SQL : Find & Disconnect Database Sessions

When taking a database offline you may find the offline process takes a long time or may fail due to existing connections. You can use the following SQL to identify user sessions that are connected to a particular database:

{code lang:sql showtitle:false lines:false hidden:false}USE MASTER
SELECT * FROM sysprocesses WHERE dbid = DB_ID(‘APPV’){/code}

Using the SPID from the output above kill any identified session by using the simple SQL below:

{code lang:sql showtitle:false lines:false hidden:false}kill <session ID>{/code}


McAfee EPO : Database Managment

McAfee EPO : Database Managment

I recently ran into some issues with a remote sites EPO server. There were seveal issues:

  1. SQL Express Database had grown to 2GB (it was SQL Express 2005 therefore 2GB was the limit)
  2. The drive which the database files were stored was running low on disk space
  3. There were excessive rows in the events table which required purging

Move The Database

— Identify logical file names and file locations for the database you wish to move

select, as ‘Logical filename’, b.filename from sys.sysdatabases a

inner join sys.sysaltfiles b

on a.dbid = b.dbid


— Set DB Offline, forcefully





— Copy files to the new location, yes COPY!

— New location D:\Program Files\McAfee\ePO SQL Database

— Old Location C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data

— Set Destination NTFS Permissions to Match Source location


— Move database files(As there was not enough disk space on the C:\ on SERVER)



FILENAME = “D:\Program Files\McAfee\ePO SQL Database\ePO4_SERVER.mdf”)





FILENAME = “D:\Program Files\McAfee\ePO SQL Database\ePO4_SERVER_log.LDF”)




SET online


Cleanup The Database

— Find Out EPO DB Size

EXEC sp_spaceused


— Find Table Sizes

select object_name(id) [Table Name],

[Table Size] = convert (varchar, dpages * 8 / 1024) + ‘MB’

from sysindexes where indid in (0,1)

order by dpages desc


— Identify Events that can be purged between a specific date/time range

Select ThreatEventid, Count(Threateventid)


WHERE ReceivedUTC BETWEEN ‘2000-01-01 00:00:00.000’ AND ‘2011-03-31 23:59:59.999’

GROUP BY ThreatEventid


— Purge Events


— 1 Stop all EPO Sevices

— 2 Backup DB

— 3 Purge table



WHERE ReceivedUTC BETWEEN ‘2000-01-01 00:00:00.000’ AND ‘2011-05-31 23:59:59.999’


— 4 shrink the database

dbcc shrinkdatabase (ePO4_SERVER,1)


SQL 2008 : Cluster DTC Configuration

SQL 2008 : Cluster DTC Configuration

In order to configure a DTC per SQL instance perform the following steps:

Create a new DTC resource

i.            Look for a green arrow in the middle pane next to “Configure a Service or Application” and click on it to open the “High Availability Wizard”

ii.            Choose “Next” to go to the “Select Service or Application” screen

iii.            Choose “Distributed Transaction Coordinator (DTC)” then click “Next”

iv.            You can either use the default name or create your own unique name for the “Client Access Point” then click “Next”. You may want to name it something like DTC_YourSQLServerResourceName. For example: if your SQL instance’s virtual name is SQL01, call your DTC resource something like DTC_SQL01 or MSDTC-SQL Server (SQL01).

v.            Choose a disk that is not already used and will not be the disk you choose during SQL Server setup.

vi.                  Click “Next” twice.


Install SQL Server on at least one node.


Move DTC to the SQL Server group

i.            Right click on the DTC resource and choose “More Actions” then “Move this resource to another service or application”.

ii.            Choose your SQL Server group in “Select A Service or Application”.

iii.            Right click on the DTC resource and choose “Properties”. Go to the “Policies” tab and uncheck “if restart is unsuccessful, fail over all resources in this service or application” for the DTC resource unless you are sure you want a DTC failure to cause SQL Server to fail over. This is the same thing as “affect the group” in older versions of Windows.

iv.            Optionally you can take DTC offline and make it dependent on the SQL Server name and disk. Then remove its dependencies on the original name and disk. Then you can optionally delete the original IP, name, and disk or move them out of the SQL Server group.

(Optional for SQL Server 2008) Map SQL Server to this DTC resource.

