I've set up a Postgres-XL cluster using this recipe: GTM: hostname=host1 nodename=gtm Coordinator： hostname=host2 nodename=coord1 Datanode1： hostname=host3 nodename=datanode1 Datanode2： hostname=host4 nodename=datanode2 When I ran a load test against it, the GTM would fallover. I tweak settings until the GTM didn't fall over but only reported errors - thus kept on working after the load test. I the added a GTM Proxy. I did not do init all but rather only init the proxy. When I restarted the cluster, the GTM reported that the GTM proxy was up and running. When I looked at the GTM proxy's log, it looked like it started up and was connected. But when I ran the load test again, I got the same result with no log entries for the GTM proxy. Thus it seems like the GTM Proxy didn't pick up the load processing as I expected it to do. I don't know how to trouble shoot this. Any pointers on where to look next? (I don't know what extra info to post here)

I have two server systems, each server having both Apache Tomcat server (deployed web app) and Oracle 11g database server. The database on the two servers is synchronised by Oracle Data Guard for high availibility. Tomcat web server is running individually on each server system with no load balancing. One server acts as primary server and other server acts as redundant server. Usually for any failure on primary server, I have to manually change the IP/Domain name to access the other server. I have came across Oracle Traffic Director which may solve my isssue to switch any client request to redundant server in case of failure of primary server. Since I am new to Oracle Traffic Director, can anyone guide me to configure OTD for full site failover?

I am trying to run Google's Cloud SQL Auth Proxy on my Windows 11 machine under WSL (Windows Subsystem for Linux). I downloaded the Cloud SQL Auth Proxy 64-bit executable and run it and get these messages:

.\cloud-sql-proxy.x64.exe my-gcp-project:us-west1:my-postgres-1 --credentials-file=.\cloud-sql.json
2024/04/13 18:39:34 Authorizing with the credentials file at ".\\cloud-sql.json"
2024/04/13 18:39:35 [my-gcp-project:us-west1:my-postgres-1] Listening on 127.0.0.1:5432
2024/04/13 18:39:35 The proxy has started successfully and is ready for new connections!

So it looks good. However, when I try to connect I get a "Can't reach database server". In WSL I run netstat -a and do not see the port 5432 open. However, when I run netstat -ano under a PowerShell terminal I do see this

TCP    127.0.0.1:5432   0.0.0.0:0    LISTENING   11812

How do I make (and verify) that the local Auth Proxy endpoint is accessible under WSL?

I need to connect into a mysql via ssh tunnel:

ssh -N -L 33308:localhost:3306 myserver

And via terminal I try to connect into the mysql server using these commands:

mysql -u testusr -p -h 127.0.0.1 -P 33308 testdb
mysql -u testusr -p -h localhost -P 33308 testdb

The first attempt fails with message:

ERROR 1045 (28000): Access denied for user 'testusr'@'127.0.0.1' (using password: YES)

The latter one returns error:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

But if I get a terminal session upon the server I can connect with:

mysql -u testusr -p -h localhost testdb

But this command fails:

mysql -u testusr -p -h 127.0.0.1 testdb

with error:

ERROR 1045 (28000): Access denied for user 'testusr'@'127.0.0.1' (using password: YES)

The reason why is because the mysql authentication scheme uses both host and user for authenticating the user. I do no have administrative privilidges upon server in order to define the 'testusr'@'127.0.0.1'. Is there a way to proxy the connection and alter the connected user? If not how I can somehow connect via ssh to the server and execute the mysql command but have a gui tool that displays better the query results.

