Category Archives: SQL

Unable to install SQL Server 2019 – SQL Install Error: The MOF compiler could not connect with the WMI server

The other day I was doing K2 5.5 installation on top of Windows Server 2019 and somehow that install beat all the records in terms of weird issues I run into, and even after re-provisioning server and starting from scratch I had to do resolve quite a few of them. One of those errors (not a directly K2 related one) was inability to install required version of SQL Server. Somehow I got a re-provisioned server with SQL 2014 and, as it is not supported by K2 5.5, I had to install SQL Server 2019 (5.5 supports 2016, 2017, 2019 and Azure SQL Database). But while installing SQL 2019 I run into the following blocking error:

SQL Install Error: The MOF compiler could not connect with the WMI server. This is either because of semantic error such as an incompatibility with existing WMI repository or an actual error such as the failure of WMI server to start.

Error message during installation of SQL Server 2019

Error message is a bit broad and it persisted even after removing all SQL related components from Programs and Features UI as well as deleting some remaining SQL related folders and registry keys. And I was trying to install only database engine services without any extra components and install was keep failing. That required to look into SQL installer logs where it was possible to see more specific/actionable error which looked approximately as follows:

Specified instance {SOME_GUID} via transform :InstID02.mst;:InstName02.mst is already installed. MSINEWINSTANCE requires a new instance that is not installed.

Error message from SQL Server 2019 Install Log

That basically means that some remnants of previous SQL installations are present and block installer from installing new/required versions of some components. And when you already deleted all SQL installer components from Programs and Features UI, you will need to query software list inventory using WMIC (Windows Management Instrumentation command-line) command:

WMIC PRODUCT Where "Caption like '%SQL%'" GET Caption, IdentifyingNumber

That will probably return bunch of SQL components with various GUID, as a minimum you will need to remove components with GUIDs mentioned in SQL installer logs, or if your goal is complete clean up of all SQL components all of them. As those are not visible in Programs and features you may delete them using the following command:

msiexec /x {SOME_GUID}

As in my case I had dozens of components returned and I wanted to do a complete clean up I created a little script for that:

SQL Server Components Clean Up script

With high probability removal of some of the components with the command shown above may fail and it that case you will need to remove them directly from registry looking for GUID value under the following keys:

HKEY_CLASSES_ROOT\Installer\Products\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

P.S. There is a blog post on sqlauthority.com which describes dealing with the same issue and helped me to resolve mine.

PowerShell Script – Detect installed SQL Server Version and switch to appropriate setup directory

Some time ago I wrote a blog post where I explained how to change SQL Server instance collation for installed SQL server instance (see “Changing SQL collation for deployed instance without reinstall (almost)“). That post contained some scripting bits to detect installed SQL Server version and navigate to appropriate setup directory to facilitate collation change process. Recently I had a bit of time to consolidate these bits of PowerShell into one script which detects installed SQL Server version and changes directory to appropriate setup folder. Here you have it:

Unable to connect to named SQL instance on remote machine

Recently I was doing installation of K2 5.2 on Azure VMs with SQL server named instance hosted on separate Azure VM. I’ve created SQL Server alias on K2 VM but then run into issue – neither K2 Setup Manager nor SSMS were able to connect to SQL through alias. I next tried direct connection via server\instance name which also failed. SSMS showed me the following error:

Could not open a connection to SQL Server. Microsoft SQL Server, Error: 53

I first focused on network connectivity between VM:

  • Confirmed that I can ping SQL Server VM from K2 Server VM
  • Confirmed that no firewall enabled on VM and Azure VMs on the same network with nothing blocking connectivity between them
  • I tried to use telnet to test port 1433 – it failed

This is what kept me focused on network connectivity layer a bit longer then necessary. But after confirming that SQL Server not listening on port 1433 using netstat -na | find “1433” it became quite clear that focus should be on SQL Server configuration. First of all – by default named instance listen on dynamic port, and you actually need to have SQL Server Browser Service enabled to ensure you can connect to named instance without specifying port while using dynamic ports. But in my case it was not that as in SQL Server configuration there was explicitly specified custom port (SQL Server Configuration Manager > Protocols for %INSTANCE_NAME% > TCP/IP Properties > TCP Dynamic Ports – if you have anything other than 0 in IPAll section fir this setting you are not using dynamic ports). When your problem is dynamic ports and disabled SQL Server Browser Service error message from SSMS looks as follows:

SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified

As you can see error message explicitly tells you “Error Locating Server/Instance Specified. To fix this either set 0 for TCP Dynamic Ports setting and enable SQL Server Browser Service or specify some port number there. You sort of choosing your dependency here – either browser service (may fail to start) or custom port (may be hijacked by other service). It seems that browser service is better approach.

So in my case I was confused by expecting named instance to listen on default port which was, to put it simply, wrong expectation. Here is how you can check on which port your instance is listening:

Commands which you can use to find out your SQL Server instance ports

But obviously having access to SQL Server you can get this data from SQL Server Configuration manager too: SQL Server Configuration Manager > Protocols for %INSTANCE_NAME% > TCP/IP Properties. Just keep in mind that you need to check TCP Dynamic Ports value both for specific address and for IPAll section. But like I said in my case, the problem was not about ports. Once I found out instance port I noticed that I still cannot connect to it using telnet, just because IP address was not enabled in SQL Server Configuration Manager > Protocols for %INSTANCE_NAME% > TCP/IP Properties (meaning it had Enabled=0). I corrected that and telnet connectivity test succeeded.
Still, when I get back to SSMS I was getting the same error – “Could not open a connection to SQL Server. Microsoft SQL Server, Error: 53”. Reason? With SQL Server 2016 and latest versions of SQL Server, I keep forgetting that the latest and greatest version of SSMS still reads alias settings from x86 registry hive (meaning you need to configure SQL alias using cliconfg.exe from C:\Windows\SysWOW64) – I have a hard time getting use to it. Interestingly fully missing x86 alias triggers error message “Could not open a connection to SQL Server. Microsoft SQL Server, Error: 53” while one we configure with non existing server or instance name will give you “SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified”.

Anyhow your key takeaways from this post should be:

  • Know your instance port
  • Make sure that IP address is enabled
  • We still need to configure alias twice (x86/x64) to avoid unpleasant surprises from apps reading setting from non-configured location

I hope this post may save some troubleshooting time for someone.

Microsoft Azure 70-473 Design and Implement Cloud Data Platform Solutions – Design and Implement Security

Earlier I tried to compile list of Microsoft documentation and other resources relevant for 70-473 exam preparation but I quickly realized that exam scope makes this list too huge and unwieldy. I now decided that I would rather split this into smaller resources lists following specific exam sections. Below you can see the list of reading resources relevant for Design and Implement Security section of 70-473 exam. You will mainly find links to Microsoft documentation in this list.

Here you can see Design and Implement Security exam section topics as described on official exam page:

  • Design and implement SQL Server Database security
    • Configure firewalls; manage logins, users, and roles; assign permissions; configure auditing; configure Transparent Database Encryption (TDE); configure row-level security; configure data encryption; configure data masking; configure Always Encrypted
  • Design and implement Azure SQL Database security
    • Configure firewalls; manage logins, users, and roles; assign permissions; configure auditing; configure row-level security; configure data encryption; configure data masking; configure Always Encrypted, configure Automatic Threat Detection

I tried to structure list of links below based on sub-objectives.

Configure Firewalls

Azure SQL Database and SQL Data Warehouse firewall rules

sp_set_database_firewall_rule (Azure SQL Database)

Azure SQL Database: Firewall security

Configure a Windows Firewall for Database Engine Access

Configure a Server to Listen on a Specific TCP Port
Configure the Windows Firewall to Allow SQL Server Access

TCP/IP Properties (IP Addresses Tab)

SQL Server: Frequently Used Ports

Security Considerations for SQL Server in Azure Virtual Machines

Manage logins, users and roles

Server and Database Roles in SQL Server

Managing Users, Roles, and Logins

Getting Started with Database Engine

Database-Level Roles

Server-Level Roles

CREATE CREDENTIAL (Transact-SQL)

SQL Server Separation of Duties (Word document download)

Assign Permissions

Getting Started with Database Engine Permissions

New Permissions in SQL Server 2014: IMPERSONATE ANY LOGIN, SELECT ALL USER SECURABLES, CONNECT ANY DATABASE and the old CONTROL SERVER

GRANT Server Permissions (Transact-SQL)

SQL Server Best Practices – Implementation of Database Object Schemas
+ see also: What are some best practices for using schemas in SQL Server?

Azure SQL Database and SQL Data Warehouse access control

Principals (Database Engine)

Configure Auditing

Get started with SQL database auditing

Set-AzureRmSqlServerAuditingPolicy

Use-AzureRmSqlServerAuditingPolicy

Configure Transparent Database Encryption (TDE)

Transparent Data Encryption (TDE)

Transparent data encryption for SQL Database and Data Warehouse 

Enable TDE on SQL Server Using EKM

ALTER DATABASE (Azure SQL Database)

Configure Row-Level Security (RLS)

SQL Server 2016 : Implement Row Level Security using Predicate Function and Security Policy

Row-Level Security

SQL Server Security Blog – Row-Level Security block predicates are generally available on Azure SQL DatabaseCREATE SECURITY POLICY (Transact-SQL)

Configure Data Encryption

SQL Server 2016 New Features: Security and Encryption

Encrypt a Column of Data (column/cell level encryption)

Extensible Key Management Using Azure Key Vault (SQL Server)

CREATE ASYMMETRIC KEY (Transact-SQL)

SQL Server Certificates and Asymmetric Keys
OPEN SYMMETRIC KEY (Transact-SQL)

Get started with Azure Key Vault
About keys, secrets, and certificates

Configure Data Masking

SQL Database dynamic data masking

ALTER TABLE (Transact-SQL)

Use Dynamic Data Masking to obfuscate your sensitive data

Configure Always Encrypted

Always Encrypted (Database Engine)

Always Encrypted (client development)

Develop using Always Encrypted with .NET Framework Data Provider

Always Encrypted: Protect sensitive data in SQL Database and store your encryption keys in Azure Key Vault

Microsoft Azure SQL Database provides unparalleled data security in the cloud with Always Encrypted

Configure Always Encrypted using SQL Server Management Studio

SqlConnection.ConnectionString Property
Use .NET (C#) with Visual Studio to connect and query an Azure SQL database

Configure Automatic Threat Detection

Use PowerShell to configure SQL Database auditing and threat detection

Azure SQL Database Threat Detection

Azure Security Center Documentation

Other/General

Controlling and granting database access to SQL Database and SQL Data Warehouse – Secure your Azure SQL Database

Azure Cosmos DB: SQL API getting started tutorial

Get started with Azure Table storage and the Azure Cosmos DB Table API using .NET

ADO.NET Overview

Securing your SQL Database

Azure Storage replication

Collation and Unicode Support

AzureRM.Sql

Management Data Warehouse

SQL Server Profiler

Monitoring SQL Server Performance

Monitor Resource Usage (System Monitor)

Next time I will try to compile similar list for Design and implement high availability, disaster recovery, and scalability section of the exam.