If you skip this step SQL Server 2005 will use the default DTC. SQL Server 2005 will only use the DTC in the SQL Server group if that one is the default for the entire cluster or if you do the mapping step. SQL Server 2008 will use the DTC in its group unless that DTC is not online/started when SQL Server starts or if you create a mapping to a different DTC.

i.                     Open a dos prompt using “Run as Administrator”.

ii.                   Modify the below statement with a mapping name (make up a name to id the mapping), service (the SQL Server service name – not the display name), and ClusterResourceName (DTC resource name) then run it
Example: Msdtc -tmMappingSet -name DTC_SQL01_Mapping -service “MSSQL$SQL01” -ClusterResourceName “MSDTC-SQL Server (SQL01)”  <<-- Note the correction I made here on 3/21/09 to the service name for SQL, and the additional verification steps below
Do you want to continue with this operation? [y/n] y [enter]

iii.                 Run “msdtc -tmmappingview *” to verify the mapping was created successfully. The mapping is also stored in HKEY_LOCAL_MACHINE\Cluster\MSDTC\TMMapping\Service\ as a new key named the same as the mapping parameter used in the msdtc command.

iv.            To verify SQL Server is mapped to the expected instance of DTC you can either

§ Shut down all the other DTC services and make sure the mapped DTC is online. Verify you can do a BEGIN DISTRIBUTED TRANSACTION from this SQL Server.

§ Do a BEGIN DISTRIBUTED TRANSACTION from this SQL Server, verify it succeeds and roll it back. Then shut down the mapped DTC and verify a new BEGIN DISTRIBUTED TRANSACTION will work.

e)      Enable network access

i.                 Run DcomCnfg

ii.               Navigate to Computers.Component Services.My Computer.Distributed Transaction Coordinator.Clustered DTCs

iii.              Right click on the DTC service for this SQL Server group and select “Properties”.

iv.               Go to the security tab and check “Network DTC Access”, “Allow Inbound”, and “Allow Outbound”.

v.                When you hit “Apply” or “OK” it will restart the DTC resource.


Exchange 2007 : Managing Shared Mailboxes

Exchange 2007 : Managing Resource Mailboxes

To create a shared mailbox:

New-Mailbox -database “MAILSERVER\MDB1\Mailbox Database” -Name Cancel -OrganizationalUnit “domain.local/Exchange Objects/Resource Mailboxes” -DisplayName “user1” -UserPrincipalName “user1@domain.local” -Shared

To set the country code on the user (may be used for address list policies):

Set-User Cancel -CountryOrRegion “GB”

Grant full access/sendas permissions:

Add-MailboxPermission Cancel -User “user2” -AccessRights FullAccess
Add-ADPermission Cancel -User “user2” -Extendedrights “Send As”


SQL : Performing Point-in-Time Recovery

SQL : Performing Point-in-Time Recovery


  • Requires full recovery model on database
  • Requires a full backup
  • Requires Transaction Log backups to be configured (at a frequency of your choice)

The following TSQL will enable you to perform point-in-time recovery on an SQL database:

/* SQL Point-in-time recovery script */
/* Uses the last full back, then TRN files from the last backup. */

/* Restore the last Full backup */
FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery.bak’

/* Restore the TRN backups, using the same point-in-time for each */
/* Date format is YYYY-MM-DD HH:MM:SS – 24Hr clock */

RESTORE LOG [POTRecovery] FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery_tlog_201003051015.TRN’
WITH FILE = 1, NOUNLOAD , STATS = 10, RECOVERY , STOPAT = N’2010-03-05 10:20:00

RESTORE LOG [POTRecovery] FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery_tlog_201003051016.TRN’
WITH FILE = 1, NOUNLOAD , STATS = 10, RECOVERY , STOPAT = N’2010-03-05 10:20:00

RESTORE LOG [POTRecovery] FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery_tlog_201003051024.TRN’
WITH FILE = 1, NOUNLOAD , STATS = 10, RECOVERY , STOPAT = N’2010-03-05 10:20:00

/* Now set the database into a useable mode – without this the database will be stuck in a ‘Loading’ state */

Using a third party backup tool and SQL-based TRN backups you can still recover as above, just ensure you perform the database restore using Data Protector then use SQL Management Tools to perform the point-in-time recovery.


