trying to test how my service will be installed in a domain environment. My test environment: Server 2003 Domain Controller About 10 machines (between XP SP3, and server 2008) all joined to my domain. No real other setup, or active directory configuration has been done apart from things like getting DNS right. I suspect that I may be missing a step in Group Policy that says I need to grant an explicit permission somewhere, but I have no idea where that might be or what it will say. What I've done: I followed the documentation from Microsoft in How to Deploy Software via Group Policy, so I believe all those steps are correct (I used the UNC path, verified NTFS permissions, I have verified the computers and users are members of groups that are assigned to receive the policy etc). If I deploy the software via the Computer Configuration, when I reboot the target machine I get the following: When the computer starts up it logs Event ID 108, and says "Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was: An operations error occurred." There are no previous log entries to check, which is weird because if it ever actually tried to invoke the windows installer it should log any sort of failure of my application's installer. If I open a command prompt and manually run: msiexec /qb /i \\[host]\[share]\installer.msi It installs the service just fine. If I deploy the software via the User Configuration, when I log that user in the Event Log says that software changes were applied successfully, but my service isn't installed. However, when deployed via the User configuration even though it's not installed when I go to Control Panel - Add/Remove Programs and click on Add New Programs my service installer is being advertised and I can install/remove it from there. (this does not happen when it's assigned to computers) Hopefully that wall of text was enough information to get me going, thanks all for the help.

    Read the article

  • The function of service principal names in Active Directory

    - by boxerbucks
    I am thinking about taking a service that runs on multiple servers in my domain currently as "NETWORK SERVICE" and configuring it to run as an AD domain account for various reasons. If I have this one account running the same service under multiple servers, do I need to create SPN's for each of the machines and services it runs? Would I need to worry about creating SPN's at all? If the answer is no, then what is the proper role of an SPN?

    Read the article

  • Using a Group Managed Service Account (gMSA) for a scheduled task

    - by Trevor Sullivan
    Back in Windows Server 2008 R2, when stand-alone Managed Service Accounts (sMSA) were new, they could not be used to execute scheduled tasks. In Windows Server 2012 however, there is a new type of account called the Group Managed Service Account (gMSA). This type of account is supposedly capable of launching scheduled tasks in the task scheduler on clients & member servers inside of a Windows Server 2012 forest/domain functional level. So far, I have: Established a Windows Server 2012 forest/domain Created a Group Managed Service Account (gMSA) Installed the gMSA on a Windows Server 2012 member server And currently I'm having trouble with: Setting a scheduled task to use the gMSA When I attempt to use a gMSA on a scheduled task, I get the error message that says "The object cannot be found" (paraphrased) message. My question is: How do I configure a Scheduled Task to execute using a Group Managed Service Account (gMSA)?

    Read the article

  • Can't uninstall windows service

    - by Chad
    I have somehow managed to half uninstall a windows service I was developing. In no particular order It won't delete if I use sc delete servicename It gives an exception using installutil /u pathtoservice.exe "specified service does not exist as an installed service" And using the installer/uninstaller obviously doesn't work either It's no longer in the Services listing It's not shown if I use sc query And I have rebooted I don't know what else to do, but something still exists, because attempting to install fails because it already exists. Please help.

    Read the article

  • .net web service: Can't add service reference, only web reference

    - by ScottE
    I have an existing project that consumes web services. One was added as a service reference, and the other as a web reference. I don't recall why one was added as a web reference, but perhaps it's because I couldn't get it to work! The existing service reference for the one web service works fine, so it's not a .net version issue. I can successfully create a service reference for the second web service, but none of the methods are available. The .wsdl shows the schema, but the Reference.vb shows only the Namespace, and none of the methods. To clarify, these are two different 3rd party web service providers. We'd like to move to the service reference so we have more control over the configuration as we're having various issues with timeouts. Anyone come across this before? Edit Does it matter that there are two services at the address?

