Main Page
 The gatekeeper of reality is
 quantified imagination.

Stay notified when site changes by adding your email address:

Your Email:

Bookmark and Share
Email Notification
SQL Server 2008
Purpose
The purpose of this documentation is to show the installation of Windows SQL Server 2008 R2 after Windows Server 2008 R2 has been installed on a system as well as setting up rules on a firewall and adding database engine instances (usually used to consolidate multiple database servers which are separated from each other on different servers). While you may have a variety of ways to install the SQL server, if you have an ISO, you could install "Virtual Clone Drive" onto the system and then mount a drive to the ISO. After installation you could remove "Virtual Clone Drive".

Installing SQL Server 2008

(Enlarge)
  1. The first few steps of an SQL Server 2008 R2 installation are straight-forward. However, you should consider installing SQL Server onto a different drive than the primary partition (usually C:).
  2. The step "Server Configuration" you can specify different accounts associated to different services. In some cases, you may desire this degree of separation. In the example, the "ADAccount" account will be associated to each service.

(Enlarge)
  1. The step "Database Engine Configuration" is where you enter the SA for the SQL Server. In this example, "Windows Authentication" is selected along with the AD (Active Directory) group defined for database administrators.

(Enlarge)
  1. Under the tab "Data Directories" you specify where you want the database and other items to reside. You should select a different drive than the primary partition (typically C:).

(Enlarge)
  1. The step "Analysis Services Configuration", if applicable, you should specify an account that will have administrative rights.

(Enlarge)
  1. Under the tab "Data Directories" you specify where you want analysis services to reside.

(Enlarge)
  1. The step "Reporting Services Configuration" is optional, but you may consider installing it now (so you don't have to later) if you ever think it will be used.

(Enlarge)
  1. If you want other servers/systems on your network to be able to communicate with the SQL Server you'll need to open up Windows Firewall on the server you've installed SQL Server on.
  2. Then, per your requirements, configure and allow "SQL Server Windows NT - 64 bit" (tcp/udp), "SQLAGENT - SQL Server Agent" (tcp/udp), and, "Windows Communication Foundation".
  3. NOTE: You may or may not need to allow Port 1433/1434 on the network firewall or another port which may be used.

(Enlarge)
  1. Next, open "SQL Server Configuration Manager", expand "SQL Server Network Configuration" and select "Protocols for MSSQLSERVER".
  2. If needed, ensure that "Named Pipes" is enabled.

(Enlarge)
  1. Finally open "Microsoft SQL Server Management Studio" on the server, select the server to connect to and open Server Properties.
  2. In this example, under "Security" the following settings were specified:
  3. Server authentication -> SQL Server and Windows Authentication mode
  4. Login auditing -> Failed logins only
 
  1. Don't forget to get the latest service pack (at the time of this writing the latest service pack was #2 released July 2012).
  2. You can find the service pack here.


Installing Additional SQL Server 2008 Database Engines

(Enlarge)
  1. You can run multiple SQL Server Database Engines on the same Windows Server. This allows you to reference them using the pattern "servername\database-engine-instance-name". This capability allows you, for instance, to consolidate database servers onto a single database server.
  2. To begin, open SQL Server Installation Center.

(Enlarge)
  1. Select "New installation or add features to an existing installation".

(Enlarge)
  1. Select "New installation or add shared features".

(Enlarge)
  1. Under Product Key, enter your product key.

(Enlarge)
  1. Review the license terms.

(Enlarge)
  1. Under "Setup Role" select "SQL Server Feature Installation".

(Enlarge)
  1. Under Feature Installation, select what may be needed.

(Enlarge)
  1. Under "Instance Configuration" select "Named instance" and provide the name of the new instance. You may also want to change the location of the instance's root directory to another drive on the server so the default primary partition drive (usually C:) does not get bloated.

(Enlarge)
  1. Under Disk Space Requirements you can see that ~2GB of space is required (this is before you starting using, import a database, etc).

(Enlarge)
  1. Now you are ready to install the new database engine instance.

(Enlarge)
  1. Don't forget that you may need to enable/disable Named Pipes or other protocols under "SQL Server Network Configuration" found in the Sql Server Configuration Manager application.


Adding an Existing Database Engine Full Backup to the new Database Engine Instance

(Enlarge)
  1. Once a new database engine instance has been created you can take a full backup of an individual database (perhaps from a separate database server) you wish to import onto the new instance.
  2. Begin by opening SSMS on the SQL database server your new instance is on, then right click on "Databases" and select "Restore Database".

(Enlarge)
  1. Under "Source for restore" select "From device" and browse to where the .BAK is located (you may want to temporarily copy it so it is local to speed up the restore).
  2. Under "Select the backup sets to restore" check the .BAK.
  3. Under "Destination for restore" select the database.

(Enlarge)
  1. If everything goes well, you will be shown a success message.

(Enlarge)
  1. If there were database users (such as one you created to perform select queries) attached to the individual database, they will not be present under the "Security -> Logins" as shown.

(Enlarge)
  1. Add the appropriate user under Logins of Security by selecting "New Login...".

(Enlarge)
  1. Complete the user's information as needed and select the database to which the account applies to.
  2. Once that is completed, open a new query window for the database and follow the following:
  3. use individual-database-name
    -- find the orphaned users
    sp_change_users_login 'report'
  4. If there are orphaned users, you will need to enter the following for each:
  5. -- reconnect the orphaned users found
    sp_change_users_login 'update_one', 'dbuser', 'dbuser'
    GO
  6. OPTIONAL
    If the database you restored makes use of the master key (say some sort of custom encryption process) you may need to ensure that master key is opened for the individual database if your custom implimentation does not open and close the key with each request:
    use individual-database-name
    OPEN MASTER KEY DECRYPTION BY PASSWORD='somepassword'
    ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
    GO
 
NOTE: There are cases, commonly with using 3rd party software, a user may be denied connecting to a database. An error that may be seen in the logs of the server include:
  1. Login failed for user 'DOMAIN\abcd'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 1.2.3.4]
Tokens can be used to authenticate user accounts which are NOT database administrator accounts. For many reasons you may not want to give a user database administrator level permissions so it would be good to exhaust options pertaining to the 3rd party software to resolve the issue. There is a way to resolve token-based errors with a user account with the system database on the database server...however, that requires issuing grants to the specific user. See below:
  1. GRANT CONNECT SQL TO [DOMAIN\firstname.lastname]
    GRANT CONNECT ON ENDPOINT::"TSQL Default TCP" TO [DOMAIN\firstname.lastname]
  2. More lenient method:
    GRANT CONNECT ON ENDPOINT::[TSQL named Pipes] to PUBLIC
    GRANT CONNECT ON ENDPOINT::[TSQL Local Machine] to PUBLIC
    GRANT CONNECT ON ENDPOINT::[TSQL default TCP] to PUBLIC
    GRANT CONNECT ON ENDPOINT::[TSQL default VIA] to PUBLIC
    GRANT VIEW any database to PUBLIC
SQL Jobs
  1. It is important to note that, if there were SQL jobs running, those jobs are not carried over. However, you can manually recreate local SQL jobs. If possible, you could open an SQL job (in its old location) to modify/edit so that you can highlight the source. Then, under the master system database of the new location (in the query window), paste the source and execute it.


The Firewall on Windows Server 2008 hosting the SQL Server

(Enlarge)
  1. When you have SQL Server 2008 running and you want to be able to connect to a database it remotely, the SQL Server Browser Service needs to be available through the local Firewall.
  2. You'll need to create a new Inbound Rule.

(Enlarge)
  1. Under Rule Type, select Port.

(Enlarge)
  1. Under Protocol and Ports select UDP, specific port and enter 1434.

(Enlarge)
  1. Under Action select "Allow the connection".

(Enlarge)
  1. Under Profile select what is most appropriate for "When does this rule apply?".

(Enlarge)
  1. Under Name, enter an intuitive name and description.
  2. Once the rule is created you should be able to edit it and point to the SQL browser service.

(Enlarge)
  1. Shifting gears back to a specific database engine instance - each database engine instance will need a TCP/UDP (in many cases) inbound rule setup in the Firewall for "SQL Server Windows NT - 64 bit" and "SQLAGENT - SQL Server Agent". The easiest way to do this is to copy the existing rule for the default database engine (MSSQLSERVER) and then revise it to point to the specific database engine instance's sql server and agent locations.

(Enlarge)
  1. Under the Programs and Services tab, browse to the sqlservr.exe for the database engine instance.

(Enlarge)
  1. Copy the SqlAgent firewall rule and edit the copy for the database engine instance.

(Enlarge)
  1. Under the Programs and Services tab, browse to the sqlagent.exe for the database engine instance.
NOTE
  1. If your database server, web server, or another resource is protected by a firewall (for example you have servers that need to communicate across vlans), you may need to know what port the SQL Server is communicating on for each database engine instance. You could use a network utility such as WireShark to monitor network traffic and identify the port by filtering by the IP address of the database server and then initiate a SQL request. It is important to note that Wireshark just needs to be on the same network as the database server (so you don't necessarily need to install it on the database server - which, for security reasons, you probably would not want to do anyway).


SQL Jobs

(Enlarge)
  1. An SQL job is similar to a scheduled task (under task manager) or a cron job. An SQL job allows you to execute some type of database related action under with a schedule. The SQL job can do many things (as will be shown) but if you end up needing to do something such as creating a CSV file from returned rows of data you would need to use something known as a SSIS package - the caveat with an SSIS package and a CSV file you will need an example CSV file already constructed for the SSIS package to read so that it can create CSV files. SSIS is accessed by using SSMS and selecting Integration Services instead of Database Engine for the connection. Another caveat with an SSIS package is that if you reference a stored procedure which is using temporary tables like "CREATE TABLE #rawData", SSIS will fail until you change how you reference the temporary tables so something like "Declare @rawData Table"; becuase the table is "declared" you don't need to drop it. Finally, SSIS can connect to other database engines to gather data which is why, in many cases, a server would be built in order to run SSIS packages.
  2. Getting back to SQL jobs, to create one select "New Job" under "Jobs".

(Enlarge)
  1. With an SQL job you can have multiple steps (you always need at least one step).

(Enlarge)
  1. For security and to make maintenance easier, in a step you can specify "T-Sql" and execute a stored procedure attached to a database along with an account to run that stored procedure under (if needed - select type stored procedures referenced may not need to have a specific database user account in order to return data).

(Enlarge)
  1. From here you can specify what action to perform when the action is successful or fails. If you write failure output somewhere ensure that, like an SSIS package generating files, that the appropriate permissions are available to the target file location.

(Enlarge)
  1. Under "Schedule" you can specify various parameters for when the SQL Job runs.

(Enlarge)
  1. This shows the type of scheduling options that you have.

(Enlarge)
  1. Under "Notifications" you can specify various notification mechanisms (such as sending an email when the job fails). It is important to remember that, in order to send an email, the email user has to be added BEFORE you start creating the SQL job so you can select it. Additionally you'll have to ensure email can be sent off of the server. Don't forget that if you are in a firewalled environment that you may also have to ensure the IP address/port of the server is allowed to send SMTP mail; as well, if using Exchange , that the IP address of the server is allowed.

(Enlarge)
  1. Here, you can specify what database server to target; in this case it would be the local server that the SQL job resides on.
 
  1. After the SQL Job has been created you can run it immediately to see if it is working as expected.


SQL Server Maintenace Plan

(Enlarge)
  1. More than likely you will want to setup some type of backup plan for your databases (which usually would run under the sa account).
  2. You may want to do the following to start out: Open SSMS on the server, connect to the database engine and setup two maintenance plans for at least 2 daily FULL backups (ie, one for "Local Backup - User Databases" and one for "Local Backup - System Databases") that target a separate drive on the local server; as well don't forget transaction logs you may want to capture every 30 minutes or so. Create a new folder on that drive such as "backup-db-name_of_engine" and point the backups to that location as well as the reporting files (reporting files are optional) that get generated.
  3. You can also save database backups to network locations as long as that network location is shared and the server has permissions to it.


About Joe