SQL : SQL Server Migration Process

SQL Server Migration Process


Environment information:

  • Old Domain Name: domold.local / DOMOLD
  • New domain name: domnew.local / DOMNEW

You will need to update these domain names in the relevant processes and scripts detailed below.

Identification of Application Domain Dependencies

Stage one of this process is to establish any domain dependencies within an application. This includes email and active directory (authentication).

Recreation of Service Accounts

Logon to the system you are intending to migrate and identify all service accounts that are on the old domain;



Each of these accounts must be recreated on the new domnew.local domain. Each account should be prefixed with ‘svc_’ in order to easily identify service accounts in the future.




The accounts should also be configured so that the password does not expire, passwords should be documented. Once recreated you must now modify services so that they use the new service account:




It may also be necessary to mail-enable service accounts, ensuring they have the correct email address.



File System Permissions

Verify file system permissions and create additional entries for the new service account. Generally speaking these will be application specific directories and must be set manually.

Quest Tools Processing


EU Operations are now able to process the machine using the Quest tools. This tool will ensure all file system level user permissions are migrated on the server (excluding service accounts).



After completion of this step we can now move the server into the domnew.local domain, once complete the server will reboot.





Local Server Security Polices


Local security policies must be modified to allow logon as a service / batch job rights for individual accounts. On the old domain this was done via GPO, however we have now moved back to local security policies to achieve this.

Identify where the existing service account has been granted permissions and manually recreate them.


To identify current permissions Start > Run > gpedit.msc to load the local security policy editor.





Expand Computer Configuration > Windows Settings > Security Settings > Local policies > User Rights Assignment




Check for any entries for the local domain such as DOMOLD accounts and replace these with DOMNEW accounts.



Application Level Changes

We are now ready to change application level domain dependencies on the migrated server as identified in stage one.

Scheduled Tasks

You will need to ensure all scheduled tasks are using DOMNEW accounts.


For non-SQL servers the migration process ends here.

SQL Server Specific Elements for Migration

Create a new service account; this account must be a local administrator on the machine:




The account must be granted logon as a service rights:





The account must be granted a SQL Login at the server instance level, this can be achieved form within Enterprise Manager:








Please note if the account is shown as the ‘dbo’ user do not set the permissions, instead you must run the sp_changedbown stored procedure against the database:




The Query should look as follows:




EXEC sp_changedbowner DOMNEW\SVC_USD1SQL’




EXEC sp_changedbowner DOMNEW\SVC_USD1SQL’


Change the Database name (in bold) and the username as is appropriate.

Next we must change the SQL Agent Job owners for the database. You can view all jobs from enterprise manager:




Double-click each job and change the owner to the new DOMNEW object:



To automate job changes you can use the following T-SQL script, this will change the owner of all jobs that have domold.local ownership to domnew.local\svc_sqladmin


–********* Before proceeding please backup the MSDB database in order to provide roll-back. ***********




SELECT GETDATE() AS ‘ExecutionTime’




SELECT j.[name] AS ‘JobName’,

Enabled = CASE WHEN j.Enabled = 0 THEN ‘No’

ELSE ‘Yes’


l.[name] AS ‘OwnerName’

FROM MSDB.dbo.sysjobs j

INNER JOIN Master.dbo.syslogins l

ON j.owner_sid = l.sid

WHERE l.[name] like ‘%DOMOLD\%’ or l.[name] like ‘%DOMOLD\%’

ORDER BY j.[name]




SELECT ‘EXEC MSDB.dbo.sp_update_job ‘ + char(13) +

‘@job_name = + char(39) + j.[Name] + char(39) + ‘,’ + char(13) +

‘@owner_login_name = ‘ + char(39) + DOMNEW\svc_sqladmin’ + char(39) + char(13) + char(13)

FROM MSDB.dbo.sysjobs j

INNER JOIN Master.dbo.syslogins l

ON j.owner_sid = l.sid

WHERE l.[name] like ‘%DOMOLD\%’ or l.[name] like ‘%DOMOLD\%’

ORDER BY j.[name]




Next we must identify and change all DTS Packages that are owned by old domain accounts. The following T-SQL will identify all unique accounts, which own DTS packages:


SELECT distinct owner FROM sysdtspackages



You will need to manually list the unique users and then run the following T-SQL for each user. Change the @old_owner and @new_owner definition at the start of the script:


–********* Before proceeding please backup the MSDB database in order to provide roll-back. ***********


DECLARE @old_owner varchar(100), @new_owner varchar(100), @name sysname, @id uniqueidentifier


set @old_owner = ‘DOMOLD\sqladmin’

set @new_owner = DOMNEW\svc_sqladmin’


IF (NOT EXISTS (SELECT * FROM sysdtspackages WHERE [owner] = @old_owner))


   RAISERROR(‘User ”%s” does not own any packages’, 16, 1, @old_owner)




SELECT DISTINCT [name], [id]

FROM sysdtspackages

WHERE [owner] = @old_owner



DECLARE cur_sysdtspackages CURSOR FOR

   SELECT DISTINCT [name], [id]

   FROM sysdtspackages

   WHERE [owner] = @old_owner

OPEN cur_sysdtspackages

FETCH NEXT FROM cur_sysdtspackages

INTO @name, @id



     Print +N’Re-assigning owner on DTS Package: ‘ + @name

       EXEC sp_reassign_dtspackageowner @name=@name, @id=@id, @newloginname=@new_owner

     FETCH NEXT FROM cur_sysdtspackages

     INTO @name, @id


CLOSE cur_sysdtspackages

DEALLOCATE cur_sysdtspackages



Finally, change the credentials for the SQL services:



Enter the new DOMNEW username and password:



Verify that Database Level Users are added for the new DOMNEW domain:




SQL Server : Deployment Guide

SQL Server : Deployment Guide

  1. Use mount points for storage and an anchor lun for the mount points. This will simplify storage management.
  2. Split logs and database files; lots of SAN storage vendors will say this isnt necessary now, but keep them seperate. This will protect you in the even of database file growth beyond normal tolerances.
  3. Storage must be aligned, if operating system is earlier than Windows 2003 this must be manually done when partitioning the LUNs, Windows 2008+ automatically aligns disks:
    1. If the disk you are aligning is already blank (raw), proceed to Step 3. If the disk contains data, backup the disk before proceeding.
    2. Delete all partitions on the disk.
    3. Open a command prompt, and execute Diskpart.exe.
    4. At the Diskpart command prompt, type List Disk and press Enter. If the disk you want to align does not appear in the list make sure that it exists and is accessible using the Disk Management snap-in.
    5. At the Diskpart command prompt, type Select Disk X, where X is the number of the disk as shown in the output of the List Disk command. Diskpart should return a message that indicates that Disk X is the selected disk.
    6. At the Diskpart command prompt, type Create Partition Primary Align=X, where X is either 32 or 64, depending on the recommendation from your storage vendor. If your storage vendor does not have any specific recommendations, it is recommended that you use 64. W 2008 / Vista use an offset of 1024.
    7. At the Diskpart command prompt, type Assign Letter=. For example, to assign letter Z to the disk, type Assign Letter=Z.
    8. Once the drive letter is assigned, type exit to exit out of the Diskpart utility.
    9. Use the Disk Management snap-in or the Windows Format command to format the partition as an NTFS-formatted partition.
  1. All data and log LUNs should be formatted with 64K NTFS allocation unit size
  2. If server has more than 8 CPU’s (or cores) you must configure MAXDOP to a value of 8, when less than 8 CPUs are present use a value of 0-X where X is the number of CPU’s. For OLTP scenarios use a MAXDOP calue of 1.
  3. Confirm SQL collation setting is correct (if upgrading/migrating from an existing platform) using SELECT SERVERPROPERTY(‘Collation’) AS ‘Collation’
  4. TempDB should be configured to have approx 4 data files, execute the code below, modify for each additional data file:
        ALTER DATABASE [tempdb]
        ADD FILE (
            NAME = N’tempdev_1′,
            FILENAME = N’E:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Data\tempdb_1.ndf’ ,
            SIZE = 8MB ,
            FILEGROWTH = 10% )

