sql server – Troubleshooting error message Invalid Object Name accessing MS SQL with python

Using python, I can connect to a MS SQL database, but cannot run any queries at all. I always get the error – invalid object name.

I understand from other stack exchanges that I may be accessing the wrong database (although that is specified in my connection); there may be something wrong in my schema (whatever that is); or I simply don’t have permission to run a query (I should have been given read only permissions).

My connection looks like:

import pyodbc

connSurvNet = pyodbc.connect(r'DRIVER={ODBC Driver 17 for SQL Server};' +
   ('SERVER={server},{port};' +
   # 'DATABASE={database};' +
   'UID={username};' +
   'PWD={password}').format(
   server= 'xxx',
   port= 1433,
   database= 'db',
   username= 'xxxx',
   password= 'xxxx')
   )

In another database, I can download a table into a pandas dataframe with the following code:

df = pd.read_sql_query('''SELECT * FROM MyTable''', conn)

But from the database in question, MyTable is never a valid object name.

We have a gui interface for querying the data, which allows me to see the SQL-code used for the queries. It includes code like:

FROM (Data).(Version)

I’ve a pdf of the tables, with all the table names and columns, but nothing I enter as MyTable is ever valid.

I’ve run a few ideas from Stack Exchanges, like DB_SELECT(), which shows I’m connected to a database ‘master’, but I do not know of other things I can do to isolate my issue. Any further steps to understand my issue would be appreciated.

https – Website dropping my session when accessing it with iOS Shortcut actions as opposed to curl

I am trying to log on to a website with my credentials using the Shortcuts App on iOS making several HTTP requests. These requests are encapsulated within blocks called “actions”. The name of this HTTP request action is “Get Contents of URL”. It lets you choose between GET, POST, DELETE etc. and let you set header custom header fields as well.
The only downside: You can not access the response header. Hence, if there’s a “Set-Cookie” in the response header, you can’t store it for later use.

My Problem is that the login process is failing with these shortcut actions but it is successful when I perform the login using distinct cURL commands sending the same data. And here’s where I am unsure: Whether it is actually the same data that the cURL commands send.
I copied them from a chrome session in which I logged in to the website (“copy as curl”).

The website is an rwt/rap client, which I have never heard of before. It seems like every interaction on the website (pressing buttons, entering form data) sends a POST with json data structure in the body.
For example, this is the data that’s being sent when leaving the input field for the username after entering it (“myUsername“):

{"head":{"requestCounter":1},"operations":(("set","w4",{"selection":(8,8),"text":"myUsername"}),("notify","w4","FocusOut",{}),("notify","w22","FocusIn",{}),("set","w2",{"activeControl":"w22"}),("set","w1",{"cursorLocation":(525,484),"focusControl":"w22"}))}

The process to login is the following:

  1. Send a http GET to the url and retrieve a 32 char long “jsessionid
    in the response body
  2. Send a http POST to the same url but with
    ;jsessionid=<32characters>” appended to it and retrieve a 6 char
    long “cid” in the response body
  3. Send the username in the request body (in a json data structure) to the same url as in step 2 but with “?cid=<6characters>” appended to it and retrieve a response with {"head":{},"operations":()} in the body signaling success
  4. Send the password in the request body (json structure) to the same url (with jsessionid and cid) and retrieve a response with {"head":{},"operations":()} in the body signaling success
  5. Send a “button Press” for the login button in the request body to the same url retrieve a response with a long json structure in the body that contains instructions on how to generate the UI of the “logged in” website

Oh yeah, and every request that I send has a request counter that I increment in the request body’s json.
But for now I am only concentrating on logging in successfully, which contains of the above 5 requests.

Sending them with cURL: No problem. Using the shortcuts action’s http requests I get an error for the one sending the password (No 4): The error is a 403 with the following text "Forbidden You dont have permission to access /path-to-app/pcterminal;jsessionid<32characters> on this server. Additionally, a 500 Internal Server Error error was encountered while tring to use an ErrorDocument to handle the request."

