tags:

views:

258

answers:

2
+1  Q: 

How to see the connection string used to connect to SQL Server

Is there a way to see what connection string was used to connect to SQL Server? Or rather what string was used in a failed login attempt.

Many times I deal with complex systems in which I see failures caused by some service failing to log in to SQL. I am guessing the connection string might be wrong, but since I can't see what it was I often have problems figuring out who actually had that problem connecting to be able to reconfigure it and get it fixed.

The errors in the log just say something like 2009-12-01 20:16:31.05 Logon SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 10.124.172.65] 2009-12-01 20:16:31.06 Logon Error: 18452, Severity: 14, State: 1. 2009-12-01 20:16:31.06 Logon Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 10.234.222.13]

Is there some audit I could enable or a tool to sniff out the connection string so I could figure out what's wrong with the string by analyzing the string itself?

+2  A: 

Not really. The connection string is only a matter between the client application and the SQL client libraries and there are no out-of-the-box tools to snoop into that tight spot.

However, in your example there is no need to know the connection string. You know the connection string was using Integrated Security ('SSPI handshake' is by definition that), you know it was trying to connect to the server on which this error was logged, you know the cause of failure (error SEC_E_LOGON_DENIED), and you know which client tried to connect (10.234.222.13). There is absolutely nothing in the connection string that would help troubleshoot this problem.

The error you're seeing is an SSPI error, specifically and Kerberos/NTLM error and you should approach it using the Kerberos/NTLM tools and methodologies. Most, if not all, Kerberos/NTLM issues can be troubleshoot using the Troubleshooting Kerberos Errors document.

In your case you'll likely find one of the common culprits:

  • services running under a local account trying to connect remotely.
  • attempt to connect across untrusted domain boundaries
  • (most likely) services running with an expired password
Remus Rusanu  2009-12-02 04:52:30
Sounds like it could be helpful. I noticed the problem goes away when I remove some entries from my hosts file, but I need those for my services to run. A chicken and egg problem. Maybe I can reconfigure these somehow - use loopback IP instead of 10.234.222.13 or something.
xyzzer  2009-12-02 06:43:16
A: 

First, there isn't a centralized way to do this out of the box.

However, these types of issues are a good part of the argument for having a DAL, where you centralize all connection and transaction management, along with associated error logging.

SQL Profiler may also give you some info -- although probably not enough to debug the problem, it might give you a hint in the sense of the timing of the error.

RickNZ  2009-12-02 12:35:40
I have no problem with the timing - it happens when I try to open the website. I have little knowledge of the code and I would like a solution that would work with any project, so a way for figuring out the connection strings would be really helpful.Anyway - this time I have managed to solve it by the good guess I mentioned in the other comment. I had the FQDN configured in my hosts file to match the site binding and it was using the IP of the external interface. After modifying it to 127.0.0.1 - it started working fine!
xyzzer  2009-12-02 19:32:22

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?