    Read the article

  • TransportWithMessageCredential & Service Bus – Introduction

    - by Michael Stephenson
    Recently we have been working on a project using the Windows Azure Service Bus to expose line of business applications. One of the topics we discussed a lot was around the security aspects of the solution. Most of the samples you see for Windows Azure Service Bus often use the shared secret with the Access Control Service to protect the service bus endpoint but one of the problems we found was that with this scenario any claims resulting from credentials supplied by the client are not passed through to the service listening to the service bus endpoint. As an example of this we originally were hoping that we could give two different clients their own shared secret key and the issuer for each would indicate which client it was. If the claims had flown to the listening service then we could check that the message sent by client one was a type they are allowed to send. Unfortunately this claim isn't flown to the listening service so we were unable to implement this scenario. We had also seen samples that talk about changing the relayClientAuthenticationType attribute would allow you to authenticate the client within the service itself rather than with ACS. While this was interesting it wasn't exactly what we wanted. By removing the step where access to the Relay endpoint is protected by authentication against ACS it means that anyone could send messages via the service bus to the on-premise listening service which would then authenticate clients. In our scenario we certainly didn't want to allow clients to skip the ACS authentication step because this could open up two attack opportunities for an attacker. The first of these would allow an attacker to send messages through to our on-premise servers and potentially cause a denial of service situation. The second case would be with the same kind of attack by running lots of messages through service bus which were then rejected the attacker would be causing us to incur charges per message on our Windows Azure account. The correct way to implement our desired scenario is to combine one of the common options for authenticating against ACS so the service bus endpoint cannot be accessed by an unauthenticated caller with the normal WCF security features using the TransportWithMessageCredential security option. Looking around I could not find any guidance on how to implement this correctly so on the back of setting this up I decided to write a couple of articles to walk through a couple of the common scenarios you may be interested in. These are available on the following links: Walkthrough - Combining shared secret and username token Walkthrough – Combining shared secret and certificates

    Read the article

  • web service slowdown

    - by user238591
    Hi, I have a web service slowdown. My (web) service is in gsoap & managed C++. It's not IIS/apache hosted, but speaks xml. My client is in .NET The service computation time is light (<0.1s to prepare reply). I expect the service to be smooth, fast and have good availability. I have about 100 clients, response time is 1s mandatory. Clients have about 1 request per minute. Clients are checking web service presence by tcp open port test. So, to avoid possible congestion, I turned gSoap KeepAlive to false. Until there everything runs fine : I bearly see connections in TCPView (sysinternals) New special synchronisation program now calls the service in a loop. It's higher load but everything is processed in less 30 seconds. With sysinternals TCPView, I see that about 1 thousands connections are in TIME_WAIT. They slowdown the service and It takes seconds for the service to reply, now. Could it be that I need to reset the SoapHttpClientProtocol connection ? Someone has TIME_WAIT ghosts with a web service call in a loop ?

    Read the article

  • What can I do to make my eService website customers feel it is a luxurious service? [closed]

    - by Farshid
    I'm developing an e-service website that its monetization model is via paid membership. Beside quality service and content, because I'm serving them for a high fee, I want to make them feel like it is a personal, unparalleled kind of service and I want to spend money for creating things that I give them after their registration such as a beautiful physical membership card so that I can use the effect of mouth-words better and beside that let them be proud about the service. I've tried my best to develop the site experience classy and I'm looking for things in real world to send them after their registration (such as membership card and a small paper tutorial). What are your suggestions? Have you seen things like this before that a website sends you some physical things for making you more loyal and/or something like that? Please kindly share your experiences/suggestions.

    Read the article

  • Windows Service Setup issue removing the windows service

    - by Geykel
    I'm doing a windows service setup project on VS2008, it has a custom action for setting app.config values. The setup work fine installing the service and setting the app.config values but when I try to uninstall the service, it removes the files but keep the service registered, so I can install it again using the setup, I need to use "sc delete " in the vs command prompt to proper remove the service... anyone have any idea which could be the issue here? Thank you.

    Read the article

  • how to call service inside service layer

    - by cometta
    in my service layer public class MyServiceLayerImpl{ @Autowired MyServiceInterface MyServiceLayer } if i have method inside service layer that need to call another service inside service layer. i cannot use this._method ,because, i'm using AOP for caching. In order for the caching to work, i have to use @Autowired to get the service. Therefore, is the above style ok?

    Read the article

  • chef deploy start service and restart service in sequence

    - by Ryan
    Chef stop and start service in sequence and would like to ask different procedure. Step 1: framework bootstrap to jboss service bash "bootstrap application" do code <<-EOF ant bootstrap EOF end Step 2: then start jboss service "jboss" do action :start end Step 3: install application bash "install application" do code <<-EOF ant install EOF end in between step 2 and 3, ant install returns error because jboss is not started yet. but successful on the 2nd run. obviously step 3 doesnt know if the jboss already started. how to do this on chef?