At first I thought that it has to do with cookies, because the requests that I recorded in chrome had a “Set-Cookie” in the response containing the jsessionid and a settingStore. But I dropped the entire “Cookie” field from the request headers when using the cURL commands.
But the error seems to indicate that before I send the 4th request the server has dropped my session somehow.

How else could I debug this and find out the cause of this?

networking – Accessing WSL2 From Public IP Address

I have installed WSL2 with Ubuntu 20.04 on Windows 10.

I have an Apache server running in WSL2, and this works fine when I use a browser in Windows (Chrome) to access it via WSL IP address.

As the WSL2 IP address may change, I’ve created the following Powershell script which restarts WSL, grabs the new WSL IP address, restarts the services (Apache and MySQL for the website itself, and also Cron to run “certbot” for SSL certificate renewal), then I set up port forwarding from Windows to the WSL IP for ports 80 and 443, ensure that the Windows Firewall is open for those ports, then update the hosts file for the domain to the new WSL IP address.

Write-Host "Shutting down WSL"

wsl --shutdown

Write-Host "Starting services..."

wsl sudo service mysql restart
wsl sudo service apache2 restart
wsl sudo service cron restart

$wsl_ip = wsl hostname -I

Write-Host "Port forwarding to $wsl_ip"

netsh interface portproxy reset
netsh interface portproxy add v4tov4 listenport=80 connectport=80 connectaddress=$wsl_ip
netsh interface portproxy add v4tov4 listenport=443 connectport=443 connectaddress=$wsl_ip
netsh interface portproxy add v4tov4 listenaddress=192.168.1.165 listenport=80 connectport=80 connectaddress=$wsl_ip
netsh interface portproxy add v4tov4 listenaddress=192.168.1.165 listenport=443 connectport=443 connectaddress=$wsl_ip
netsh interface portproxy show all

Write-Host "Open Firewall"
Remove-NetFirewallRule -DisplayName "Apache2 Port 80 TCP"
Remove-NetFirewallRule -DisplayName "Apache2 Port 443 TCP"
New-NetFirewallRule -DisplayName "Apache2 Port 80 TCP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow -EdgeTraversalPolicy Allow
New-NetFirewallRule -DisplayName "Apache2 Port 80 TCP" -Direction Outbound -Protocol TCP -LocalPort 80 -Action Allow
New-NetFirewallRule -DisplayName "Apache2 Port 443 TCP" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow -EdgeTraversalPolicy Allow
New-NetFirewallRule -DisplayName "Apache2 Port 443 TCP" -Direction Outbound -Protocol TCP -LocalPort 443 -Action Allow

Write-Host "Updating hosts..."

$domain = "example.com"
$line = "$wsl_ip`t$domain"
$hostsPath = "$env:windirSystem32driversetchosts"
$items = Get-Content $hostsPath | Select-String $domain

if($items -eq $null)
{
    Add-Content $hostsPath $line
}
else
{
    foreach($item in $items)
    {
        (Get-Content $hostsPath) -replace $item, $line | Set-Content $hostsPath
    }
}

pause

I’ve tested the script and it does complete all the tasks correctly. The “hosts” file is updated, the firewall rules are added (this one could just be run once and needn’t be in this “restart server” script, but I’ve bundled all the steps together into this script).

The script shows all the portproxy rules and they are set up as expected (there’s not necessarily a reason for listening on all addresses and then also specifically listening on the Windows LAN IP – this is just paranonia and testing different things, when it wouldn’t work).

And the server itself is up and running, because if I browse to the WSL IP address (or use the domain name, thanks to the hosts entry – using the correct domain name matches the SSL certificate to not have to wave away browser warnings) or “localhost” then the website comes up just fine.

But If I try to browse to “127.0.0.1” or the Windows LAN IP address (192.168.1.165, as shown in the script) then I get “connection refused”.