I have a server running SQL Server 2022 with a couple of instances. There is the need to grant access to an external supplier working with us on a project. The idea is: the supplier connects to our sql server on a specific database they need to access. We have created a configuration on a proxy server running nginx that allows the connection to the local sql server. However, I cannot reach the database when testing from outside. Is there any configuration I need to do on the SQL server to allow this hebavior? Thanks in advance! nginx entry ----------- server { access_log /var/log/nginx/porgreencloud1433.log upstream_time; error_log /var/log/nginx/porgreencloud1433_error.log; listen 1433; server_name porgreencloud.company.com; location / { proxy_connect_timeout 60s; proxy_socket_keepalive on; proxy_pass http://dbtcp ; } ssl_certificate /etc/letsencrypt/live/porgreencloud.company.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/porgreencloud.company.com/privkey.pem; # managed by Certbot include /etc/nginx/sites-available/sslsettings.conf; } SQL Server settings ------------------- Connection String ----------------- SQLUser = "ourUser" SQLPassword = "LetsConnect2DB!!" SQLServer = "porgreencloud.company.com,1433" DbConn = "Provider=SQLOLEDB.1;Persist Security Info=True;User ID=" & SQLUser & ";Password=" & SQLPassword & ";Initial Catalog=" & DBName & ";" & _ "Data Source=" & SQLServer & ";Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;" & _ "Use Encryption for Data = False;Tag with column collection when possible=False"

My predecessor created several "Intergration Services Catalogs" dtsx packages which are scheduled / run via SQL Server Agent -> Jobs using an SSISFileProxy which is using SSISProxyCredentials. The expired error "user" is referring to my predecessors user account, and the only object I have seen that uses his account was in the Job's Properties -> General -> Owner field. I changed the Owner to another server admin but after rerunning the job, the error message still referred to the old expired user account (rather than the updated Job owner). I am new to MSSMS and am struggling how to even articulate my question, but assume there is a simple solution. Any assistance you can provide will be greatly appreciated. Thanks!

What's the most painless way to create something like a proxy server so that my dev team can access a database from anywhere? The server in question is a managed MongoDB database. Currently, I am just whitelisting IP addresses in the dashboard for the managed database as needed, but this is not sustainable, especially as the team grows. I would like to whitelist a single IP address to a proxy server, and do something like add a public SSH key to that proxy server for each machine. But here are my obstacles: 1. I am not a networking expert or sysadmin - I'd be worried about making a mistake and creating a security hole in the proxy server. I also just don't like doing networking stuff. I wish there was some kinda SaaS service for this exact purpose 2. How do I enable MongoDB GUI access through the proxy server? Closest thin I could find here is this , which is what I'm trying to move away from

I run: show grants for root@localhost; and I see GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION From mysql docs: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html > This enables the external user to be a proxy for the second user; that > is, to have the privileges of the second user. In other words, the > external user is a “proxy user” (a user who can impersonate or become > known as another user) and the second user is a “proxied user” (a user > whose identity can be taken on by a proxy user). But I am not understanding what they mean. I got the system from another worker who left the job and want to make sure if everything is secure and do not know if this grant is even needed. But if it does not make any security issues, I can leave it. Can somebody explain in more simple way? **Update:** How can I connect as as another user? I was trying various combinations, of username password, but I cannot make it connect. For example I used user root, but password from another user, which did not work. Tried another user and root password, also did not work. **Update:** Or this maybe means that root user can connect as other user? How to do that at least for example if so?

How do I block SQL Server Management Studio from accessing internet sites? Let me set the stage. I'm sitting behind a Bluecoat proxy server at work. We have a management policy forbidding us to access the internet using a privileged account. And I need to use a privileged account to run SSMS to perform database administration. So to perform database administration, I "runas" SSMS with my privileged account. I suspect SSMS is opening a connection to a microsoft.com site for unknown reasons. The Bluecoat proxy server sees this unauthorized internet connection, gets mad at me for violating company policy, and blocks internet access to my IP address for the next hour. I'm aware that SSMS checks for updates by default at startup. I've turned that off. Something else is going on.