  5. Ensure you use setspn to configure the ServicePrincipalName for and SQL service accounts, setspn –A MSSQLSvc/[server fqdn]:[port | instance name] “[service account]” – anything in RED should be changed:
    1. For an instance running on port 1188 example: setspn –A MSSQLSvc/DB1.domain.local:1188domlocal\svc_dbe
    2. For a named instance, in this example ‘I1’, you should also run: setspn –A MSSQLSvc/DB1.domain.local:I1domlocal\svc_dbe
  6. MSDTC should have its own resource group
  7. MSDTC should be configured with the following permissions (more information here:
    1. Open Component Services > My Cmoputer > Distributed Transaction Coordinator > Clustered DTCs
    2. Enable Network DTC Access (But do not select Allow Remote Clients/Allow Remote Administartion)
    3. Enable Transaction Manager Communication (Allow Inbound, Allow Outbound and select incoming Caler Authentication Required)
    4. Select SNA LU 6.2 Transactions (Ensure that Enable XA Transactions is not selected)
    5. In Windows Firewall configure an exception for DTC
  8. For SQL Server 2008 ‘Page Verify’ should be set to ‘Checksum’
  9. Configure a maximum memory size (see below)
  10. When managing [ermissions ensure that the local Administartors group is not a member of the sysadmin role
  11. The SQL service account should have th following permissions:
  • Perform Volume Maintenence Tasks (allows for faster restores as database files are not pre-zeroed)
  • Lock Pages in Memory
  • Logon as a Service

Additional Notes/Setup Instructions

SQL Server Memory Configuration

Suggested maximum memory allocations (

Physical RAM                        MaxServerMem Setting
2GB                                           1500
4GB                                           3200
6GB                                           4800
8GB                                           6400
12GB                                         10000
16GB                                         13500
24GB                                         21500
32GB                                         29000
48GB                                         44000
64GB                                         60000
72GB                                         68000
96GB                                         92000
128GB                                       124000

Configuring a maximum meory size for an SQL instance

EXEC  sp_configure‘max server memory (MB)’,2048;

Disk Alignment

To verify disk alignment execute the command: diskpar –I 2 where 2 is the number of the disk you wish to check the alignment.

The important setting here is the StartingOffset – this value should divide cleanly by the NTFS cluster size implemented on the disk.

Ensure that Partition Offset ÷ Stripe Unit Size is a whole number (you will need to consult the storage configuration to identify stripe size).

Ensure that Stripe_Unit_Size ÷ File_Allocation_Unit_Size is also a whole number.

Configure MAXDOP

sp_configure ‘show advanced options’, 1;
sp_configure ‘max degree of parallelism’, 8;


SQL 2008 : Move Databae Files to Differnet Path

SQL 2008 : Move Databae Files to Differnet Path

The following commands can be used to move the log/data files for a SQL database Note this is an OFFLUINE process!

/* Find file locations for your database */
SELECT name, dbid FROM sysdatabases WHERE name = ‘lansweeperdb’
SELECT * FROM sys.master_files WHERE database_id  = 16

/* Offline the Database */

/* Now move files, use the file names gather in step 1*/
ALTER DATABASE lansweeperdb
MODIFY FILE ( NAME = lansweeperdb, FILENAME = ‘E:\SQLDB\lansweeperdb.mdf’ );

ALTER DATABASE lansweeperdb

MODIFY FILE ( NAME = lansweeperdb_log, FILENAME = ‘E:\SQLDB\lansweeperdb_log.ldf’ );

/* Now online the database */




SQL : Database ‘Database_Name’ already exists

SQL : Database ‘Database_Name’ already exists

When re-attaching a database I received an error “Database ‘Database_Name’ already exists.” There were no duplicate name databases with the instance, so this was incorrect.

After running the following SQL I found that the database was still ‘known:’
select name from sys.databases

To resolve the issue, execute the command below, changingt he database name:
DROP database ‘Database_Name’


SQL : SQL Server Management Studio Alternate Domain Credentials

SQL : SQL Server Management Studio Alternate Domain Credentials

Whilst working in a split domain, lets say Domain A and Domain B, environment we had a request for a user from Domain A to login using SQL Server Management Studio (SSMS) using Windows Credentials (Domain Account) to connect to a SQL instance using credentials from Domain B. The domains in this environment did not trust each other, they were isolated environments with only DNS stub-zones/secondary zones in place to ensure connetcivity to resources.

SSMS will not allow you to enter alternate Windows Credentials when connecting using Windows Authentication. It is however possible to achieve this using RunAs in the following way:

RUNAS /netonly /user:DOMAINB\user “C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe”

You can even set this as a shortcut which will then prompt for the supplied username’s password and then exeute SSMS.