Security Issues

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

RSH - 22 Nov 2005 16:07 GMT

I have been trying to setup a simple messaging system using SSB for the
better part of 3 days. Could someone please walk through the process of
creating certificates, where they go, and how to correctly assign them to
the appropriate instance.

Thanks in advance!

Reply to this Message

Cristian Lefter - 22 Nov 2005 16:43 GMT

The following resources may help you:
- The PDC Session DAT303: SQL Server 2005: Building Distributed,
Asynchronous Database Applications with the Service Broker
http://microsoft.sitestream.com/PDC05/DAT/DAT303.zip
http://microsoft.sitestream.com/PDC05/DAT/DAT303_files/Botto_files/DAT303_Hinson
_Wolter.ppt
- Niels Berglund's samples -
http://staff.develop.com/nielsb/code/servicebrokerexamples.zip
- Rushi Desai's Broker Challenge
http://blogs.msdn.com/rushidesai/archive/2005/06/15/429649.aspx
http://blogs.msdn.com/rushidesai/archive/2005/06/24/432150.aspx
- Books Online - Certificates for Dialog Security
http://msdn2.microsoft.com/en-us/library/ms166117(en-US,SQL.90).aspx
HTH,
Cristian Lefter, SQL Server MVP
MCT, MCSA, MCDBA, MCAD, MCSD .NET

>I have been trying to setup a simple messaging system using SSB for the
>better part of 3 days. Could someone please walk through the process of
>creating certificates, where they go, and how to correctly assign them to
>the appropriate instance.
>
> Thanks in advance!

Reply to this Message

RSH - 22 Nov 2005 18:29 GMT

I have been working with Niels code for 2 days and it simply will not work
for me. I am being as careful as I can and reading and executing each step
as it is outlined and when I run it nothing happens. I query the queue and
nothing is there...i check the transmission_queue table and nothing is
there.

I have also tried Rushis RowShipping tutorial and while it works locally, I
cannot set it up to work across two SQL Server instances.

Reply to this Message

Cowboy (Gregory A. Beamer) - 22 Nov 2005 18:48 GMT

The samples for PDC were set up on an earlier CTP that did not have some of
the final security bits in it. The BOL has the statements that you need to
run for different bits, but you end up with a slight search.

I have to revisit this for an app I was working on, but I am not sure when I
will get to final destination (should be in the next couple of weeks,
however).

Signature

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
Co-Author: Professional ADO.NET 2

***********************************************
Think Outside the Box!
***********************************************

>I have been working with Niels code for 2 days and it simply will not work
>for me. I am being as careful as I can and reading and executing each step
[quoted text clipped - 11 lines]
>>
>> Thanks in advance!

Reply to this Message

Niels Berglund - 22 Nov 2005 22:18 GMT

> I have been working with Niels code for 2 days and it simply will not
> work for me. I am being as careful as I can and reading and executing
> each step as it is outlined and when I run it nothing happens. I
> query the queue and nothing is there...i check the transmission_queue
> table and nothing is there.

Can you get it to work locally? I'll see if I have some time tomorrow to
set up a working example on the RTM bits.

What worries me is that you're not getting anything in either the queues
nor the transmission_queue. Can you go into sys.conversation_endpoints
and see if you have any values in the far_broker_instance column
(written from memory - may be named differently), for the conversation
handle on the sending side.

Niels

Signature

**************************************************
* Niels Berglund
* http://staff.develop.com/nielsb
* nielsb@no-spam.develop.com
* "A First Look at SQL Server 2005 for Developers"
* http://www.awprofessional.com/title/0321180593
**************************************************

Reply to this Message

Gert E.R. Drapers - 23 Nov 2005 05:03 GMT

Most common 3 issues I have run into:

1) SQL Server instance runs as LocalSystem
2) You did not create a master key, which is required in RTM
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'SSBdemoPassword'
3) You did not enable broker in your database
ALTER DATABASE HelloWorldDB SET ENABLE_BROKER

GertD@SQLDev.Net

Please reply only to the newsgroups.

Signature

This posting is provided "AS IS" with no warranties, and confers no rights.

You assume all risk for your use.
Copyright © SQLDev.Net 1991-2005 All rights reserved.

>> I have been working with Niels code for 2 days and it simply will not
>> work for me. I am being as careful as I can and reading and executing
[quoted text clipped - 12 lines]
>
> Niels

Reply to this Message

Niels Berglund - 23 Nov 2005 09:51 GMT

> Most common 3 issues I have run into:
>
> 1) SQL Server instance runs as LocalSystem

You should be OK running as LocalSystem if you do it within the
instance. It should also be OK if you use Certificates as your
authentication when between instances.

> 2) You did not create a master key, which is required in RTM
> CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'SSBdemoPassword'

That should show up in sys.transmission_queue

> 3) You did not enable broker in your database
> ALTER DATABASE HelloWorldDB SET ENABLE_BROKER

Yeah - I guess that could be it. The original poster said however that
he managed to send within the instance. But you are right, that is a
really common error (if you are attaching a S2K db).

Niels

Signature

Reply to this Message

RSH - 23 Nov 2005 14:50 GMT

Niels,

I got it working!

Apparently I applied one of the Certificates incorrectly which indeed was
causing the problem!

Thanks for you assistance and the awesome scripts!

Ron

>> Most common 3 issues I have run into:
>>
[quoted text clipped - 17 lines]
>
> Niels

Reply to this Message

Niels Berglund - 23 Nov 2005 19:21 GMT

> Niels,
>
[quoted text clipped - 4 lines]
>
> Thanks for you assistance and the awesome scripts!

Glad you got it working!

Niels

Signature

Reply to this Message