sp_help_revlogin revisited

I believe I’ve come up with an improvement to sp_help_revlogin.

Transferring a login from one server to another is one of those learning experiences we all go through. If you just do CREATE LOGIN on another server the login in the master database usually gets a different ID. When you restore the database on the other server, the ID of the user in the database doesn’t match the ID of the login in master and so the login can’t access the database. (And, as they say, ‘hilarity ensues’.)

A better way to move the login is to use a Microsoft stored procedure sp_help_revlogin (read more here: http://support.microsoft.com/kb/918992/) to generate a script that will re-create the login with the same ID. But I noticed it doesn’t include the login’s default language, which is something that can have a major impact on things like whether the account can re-use existing cached query plans. So I’ve added this element.

Instead of this:

CREATE LOGIN [loginX]
WITH	PASSWORD = 0x02<snip>9E HASHED
	, SID = 0x8E<snip>80
	, DEFAULT_DATABASE = [databaseY]
	, CHECK_POLICY = ON
	, CHECK_EXPIRATION = OFF

you now get this:

create login [loginX]
with	password = 0x02<snip>9E hashed
	, sid = 0x8E<snip>80
	, default_database = [databaseY]
	, default_language = [us_english]
	, check_policy = on
	, check_expiration = off

(While I was at it, I changed the output to lower case because that’s how I like to code.)

Here’s the new version of the procedure with the altered lines highlighted:

/*
Purpose:	To script out logins for copying to another server.
Source:		http://support.microsoft.com/kb/918992/
Modifications:	I added the default language.
*/

use master;
go

IF OBJECT_ID ('sp_hexadecimal') IS NOT NULL
  DROP PROCEDURE sp_hexadecimal
GO

CREATE PROCEDURE sp_hexadecimal
    @binvalue varbinary(256),
    @hexvalue varchar (514) OUTPUT
AS
DECLARE @charvalue varchar (514)
DECLARE @i int
DECLARE @length int
DECLARE @hexstring char(16)
SELECT @charvalue = '0x'
SELECT @i = 1
SELECT @length = DATALENGTH (@binvalue)
SELECT @hexstring = '0123456789ABCDEF'
WHILE (@i <= @length)
BEGIN
  DECLARE @tempint int
  DECLARE @firstint int
  DECLARE @secondint int
  SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))
  SELECT @firstint = FLOOR(@tempint/16)
  SELECT @secondint = @tempint - (@firstint*16)
  SELECT @charvalue = @charvalue +
    SUBSTRING(@hexstring, @firstint+1, 1) +
    SUBSTRING(@hexstring, @secondint+1, 1)
  SELECT @i = @i + 1
END

SELECT @hexvalue = @charvalue
GO

IF OBJECT_ID ('sp_help_revlogin') IS NOT NULL
  DROP PROCEDURE sp_help_revlogin
GO
CREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL AS
DECLARE @name sysname
DECLARE @type varchar (1)
DECLARE @hasaccess int
DECLARE @denylogin int
DECLARE @is_disabled int
DECLARE @PWD_varbinary  varbinary (256)
DECLARE @PWD_string  varchar (514)
DECLARE @SID_varbinary varbinary (85)
DECLARE @SID_string varchar (514)
DECLARE @tmpstr  varchar (1024)
DECLARE @is_policy_checked varchar (3)
DECLARE @is_expiration_checked varchar (3)

DECLARE @defaultdb sysname
DECLARE @defaultlanguage sysname

IF (@login_name IS NULL)
  DECLARE login_curs CURSOR FOR

      SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, p.default_language_name, l.hasaccess, l.denylogin FROM
sys.server_principals p LEFT JOIN sys.syslogins l
      ON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name <> 'sa'
ELSE
  DECLARE login_curs CURSOR FOR

      SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, p.default_language_name, l.hasaccess, l.denylogin FROM
sys.server_principals p LEFT JOIN sys.syslogins l
      ON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name = @login_name
OPEN login_curs

FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @defaultlanguage, @hasaccess, @denylogin
IF (@@fetch_status = -1)
BEGIN
  PRINT 'No login(s) found.'
  CLOSE login_curs
  DEALLOCATE login_curs
  RETURN -1
END
SET @tmpstr = '/* sp_help_revlogin script '
PRINT @tmpstr
SET @tmpstr = '** Generated ' + CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + ' */'
PRINT @tmpstr
PRINT ''
WHILE (@@fetch_status <> -1)
BEGIN
  IF (@@fetch_status <> -2)
  BEGIN
    PRINT ''
    SET @tmpstr = '-- Login: ' + @name
    PRINT @tmpstr
    IF (@type IN ( 'G', 'U'))
    BEGIN -- NT authenticated account/group

      SET @tmpstr = 'create login ' + QUOTENAME( @name ) + ' from windows with default_database = [' + @defaultdb + '], default_language = [' + @defaultlanguage + ']'
    END
    ELSE BEGIN -- SQL Server authentication
        -- obtain password and sid
            SET @PWD_varbinary = CAST( LOGINPROPERTY( @name, 'PasswordHash' ) AS varbinary (256) )
        EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUT
        EXEC sp_hexadecimal @SID_varbinary,@SID_string OUT

        -- obtain password policy state
        SELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name
        SELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name