I have a client whose Postgres database I need to connect to periodically. This database is currently hosted on their server, let's call it psql.example.com, with standard port 5432. They have it configured so that I can connect to it from my "primary" server, let's say that's on IP 123.45.67.89, using my_username and my_password as credentials. The thing is, it's not my primary server that need to connect to it, but rather my load-balanced AWS nodes. It seems that I should be able to run something on my primary server with ssh -L or iptables, which will listen for incoming connections (on a different port, say 42042, to avoid potential conflicts later on) from my load-balanced nodes (easy to secure that end of things with standard AWS functionality), and transparently forward it on to their database, passing any response back. I've tried things like ssh -L 42042:psql.example.com:5432 my_username@123.45.67.89, but this doesn't work; if I debug, I see that it's trying to connect to port 22, not 5432. Seems that I shouldn't be the only one wanting to do something like this, but most of what I've found is about using SSH to secure the connection to the DB server. It doesn't seem like any of the my_username@123.45.67.89 bit should be required on my primary server, that should be more for securing the connection from my end node to my server? Security of the connection to their server would be done through their existing IP limits and then PSQL credentials. They're running quite an old version of Postgres, 8.1, which I don't think would make any difference for a pure port-forwarding solution, if that exists, but might limit other options.

I have servers where I use proxy accounts to run ETL processes or even to backup SSAS databases using powershell through a job . I can see what AD Accounts are related to my proxies : use msdb go select s.job_id ,s.name as [job_name] ,js.step_id ,js.step_name ,js.subsystem ,js.proxy_id ,js.command , c.credential_identity from sysjobs S INNER JOIN sysjobsteps JS ON S.job_id = js.job_id INNER JOIN sysproxies p ON js.proxy_id = p.proxy_id INNER JOIN sys.credentials as c on c.credential_id = p.credential_id I can script out roles and logins and even table types but now I need to script out my proxies. **QUESTION:** How to script out proxies? I Want to script out the following: I have got this so far: IF OBJECT_ID('TEMPDB..#tmp_sp_help_proxy','U') IS NOT NULL DROP TABLE #tmp_sp_help_proxy create table #tmp_sp_help_proxy(proxy_id int null, name nvarchar(128) null, credential_identity nvarchar(128) null, enabled tinyint null, description nvarchar(1024) null, user_sid varbinary(40) null, credential_id int null, credential_identity_exists int null) insert into #tmp_sp_help_proxy(proxy_id, name, credential_identity, enabled, description, user_sid, credential_id, credential_identity_exists) exec msdb.dbo.sp_help_proxy SELECT tshp.name AS [Name], tshp.proxy_id AS [ID], CAST(tshp.enabled AS bit) AS [IsEnabled], ISNULL(tshp.description,N'''') AS [Description], tshp.credential_id AS [CredentialID], ISNULL(sc.name,N'''') AS [CredentialName], ISNULL(tshp.credential_identity,N'''') AS [CredentialIdentity] FROM #tmp_sp_help_proxy AS tshp INNER JOIN sys.credentials AS sc ON sc.credential_id = tshp.credential_id

I want to set up a server that redirects queries. It would receive incoming SQL Server traffic, redirect to the actual SQL Server, and return results back to the client. Is this possible? What are my options?

I am running a job from SQL Server Agent and the job runs successfully. However it doesn't load any data (in my case Excel files from a local folder). I created a new Proxy Account to run this job but it still doesn't help. I checked that the proxy user has SYSADMIN rights and also permissions to access the Excel files from the folder. I run the package from Visual Studio and it runs successfully and the files are loaded. This is done manually every time. We want to fix this issue. Can someone please help me with this. I can share any more information as needed.

