Archive for the ‘SQL’ category

SQL Server 2012 Service Pack 2 Cumulative Update #1

July 30th, 2014

SQL Server 2012 SP2 Cumulative Update #1 updates Service Pack 2 to include the fixes from SP1 CU#10 and a few from CU#11, including the fix for the online index rebuild corruption issue

•KB Article: KB #2976982
•Build # is 11.0.5532
•Currently there are 45 public fixes listed (46 total)

Relevant for builds 11.0.5058 -> 11.0.5531.
Do not attempt to install on SQL Server 2012 RTM (any build < 11.0.3000) or SP1 (any build < 11.0.5058), or any other major version.

SQL Server 2014 Permissions: CONNECT ANY DATABASE

July 30th, 2014

In a recent blog post New SQL Server 2014 Permissions: CONNECT ANY DATABASE Edward Pollack, explains a new feature in SQL2014 which is paraphrased here.

CONNECT ANY DATABASE is a simple server-level permission that provides access to all current and future databases. When combined with:

- VIEW SERVER STATE, a login can monitor server and database metrics via a host of dynamic management views.

- or with SELECT ALL USER SECURABLES, a login can view data in all databases (read-only).

Many professions have restrictions over what employees are allowed to view, e.g. hospitals, where HIPAA greatly influences the flow of information. CONNECT ANY DATABASE provides database-level permissions without giving any access to the objects within. This also allows for scenarios where access is granted to all databases, but only for specific tasks, such as selecting all data, updating, deleting, etc. Security scenarios that used to be cumbersome to implement are now simplified. No need to create users in all databases for a login, nor to assign specific database-level permissions to ensure that a service account or monitor can do its job correctly.

for more information see – 2014/07/29 http://www.sqlservercentral.com/articles/Security/111116/

End of Mainstream support for SQL Server 2008 and SQL Server 2008 R2

July 13th, 2014

We would like to remind all customers that Mainstream Support for SQL Server 2008 and SQL Server 2008 R2 ended on July 8, 2014.

http://support.microsoft.com/lifecycle.

Customers are encouraged to prepare and execute on their upgrade and/or sustained engineering plans as early as possible for these SQL versions. Remaining current on your SQL Server version to ensures that your product remains supported per the Support Lifecycle policy and for the many enhancements, fixes, and security updates provided through the latest releases.

For both SQL Server 2008 and SQL Server 2008 R2, Microsoft will continue to provide technical support which also includes security updates during the duration of extended support. Non-security hotfixes for these versions will be offered only to customers who have an Extended Hotfix Support agreement.

SQL 2014 now supports all versions of Dynamics Ax 2012

July 7th, 2014

SQL Server 2014 can now run with :
Microsoft Dynamics AX 2012 R3
Microsoft Dynamics AX 2012 R2 Cumulative Update 7
Microsoft Dynamics AX 2012 Cumulative Update 5.
This means that all Dynamics AX 2012 versions are now supported to work with SQL Server 2014.

Cumulative Update #2 for SQL Server 2014 RTM

June 28th, 2014

Fix for the index corruption issue is now available for SQL Server 2012 Service Pack 2 – available for download for via the hotfix download link in the KB article. See KB http://support.microsoft.com/kb/2969896

SQL Server 2012 SP1 CU10

May 26th, 2014

Cumulative Update 10 contains all the SQL Server 2012 SP1 hotfixes which have been available since the initial release of SQL Server 2012 SP1 and is now avaiable for download from Microsoft support.

• CU#10 KB Article: http://support.microsoft.com/kb/2954099
• Understanding IncrementalServicingModel for SQL Server

Microsoft Analytics Platform System

April 27th, 2014


At the Accelerate your Insights event last week, Satya Nadella introduced the new Microsoft Analytics Platform System (APS) as Microsoft’s solution for delivering “Big Data in a box.”

Unifying the data in SQL Server Parallel Data Warehouse with data in Hadoop is PolyBase, a ground breaking query technology developed by Dr. David DeWitt and his team in Microsoft’s Grey Systems Labs.

SQL updates April 2014

April 27th, 2014

SQL Server 2014 Cumulative Update #1 was issued and then pulled.

Cumulative Update #12 for SQL Server 2008 R2 Service Pack 2 is released. Build number is 10.50.4305

•KB Article: KB #2938478
•13 fixes listed

Windows Server 2012 R2 Update and SQL

April 14th, 2014

If you are or will be running SQL Server 2012 or SQL Server 2014 in the near future, then you should be running Windows Server 2012 R2 as your operating system.

If you are already running Windows Server 2012 R2, then make plans to install the latest update as soon as possible. According to Microsoft, “Future updates as of the patch Tuesday in May, including security fixes, will be based on Windows Server 2012 R2 Update as the baseline.”

SQL patches March 2014

March 23rd, 2014

The SQL Server team has released SQL Server 2012 SP1 Cumulative Update #9.
• KB Article: KB #2931078
• Build # is 11.0.3412
• Currently there are 29 public fixes listed (33 total)
Relevant for builds 11.0.3000 -> 11.0.3411.
Do not attempt to install on SQL Server 2012 RTM (any build < 11.0.3000) or any other major version

March 2014 Cumulative Update for SQL Server 2008 SP3

Microsoft has also released SQL Server 2008 Service Pack 3 Cumulative Update #16
•Build # 10.00.5852
• KB Article: KB #2936421
• 2 public fixes
• Relevant for builds 10.00.5500 -> 10.00.5851
• NOT for SQL Server 2008 R2 (10.50.xxxx)

The small number of fixes (and zero fixes for the engine) is telling: this is almost certainly the last service pack for SQL Server 2008, support for this version ends in July. If you’re still on 2008 (and I know some of you are still on 2005 and even 2000, and ), its time to start considering moving on

SQL 2014 coming soon

March 19th, 2014

Microsoft released the latest version of its SQL Server database, SQL Server 2014, to manufacturing on March 18.

SQL Server 2014 will be available to customers as of 1 April 2014 (and that is not an April fool’s joke.)

The newest version of SQL Server’s biggest new feature is its built-in in-memory online transaction processing (OLTP) capability, which Microsoft has said can improve database performance up to 30 times (not 30 percent — 30 times) without any code changes to existing applications or hardware.

The in-memory OLTP engine is codenamed “Hekaton.” with capabilities to complement the in-memory data-warehousing and business-intelligence capabilities that are already in SQL Server.

With traditional database models, the assumption is that data lives on disk and is stored on disk pages which creates a lot of overhead when you try to access records. When data lives totally in memory, much, much simpler data structures can be used. Hekaton indexes of data structures and storage structures are optimized on the basis that when a table is declared memory-optimized, all of its records live in memory.”

New concurrency-control mechanisms remove barriers to scalability. It moved away from a partitioned multi core approach to a latch-free/lock-free design. (Latches are synchronization mechanisms designed to avoid data corruption caused when multiple users try to modify a data structure concurrently, .)

The indexing system for high-speed data access, is referred to as the “Bw-tree.” which gives much improved processor-cache performance, in SQL Server 2014t.

SQL Server 2014 is also designed to back up more simply and seamlessly to Windows Azure, enabling users to back up their on-premises data to the cloud at an instance-level for disaster-recovery purposes. Backups can be automatic or manual, and a backup can be restored to a Windows Azure Virtual Machine, if need be.

Only the Enterprise version of SQL 2014 includes Hekaton support. The Standard, BI, Web and Express SKUs do not.

Synergy Software Systems Customer alert – SQL Server 2012 Service Pack 1 -critical upgrade

February 27th, 2014

There is a known issue with SQL Server 2012 Service Pack 1 . If you have installed Service Pack 1 not part of a slipstream install, then the registry on your SQL server could reach the 2GB limit and crash your SQL Server.

To avoid this issue for Dynamics products it is highly recommended to install at least Service Pack 1 Cumulative Update 5 for SQL Server 2012 or above because this version addresses some other issues that impact Dynamics.

SQL Service Pack 1 Cumulative Update 6 is the current release.

For those Dynamics customers on SQL Server 2012 Service Pack 1 or above, AX Cumulative Update 7 is released

http://support.microsoft.com/kb/2894115.

There are 2 memory leaks that have been patched that impact Dynamics AX:

http://support.microsoft.com/kb/2881661

http://support.microsoft.com/kb/2895494

I’ve personally seen this at customers with AX 2009 and AX2012.

You can run this query to test for the issue:
select type, sum(pages_in_bytes)/1024.0/1024.00 ‘Mem in MB’, count (*) ‘row count’ from sys.dm_os_memory_objects where type like ‘%MEMOBJ_COMPILE_ADHOC%’
group by type

Read more about this issue at:

http://blogs.msdn.com/b/psssql/archive/2013/07/31/after-applying-service-pack-1-for-sql-server-2012-you-may-encounter-a-known-issue-details-inside.aspx

As with all Microsoft patches, it should be first applied to your test environment before rolling out into your production systems

So, please plan on patching your SQL servers at your earliest opportunity.

Final Service Packs for SQL Server 2008 and SQL Server 2008 R2??

February 1st, 2014

Mainstream support for both SQL Server 2008 and SQL Server 2008 R2 is due to end on 8 July 2014,

Will Microsoft release a SQL Server 2008 R2 Service Pack 3 or a SQL Server 2008 Service Pack 4 ?

Organizations often shy away from installing Cumulative Updates, so many customers will run some very old builds of SQL Server 2008 and 2008 R2. Plan now for an upgrade.

Note also that your erp application future releases may not be compatible with nor be supported for older unpatched versions.

Security – what’s new

January 30th, 2014

Spoofed versions of the popular file transfer program FileZilla that steal data are circulating on third-party websites, the organization behind the software said Tuesday.FileZilla is an open source application, and hackers have taken its source code and modified it in order to try to steal data for more than a decade. But this campaign, run on third-party websites, is one of the largest FileZilla has seen to date, it said.

A new form of encryption is called “Honey Encryption”. It protects data with an added deceptive security mechanism i.e.. fake data that looks like valid information is presented to cybercriminals upon each failed password attempt. It was developed by former RSA chief scientist Ari Juels and University of Wisconsin researcher Thomas Ristenpart, and generates a piece of fake data resembling the user’s real information each time a hacker fails to access an account, as is common in brute-force hacking.

There’s an odd bug in Google search which is pointing users directly to a personal email address. The address appears in a “Compose” window that pops up when the top search result for Gmail is clicked. Very, very bizarre (and reproducible). see http://techcrunch.com/2014/01/24/gmail-glitch-is-causing-thousands-of-emails-to-be-sent-to-one-mans-hotmail-account/

The largest of the three studies — a Stroz Friedberg online survey of more than 700 information workers — found that senior management may be the biggest threat to an organization’s digital well-being. Fifty-eight percent of senior managers reported (digitally) sending sensitive information to the wrong person. Compare that with just 25 percent of lower-level employees guilty of the same misstep. More than half of all senior managers in the study admitted to taking files with them after they left a job. Only 25 percent of rank-and-file employees were found to have done the same.

The study also found that 9 in 10 senior managers admitted to uploading work files to personal email and cloud-based accounts, a faux pas that could lead to intellectual property theft and attacks on corporate networks.

In a study by Osterman Research, of 160 security professionals seventy-four percent of respondents said that malware had posed a significant threat to their networks in the past year, while 64 percent said the same for email scams. Who did these security experts blame for such high rates of vulnerabilities? Workers themselves. Fifty-eight percent of respondents said that malware unknowingly downloaded by Web-surfing employees posed the biggest threat to corporate security. Fifty-six percent thought that the malware and phishing schemes rampant in personal webmail accounts were an even bigger threat to companies.

Lax ‘Bring-Your-Own-Device (BYOD)’ policies weaken corporate security. Forty-six percent of security professionals questioned in the study said they no longer even try to manage the safe use of personal devices in the workplace.

A survey published last week — a SecureData survey of more than 100 IT professionals at midsize companies — found that clear security management strategies for employees are lacking within their organizations. 60 percent of the IT staffers surveyed listed employee carelessness as the biggest threat to a company’s cybersecurity.

The idea behind “Honey Encryption” is that if the intruder does ultimately enter the correct password and breach the account, then the fake data will be indistinguishable from the real data

Traditional encryption methods obfuscate the data, or make it look unintelligible, so hackers need to make sense of the garbled data after accessing it. Decoys and deception are really underexploited tools in fundamental computer security. Each decryption is going to look plausible so the attacker has no way to distinguish which is correct.

SQL Server 2012 RTM Cumulative Update 11

December 22nd, 2013

The 11th cumulative update release for SQL Server 2012 is available for download at the Microsoft Support site and contains all the SQL Server 2012 hotfixes since the initial release of SQL Server 2012.

•CU#11 KB Article: http://support.microsoft.com/kb/2908007
•SQL Server Support Information: http://support.microsoft.com/ph/2855
•Previous SQL Server 2012 Service Releases: http://support.microsoft.com/kb/2692828

NOTE: This will be the final Cumulative Update for SQL Server 2012 RTM release