    Read the article

  • Oracle Announces Leading ISV Integration With Oracle Sales and Marketing Cloud Service

    - by Richard Lefebvre
    More Than 100 ISVs, including Big Machines, Marketo and Xactly, now Provide Integrated Offerings to Help Maximize Sales and Single Customer Viewpoint Demonstrating its continued commitment to business value via open standards and the cloud, Oracle today announced that more than 100 leading ISVs are integrating in the cloud with Oracle Sales and Marketing Cloud Service, a service available through Oracle Cloud. For the first time Oracle Sales and Marketing Cloud Service users can choose from a wide array of directly integrated third-party solutions, providing a new level of choice, seamless deployment and single view of customers with preferred implementations. Top partners, including ActivePrime, Avaya, BigMachines, Box, Brainshark, Callidus Software, CirrusPath, Clicktools, CRMIT, DBSync, EchoSign from Adobe, Eloqua, Fliptop, FPX, HarQen, HubSpot, iHance, InsideSales.com, InsideView, Interactive Intelligence, Lingotek, LinkPoint360, Marketo, Nuance, PerspecSys, Postcode Anywhere, Revegy, salesElement, StrikeIron, upsourceIT, White Springs, X+1 and Xactly, have announced their availability and integration today. By integrating with Oracle Sales and Marketing Cloud Service, ISV solutions can easily be leveraged by customersBy choosing Oracle Sales and Marketing Cloud Service as a sales platform, customers will continue to have complete choice of their own quoting, lead management and sales methodology solutions and it will all be pre-integrated with Oracle Sales and Marketing Cloud Service. With demonstrable integration fusing standards-based technologies, such as SOAP web services, Oracle Sales and Marketing Cloud Service customers choosing ISV integrations will also benefit from familiar ease-of-use and the Oracle Sales and Marketing Cloud ervice user interface, including buttons, links and custom objects for a rich user experience. ISV integration with Oracle Sales and Marketing Cloud Service also enables on-demand contextual data exchange capabilities, linking Oracle Sales and Marketing Cloud Service business data with third-party application data for a complete CRM view. ISVs building robust, repeatable integrations with Oracle Sales and Marketing Cloud Service can begin the process of achieving Oracle Validated Integration, an Oracle PartnerNetwork program that recognizes Oracle partner solutions with proven integration to Oracle Applications. ISVs can learn more about Oracle Validated Integration    here. For customers, Oracle Validated Integration means that a partner’s integration has been tested and validated as functionally and technically sound, that the partner solution is integrated with Oracle Sales and Marketing Cloud Service in a reliable, standardized way, and that the integration operates and performs as documented. Oracle Cloud provides a broad portfolio of Platform Services, Application Services, and Social Services, all on a subscription basis. Oracle Cloud delivers instant value and productivity for end users, administrators, and developers through functionally rich, integrated, secure, enterprise cloud services. Supporting Quotes “BigMachines is a leader in Configure, Price, and Quote solutions in the Cloud. Our solution delivers accurate quotes directly from an opportunity, integrated with the leading Oracle Sales and Marketing Cloud application from Oracle,” says John Pulling, Senior Vice President of Products at Big Machines. “Together, Big Machines and Oracle efficiently automate changes, enabling a faster, more efficient sales process for our joint customers.”   ”Modern marketing and sales must engage customers and prospects in real time across the web, email, social media, online and offline channels to understand where and how to allocate their budgets for maximum return,” said Srini Venkatesan, Senior VP, Products and Engineering at Marketo. “Alignment and integration with Oracle Sales and Marketing Cloud Service allows Marketo’s solutions to deliver innovative capabilities for sales and marketing to adapt and grow their business on the core Oracle platform for CRM.”   “Sales incentives are the best way to drive better performance. Well managed incentives improve the bottom line, particularly when combined with effective sales systems,” said Christopher Cabrera, president and CEO of Xactly Corporation. “With Oracle Sales and Marketing Cloud Service and Xactly working together, customers gain insight and efficiencies. The combination can create more effective compensation programs, while motivating sales to work to its full potential."   “The tremendous integration of leading ISVs with Oracle Sales and Marketing Cloud Service is a testament to the undeniable business value and demand from customers,” said Anthony Lye, SVP of Oracle CRM. “Oracle Sales and Marketing Cloud Service continues to define the industry, and we are proud to work with these leading ISVs to help users simultaneously maximize sales and revenue and extend their current deployments for a deeper and single customer viewpoint.” Supporting Resources Oracle Sales and Marketing Cloud Service Learn More About Oracle Cloud