I have read a lot of background about MongoDB replication and sharding. None of the default solutions that I know can actually do what I'm trying to achieve. **Current situation** We have a time critical application balanced over three geographically seperated locations (called A, B and C) that generates reports as JSON documents and writes them on a centralized (external) MongoDB server. We have a different application that reads and processes these reports from the centralized MongoDB server. This works pretty well. Application (A) ----> +---------------------+ | | Application (B) ----> | Centralized MongoDB | --> Processing | | Application (C) ----> +---------------------+ The problem with our current setup is that if the centralized MongoDB server is unresponsive for some reason, the reports are lost and the application gets a nice performance penalty when it's waiting for a response. So basically three independant redundant locations are all relying on a single location for report storage. We are not able to fix this problem in the application. **Desired situation** We would like to have a local MongoDB service listening in each geographically seperated location, so that our application is always able to delegate the reports locally. But eventually we still want to have all reports from these three locations merged on the centralized MongoDB server. +---------------+ +-------------+ Application (A) --> | Local MongoDB | ----> | | +---------------+ | | +---------------+ | Centralized | Application (B) --> | Local MongoDB | ----> | | --> Processing +---------------+ | MongoDB | +---------------+ | | Application (C) --> | Local MongoDB | ----> | | +---------------+ +-------------+ So the way I see it, this is kind of reversed sharding. Some side notes: - This is a one way street. Our application does only inserts. It does not need to read data from storage. On the processing side is only reading required. It does not insert any data. - It would be acceptable if some reports are missing during an outage - It would be acceptable if the reports are out of order in the centralized storage - The replication should be asynchronous, but near real-time. We need to process the reports in a matter of seconds - If the local MongoDB process is also using local storage, that would be fine but we don't require it. - Any open source or commercial solution would be acceptable, also third-party solutions. - It's critical that the local MongoDB process always accepts the report immediately, so the application can do something else right away - The application requires MongoDB, so we need to stick with this. Any help or thoughts would be highly appreciated.

According to this post : > In a single replica set, you cannot distribute writes, they all must > go to the primary. You can distribute reads to the secondaries > already, via Read Preferences as you deem appropriate. The driver > keeps track of what is a primary and what is a secondary and routes > queries appropriately. According to the Mongo docs : > You may also deploy a group of mongos instances and use a proxy/load > balancer between the application and the mongos. In these deployments, > you must configure the load balancer for client affinity so that every > connection from a single client reaches the same mongos. So basically, it seems like if you've got a single replica set of 3 nodes, you can't really use a proxy/load balancer since all writes need to go to the primary and you need client affinity... so all reads also need to go to the primary. What I'm thinking though is that it might be possible to have applications connect to a load balancer. The load balancer would route all requests to the primary (not very balanced, but whatever)... until/unless the primary went down - at which point the load balancer would start routing requests to a "new primary". I'm not sure if this is possible however since, how would the load balancer know which mongo server had been elected the new primary (and thus where it should route new requests)? Assuming it was possible, this would achieve a degree of redundancy, in case the primary ever goes down... I'm also hoping it would also have the side effect of avoiding stale writes when a network partition occurs , since the load balancer (and thus all DB clients) would only ever connect to a single primary. Or is this a stupid question...

I have been looking around and found similar questions but nothing specific to what I am having trouble with. **Problem:** I cannot get the SSIS proxy and SQL credentials configured correctly to impersonate a restricted-access service account for a SQL Agent job step that runs an SSIS package. The restricted-access service account has all the needed privileges and the package is designed correctly. I have read much material on this subject and would like some help in case I missed something. **Background:** *(SQL 2012 SP3 server running on Windows Server 2012 R2. SQL engine runs under Domain1\Admin1 and SQL Agent runs under Domain1\Admin2. both also are in the SYSADMIN server role.)* We have an SSIS package that works fine when run interactively by a SYSADMIN, and also runs fine when run within a job step as "SQL Server Agent Service Account". However our Security group wants us to run using credentials limited to what the job needs to do, and I understand this as a best practice anyway. Everything I have read indicates that an SSIS proxy and credential will help solve for this requirement; however I can't get the configuration to work so I must be doing something wrong. The package is run via SSIS package job step. It is a local file and is not deployed to MSDB or SSISDB. The package connects to a network share, loads into a database that is local to the SQL server, truncates a table, runs a few stored procedures, then deletes the XLS file. The job step is set to use the 32-bit runtime. Security created an account (Domain1\NewUser) that will have Modify rights to the network share. I also asked they add Domain1\Admin2 as Modify to the same share. For setup, I created a SQL login for Domain1\NewUser using only the Public role, and added it as db_owner for the database in question because of the range of actions the package needs to perform. I created a credential (BatchLoad-credential) using as its identity the Domain1\NewUser account and the exact working password of the user account. I then created an SSIS proxy (BatchLoad-Proxy) using the BatchLoad-credential credential, active within the SSIS package subsystem, and added the SQL login for Domain1\NewUser as a proxy account principal. Then I changed the SQL Agent job step running the SSIS package to run as the BatchLoad-Proxy, and changed the owner of the job from Domain1\Admin2 to the Domain1\NewUser account. When the job is run, we get this error (some masking on the log has been done): > Executed as user: Domain1\NewUser. Microsoft (R) SQL Server Execute Package Utility Version 11.0.6020.0 for 32-bit Copyright (C) Microsoft Corporation. All rights reserved. Started: 12:46:17 PM > > Error: 2016-06-24 12:46:28.56 Code: 0xC0202009 Source: xxxxxxx_xxxx Connection manager "yyyyyyyyyyy" Description: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80004005. An OLE DB record is available. Source: "Microsoft Office Access Database Engine" Hresult: 0x80004005 Description: "External table is not in the expected format.". End Error Again, the package works fine when a SYSADMIN runs it interactively within BIDS so we know the file is in the correct format and the package is designed ok. I do not have permissions to the network share. When I try to connect manually I get a similar error: Windows cannot access \\ Error code: 0x80004005 Unspecified error Connecting to the network share using the Domain1\NewUser account and password, I can view the folder ok so I have verified the proper user account has access.

When a Proxy Authentication is used, there is the impersonated user (called the client) and the impersonating user (called the proxy). So if Bob wants all the privileges of App1 and has been granted the privilege to connect as App1, then the client is App1 and the proxy is Bob. I would like a query of sessions that provides both the client and the proxy. v$session shows schemaname as the client user. It has osuser and machine columns from which the proxy may be inferred, but it would be fragile at best. v$session_connect_info changes the column authentication_type to proxy when proxy authentication is in use, but that only indicates that proxying is in effect, not who the proxy is. The proxy_users table gives all the potential proxy/client combinations, which would work if there were only one match for the client, but wouldn't otherwise. As the proxy user a selection could be done of SYS_CONTEXT with a parameter of PROXY_USER to get it, but that does not allow a session to get the proxy for other sessions. *Update:* MOS Doc ID 782078.1 shows how this can be done by joining dba_audit_trail with itself if auditing is turned on specifically and the user performs an audited action. It seems like a simpler solution should exist.

We have identified a few servers that are using Proxy accounts inappropriately. Some of these servers have multiple Credentials and Lots of Jobs. Manually checking the Job Property GUI for "Run As" on each step is not desired. How can I quickly identify which if any, jobs have steps that are using Proxy Credentials we have identified as inappropriate? I want to see, the account related to the Proxy. As well as the Job Name and Step the Proxy is used on. SQL 2008+

I'm organizing permissions on our SQL Server instance. I want to stop using a SQL Server account, and instead grant permissions to Active Directory groups, and then add user and service accounts to these groups. I'm also trying to remove sysadmin role from users. I've followed instructions from Grant Admin to an Active Directory account in SQL Server and Deny users permission to create tables in master . After doing those changes, everything seemed working... until I tried to manually start a job. I got the message non-sysadmins have been denied permission to run dts execution job spets without a proxy account. If I add the AD group to sysadmin it works. If I remove, it fails. Following Running a SSIS Package from SQL Server Agent Using a Proxy Account I created a proxy. Then I started getting the message Unable to start execution of step 1 reason jobowner doesn't have permission to use proxy 1 for subsystem. How to give SQL Server Job Owner permission to Proxy a Credential explains how to set a user as principal to the proxy. It didn't work. I tried adding the group and a user. But when I click OK and reopen the dialog, the one I added isn't listed anymore. So, basically, how to grant a non-sysadmin user permission to execute jobs? Preferably granting it to an AD group instead of specific users.

I'm trying to remote connect a SQL Server Express instance that is running on AWS on a db.t2.micro. I'm getting the following error: > A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - The requested name is valid, but no data of the requested type was found.) (Microsoft SQL Server, Error: 11004) I'm behind a proxy, but I should have route the address so the proxy is bypass for the IP of the SQL Server Express instance. What else can I try?