Note that I’ve directly placed portproxy commands in the script for IP 192.168.1.165 to the WSL IP address (which works when used directly), so this portproxy is being explicitly refused (by the firewall? But I’ve added Firewall rules to open those ports, right?).

And if I try to use the public IP address (or real domain name) then the browser just spins until it says “timed out”. Which is interestingly different, as 127.0.0.1 and the LAN IP address are “connection refused” (returning immediately) but this is timing out from no response at all.

The server itself is in the DMZ and the public IP address is NAT’d to the LAN IP address, which is why I’m specifically trying to get that one working, as it should make it publicly accessible.

I did have this server up and running previously – with full public access and all was fine – but the server suffered a power outage, and now I can’t get it to work again.

It’s possible that there was some command or setting I did previously, that wasn’t saved and got lost in the power outage, but I can’t think what it could be.

Any ideas what could be making the LAN IP / 127.0.0.1 fail with “connection refused”, while “localhost” and the WSL2 IP works just fine?

Though 127.0.0.1 is less important, as it’s the LAN IP that needs to be working to get it publicly accessible, because that’s what the NAT sends packets to.

exchange server – Accessing In Place Archive of a Shared Mailbox in Office 365?

I’m currently working on a way to get access to the content in an in-place archive on a shared mailbox.

We currently have a client who has a former employee’s mailbox converted to a shared mailbox. It was previously on an E3 subscription and had an in-place archive enabled but the license was transferred to a new employee. I can still see on the web portal and via Powershell that the in-place archive is still enabled and present but we are having trouble accessing it online.

Is there any way to access it via OWA or in some other way?

sharepoint server – unable to render page when accessing externally

my on-prem SP server farm ran into this weird situation where users are unable to render the sites/pages in one of the web applications when they access it from the Internet (home, using phone browser while on LTE, etc). The same site or pages can be rendered successfully when user connects to organization VPN or while in the office. Other web applications are fine and only this one started to act up few days ago. The main site collection has some custom web part loaded so I created a new site collection just to test if a clean site collection can be loaded/rendered and it’s still the same.

I have one computer renders the site while on VPN (which works) and another computer to render the site while just on the home internet just to see if I can pin point what the issue may be, and the only difference is that the successful site loading would show the usual Request (GET:https://xxxx…) while the unsuccessful site request has this high messages followed by some “Dirtied” message:

SPPersistedObjectCollectionCache.RefreshDirtyCollections(): detected intervening update to collection cache file, dirtying all in-memory collection caches.

enter image description here

I am not sure what they do and if they are the culprit for the issue, or if I’m looking at the right place to find the root cause. Would love to hear expert’s feedback on this or direct me to the right direction.

Our environment is On-Prem 2019 Standard.

Much appreciated!

EDIT: Just to add one user took a screenshot with the error using different browser. Sometimes IE would load surprisingly.

enter image description here

oauth2 – OIDC Should I authenticate as the resource owner or machine when accessing an centralised authorization service?

We have an existing user authentication service based on casbin (https://github.com/casbin/casbin) which implements RBAC and holds fine grained user permissions. We are looking to expose this user authentication service as a webservice for other microservices in our organization to consume.

At the same time, we are also looking to upgrade our systems to use OIDC. The users will send HTTP requests with access tokens to the the microservice APIs which will validate the tokens with an authorization server.

Provided the user is authorized to access the API we will need to check the fine grained permissions. Should we authorize to the fine-grained user permission webservice using the access token provided by the user to the microservice, or should our microservices have their own set of client credentials to check the fine grained authorization service?

security – How to prevent docker container from accessing my local network?

I have some website in Docker containers running on my NAS and exposed to the outside world via port forwarding. I thought that is rather save, because even if the container gets hacked, no big deal. But I noticed that when I get access to my docker containers, I am basically inside my local network. I can then use different less secure ports on my computers or NAS, which I purposely have not exposed to the outside world.

Is there a way to prevent my docker containers from accessing my local network?

Preferably a solution with onboard tools from Synology DSM or Docker.