    Read the article

  • SQL Server service accounts and SPNs

    - by simonsabin
    Service Principal Names (SPNs) are a must for kerberos authentication which is a must when using sharepoint, reporting services and sql server where you access one server that then needs to access another resource, this is called the double hop. The reason this is a complex problem is that the second hop has to be done with impersonation/delegation. For this to work there needs to be a way for the security system to make sure that the service in the middle is allowed to impersonate you, after all you are not giving the service your password. To do this you need to be using kerberos. The following is my simple interpretation of how kerberos works. I find the Kerberos documentation rediculously complex so the following might be sligthly wrong but I think its close enough. Keberos works on a ticketing system, the prinicipal is that you get a security token from AD and then you can pass that to the service in the middle which can then use that token to impersonate you. For that to work AD has to be able to identify who is allowed to use the token, in this case the service account.But how do you as a client know what service account the service in the middle is configured with. The answer is SPNs. The SPN is the mapping between your logical connection to the service account. One type of SPN is for the DNS name for the server and the port. i.e. MySQL.mydomain.com and 1433. You can see how this maps to SQL Server on that server, but how does it map to the account. Well it can be done in two ways, either you can have a mapping defined in AD or AD can use a default mapping (this is something I didn't know about). To map the SPN in AD then you have to add the SPN to the user account, this is documented in the first link below either directly or using a tool called SetSPN. You might say that is complex, well it is and thats why SQL Server tries to do it for you, at start up it tries to connect to AD and set the SPN on the account it is running as, clearly that can only happen IF SQL is running as a domain account AND importantly it has permission to do so. By default a normal domain user account doesn't have the correct permission, and is why so many people have this problem. If the account is a domain admin then it will have permission, but non of us run SQL using domain admin accounts do we. You might also note that the SPN contains the port number (this isn't a requirement now in sql 2008 but I won't go into that), so if you set it manually and you are using dynamic ports (the default for a named instance) what do you do, well every time the port changes you need to change the SPN allocated to the account. Thats why its advised to let SQL Server register the SPN itself. You may also have thought, well what happens if I change my service account, won't that lead to two accounts with the same SPN. Possibly. Having two accounts with the same SPN is definitely a problem. Why? Well because if there are two accounts Kerberos can't identify the exact account that the service is running as, it could be either account, and so your security falls back to NTLM. SETSPN is useful for finding duplicate SPNs Reading this you will probably be thinking Oh my goodness this is really difficult. It is however I've found today in investigating something else that there is an easy option. Use Network Service as your service account. Network Service is a special account and is tied to the computer. It appears that Network Service has the update rights to AD to set an SPN mapping for the computer account. This then allows the SPN mapping to work. I believe this also works for the local system account. To get all the SPNs in your AD run the following, it could be a large file, so you might want to restrict it to a specific OU, or CN ldifde -d "DC=<domain>" -l servicePrincipalName -F spn.txt You will read in the links below that you need SQL to register the SPN this is done how to use Kerberos authenticaiton in SQL Server - http://support.microsoft.com/kb/319723 Using Kerberos with SQL Server - http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx Understanding Kerberos and NTLM authentication in SQL Server Connections - http://blogs.msdn.com/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx Summary The only reason I personally know to use a domain account is when you can't get kerberos to work and you want to do BULK INSERT or other network service that requires access to a a remote server. In this case you have to resort to using SQL authentication and the SQL Server uses its service account to access the remote service, and thus you need a domain account. You migth need this if using some forms of replication. I've always found Kerberos awkward to setup and so fallen back to this domain account approach. So in summary to get Kerberos to work try using the network service or local system accounts. For a great post from the Adam Saxton of the SQL Server support team go to http://blogs.msdn.com/psssql/archive/2010/03/09/what-spn-do-i-use-and-how-does-it-get-there.aspx 

    Read the article

  • Are Windows Domain Service Accounts Really Necessary?

    - by Zach Bonham
    One of the biggest problems we have in automating application deployments is the idea that running IIS AppPools and Windows Services under domain service accounts is a 'best practice'. Unfortunately, this best practice sometimes causes deployment headaches in that either we need to provision a new domain level service account quickly, or once we have the account, we now need to manage the account credentials. I had a great conversation about not making domain level service accounts a requirement and effectively taking one of two approaches: Secure at the node level using machine account(domain\machine$) and add the node to appropriate ActiveDirectory/Sql groups/roles Create local app specific accounts on each machine (machine\myapp) and add that account to appropriate ActiveDirectory/Sql groups/roles (the password here can change per deployment, it doesn't need to be stored) In both cases, it seems that its easier to manage either adding an account to appropriate group/role, or even stand up new, local account, than it is to have to provision a new domain level account and manage those credentials. This would hopefully ease the management burden on ActiveDirectory, Sql Server and Operations teams as there would be no more password management. We've not actually been able to implement this in practice yet. I am coming from a development background, so I'm curious as to how many ways this approach could go wrong? Can we really get rid of domain level service accounts with this direction? I'd appreciate any thoughts from anyone who has taken this path! Thanks! Zach

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >