Press "Enter" to skip to content

Category: Linux

sqlcmd and Self-Signed Certificates

Published 2024-04-17 by Kevin Feasel

Vlad Drumea is a trusting fellow:

This post covers a few ways to fix the SSL certificate error 1416F086 returned by sqlcmd on Linux when connecting to SQL Server.

If you’re looking for ways to fix the Windows equivalent of this error when using dbatools, check out this blog post.

It’s interesting how much controversy we’re seeing around tools like sqlcmd and (especially) SQL Server Management Studio defaulting to mandatory encryption. Having signed and valid certificates is a critical part of validating that this SQL Server is actually the one you think it is, and no intermediary attacker has swapped the certificate out with a phony one that allows the attacker to spy on your interactions.

I can understand people who are just messing around with SQL Server locally to experience pain on this, but the sheer number of actual companies—including companies using Central Management Servers, which implies having multiple SQL Server instances—with garbage-tier self-signed certificates is discouragingly high.

By the way, I’m aiming none of my rant at Vlad or this post. It’s just top-of-mind and this was as good a vehicle for rant delivery as I could find.

Leave a Comment

Resetting the sa Password in SQL Server on Linux

Published 2024-04-16 by Kevin Feasel

Vlad Drumea blames the intern:

This is pretty useful if you’ve inherited a SQL Server instance running on Linux, but the last person™ didn’t bother saving the sa password in your teams password manager vault.
Or, if you’re like me, and spin up test instances with random passwords for sa that you don’t bother saving anywhere.

Click through to see where you can find out how to reset the password, and then the actual mechanics of password reset.

Leave a Comment

Using Key Vault in SQL Server on Linux

Published 2024-03-21 by Kevin Feasel

Aravind Mahadevan shares information on a new bit of functionality:

We’re excited to announce that Extensible Key Management (EKM) using Azure Key Vault in SQL Server on Linux is now generally available from SQL Server 2022 CU12 onwards, which allows you to manage encryption keys outside of SQL Server using Azure Key Vaults.

In this blog post, we’ll explore how to leverage Azure Key Vault as an EKM provider for SQL Server on Linux.

Read on to see how to set this up.

Comments closed

SQL Server Failover Clusters in Linux

Published 2024-02-07 by Kevin Feasel

I phone it in:

In this video, we will talk about Failover Cluster Instances in SQL Server on Linux.

This video stays in the academic realm because I don’t have an enterprise version of Linux (either RHEL or SLES) and don’t have a SAN or NAS, so I couldn’t actually show any of it off. Still, somehow I turned the utter lack of demo into almost a 20-minute video.

Comments closed

Firewalls and TLS in SQL Server on Linux

Published 2024-01-24 by Kevin Feasel

I have a new video out:

In this video, we harden our SQL Server instance in two ways: by using a firewall to limit inbound traffic, and by using a certificate to force encrypted connections to SQL Server.

This was a video I enjoyed creating. It also shows the progress of SQL Server security: go back to 2005 (pre-SP1) and even SQL authentication over TDS was unencrypted by default. They fixed it so that the authentication would use a self-signed cert but the data you’d get back from query results was unencrypted. Nowadays, encryption is easy (if you’re okay with a self-signed cert) and some future version of SQL Server will make it mandatory.

Comments closed

SSIS on Linux

Published 2024-01-10 by Kevin Feasel

I am not amused:

In this video, we bang our heads against the wall repeatedly with respect to SQL Server Integration Services. I spend a lot more time than I want to but we do get a mostly-functional product mostly working.

This was a frustrating video to make, but I think it was important to make it clear just what SSIS on Linux can and cannot do.

Comments closed

Configuring and Troubleshooting SQL Server on Linux

Published 2024-01-03 by Kevin Feasel

I have a new video:

In this video, we will run through detailed configuration recommendations for SQL Server on Linux. We will also find out where you can find your error logs.

This is a mix of show and tell, as I couldn’t show some of the recommendations on my particular hardware. Still, there are a whole boatload of links to additional resources if you want to learn more about why Microsoft chose specific things to show in their SQL Server on Linux performance tuning recommendations.

Comments closed

Installing SQL Server on Ubuntu 22.04

Published 2023-12-27 by Kevin Feasel

I have a new video:

In this video, we will show how to install SQL Server on a machine running Linux, specifically SQL Server 2022 on Ubuntu 22.04 LTS.

This ties back to one of my first videos, covering the installation of SQL Server 2022 on Ubuntu 20.04, as at that time, there was no support for Ubuntu 22.04 and some of the libraries Microsoft was counting on had changed, so you couldn’t trick installation by using the 20.04 repository.

Comments closed

Concatenating Many Files in Azure Blob Storage

Published 2023-12-20 by Kevin Feasel

Drew Furgiuele concatenates a lot of files:

Lately, I’ve found myself with a few requests from friends and users that have a particular problem: they’ve got themselves a data lake in Azure, and they can read and write files just fine to it. The problem, though, is that sometimes they need to take a series of files and mash them all together, or as the cool kids call it: concatenate them. And when it comes to third party tools and methods that can do the trick, you’re spoiled for choice: Azure Data Factory, Spark via Databricks, or even PowerShell.

Case in point: I was working with someone who had tens of thousands of CSV files that they needed to merge together into one big file, but they were already out in their Azure storage account. That doesn’t sound so bad, does it? 

Drew explains why it is, but also why it isn’t. So click through and check that out.

Comments closed