            SET @tmpstr = 'create login ' + QUOTENAME( @name ) + ' with password = ' + @PWD_string + ' hashed, sid = ' + @SID_string + ', default_database = [' + @defaultdb + '], default_language = [' + @defaultlanguage + ']'

        IF ( @is_policy_checked IS NOT NULL )
        BEGIN
          SET @tmpstr = @tmpstr + ', check_policy = ' + @is_policy_checked
        END
        IF ( @is_expiration_checked IS NOT NULL )
        BEGIN
          SET @tmpstr = @tmpstr + ', check_expiration = ' + @is_expiration_checked
        END
    END
    IF (@denylogin = 1)
    BEGIN -- login is denied access
      SET @tmpstr = @tmpstr + '; deny connect sql to ' + QUOTENAME( @name )
    END
    ELSE IF (@hasaccess = 0)
    BEGIN -- login exists but does not have access
      SET @tmpstr = @tmpstr + '; revoke connect sql to ' + QUOTENAME( @name )
    END
    IF (@is_disabled = 1)
    BEGIN -- login is disabled
      SET @tmpstr = @tmpstr + '; alter login ' + QUOTENAME( @name ) + ' disable'
    END
    PRINT @tmpstr
  END

  FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @defaultlanguage, @hasaccess, @denylogin
   END
CLOSE login_curs
DEALLOCATE login_curs
RETURN 0
GO

You can download the code here.

Buffer pool extension gotcha

Don’t get caught out by this one.

We just got a big new server for our upgrade to SQL 2014, and I specially added a pair of SSDs to the spec so we would have a super-fast RAID 1 partition for the tempdb files and so we could use the new buffer pool extension feature. The server vendor insisted we had to use their approved, server-grade SSDs to be properly supported. These disks are far from cheap so we got the 120GB drives.

All was going well until I tried to enable the buffer pool extension:

Msg 868, Level 16, State 1, Line 2
Buffer pool extension size must be larger than the current memory allocation threshold 117894 MB. Buffer pool extension is not enabled.

I didn’t see that in any of the material announcing this feature. It’s in the (really) small print in Books Online so technically we have been warned. We have plenty of RAM so we would need to buy bigger SSDs to use buffer pool extensions.

Still, at least anything that spills to disk in tempdb is going to go way faster, which is better than nothing.

Denali Side-by-Side Gotcha

Don’t try this at home. I just got my new (new to me anyway) laptop set up nicely and then installed an instance of Denali CTP3 to start exploring. RTFM? Not me! The first thing I thought I’d play with was the tabular model and Project Crescent as this has huge potential for Reporting & BI people. So I click New Project and it says you can only do this on a default instance. Erm, but my default instance is 2008R2. Oh well, back to the (un)installer.

R2 download site is looking good

The MSDN downloads for R2 appeared as promised yesterday. Congratulations to everyone on the SQL team. I must have got one of the first downloads of the Developer Edition and it was nice and fast. I’ve just downloaded Standard Edition and it’s still nearly as fast. Nice. I’m guessing they aren’t using GUIDs for the clustered indexes this time! 😉

SQL Server Setup on Windows 7

I just installed Windows 7 and SQL Server on my laptop. I loved the Windows 7 setup (a huge improvement) but I was, shall we say, “underwhelmed” by the SQL Server setup process.

My laptop is a couple of years old Dell Inspiron 1300 and I was a bit dubious that Windows 7 would work on it, especially after reading the complaints on the Intel forums about the lack of support in Vista for the graphics chipset. But you only live once so I just went for it and it runs fine. At first there was no wireless networking and the graphics were dire but, as soon as I plugged my network cable in, Windows Update installed the drivers and it was all sorted. It’s at least as responsive as XP was on this machine (I skipped Vista). But, damn them, they’ve moved everything around again! Stupid, isn’t it? We want everything to improve but we hate it when it changes. I expect we’ll all get used to it pretty quickly though.

Then I tried to install SQL 2008 Developer Edition, which is where the gloss started to rub off. Now I installed it on XP on this machine without a hitch but it seems we’re not in Kansas any more. I created a local account for the SQL services and started the setup, which warned me that I would need to install SQL SP1 afterwards before SQL would work properly. Towards the end it failed saying that one of the dependencies was not available. But not which one. The event log showed that the SQL service couldn’t start because it needed the NetLogon service and that wasn’t running. I tried to start that but Nanny said “You don’t need this service because you’re not on a domain, so I’m stopping it”. This is true. I don’t have a domain at home, just a workgroup. I thought maybe I should just carry on with SP1 but that wouldn’t start because the original setup was not successful. Hmm.

I did some Googling and found this article http://support.microsoft.com/kb/955392/ about slipstreaming SP1 into the setup process. Sounded promising. I re-installed Windows because it seemed quicker than un-installing SQL and cleaner. I followed the instructions and start the setup with the /PCUSource parameter and it said there is no such thing, which was borne out by running setup.exe /?. So don’t bother trying that!

In the end I settled for using the local system account for my services and that worked fine.

I don’t think a standalone laptop is that unusual. Why isn’t there better information about this? Perhaps there’s a way to tell the NetLogon service to run anyway. Perhaps there are several ways round this. But should I have to run around blogs and forums trying to find it? I don’t think so.