CODEWITHSUNDEEP
phpsql-serverapacheubuntuauthentication
Daniel.z
Daniel.z

Reputation: 17

Cannot connect to MSSQL via PHP

Connection to MsSQL failed. Error message: 

SQLSTATE: HYT00

Code: 0

Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired

SQLSTATE: 08001

Code: 10057

Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]TCP Provider: Error code 0x2749

SQLSTATE: 08001

Code: 10057

Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.

OS: Ubuntu 16.04

I installed all driver needed according to the guide. 

try {
  $conn = new PDO ("sqlsrv:Server=host.com\instance; Database = DBName",NULL,NULL);
  $conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch( PDOException $e ){
  die(print_r( $e->getMessage()));
}

Since I used windows NT authentication, I leaved username and password blank.

Really need HELP !!!!

Thanks!!

Upvotes: 1

Views: 764

Answers (1)

Rachel Ambler
Rachel Ambler

Reputation: 1604

Best I can offer you (and at the risk of just providing a link) is the following MSDN post: SQL Server Driver for PHP: Understanding Windows Authentication

Here's probably the most interesting piece:

(Following is not my work, but Brian Swan's)

But understanding what identity was being used in the connection attempt was confusing. What helped clear up my confusion was learning this: The identity that is used to connect to the server will always be the identity of the process in which PHP is running. That may be a bit oversimplified (impersonation allows the process to temporarily use a different identity), but understanding this allowed me to move forward. After some more digging and some experimentation, I found I needed to answer two questions to know what identity would be used in the connection attempt:

1) What was the authentication mode for IIS? (Anonymous authentication? Windows authentication? Both?)

2) Was impersonation for the FastCGI module on or off? (i.e. Was the fastcgi.impersonate setting in my php.ini file set to 0 or 1?)

Here’s what I found:

A. IIS Anonymous Authentication enabled and fastcgi.impersonate = 1: Because I was connecting to IIS anonymously, the built-in anonymous account (which is NT AUTHORITY\IUSER by default in IIS 7.0+) was impersonated. So, my connection attempt failed because this identity does not map to a valid login on my server.

B. IIS Anonymous Authentication enabled and fastcgi.impersonate = 0: Because impersonation was off, my identity was not used as the identity of the PHP process. Instead, the actual identity of the PHP process was used in the connection attempt. In IIS 7.5, the identity of the PHP process depends on the identity of the application pool it is running in. In this case, PHP was in the default application pool and the identity used in the connection attempt was IIS APPPOOL\DefaultAppPool (so my connection attempt failed). This article provides more information about different versions of IIS and the identity of applications: Who is my IIS Application Process Identity?

C. IIS Windows Authentication enabled and fastcgi.impersonate = 1: With Windows authentication enabled (and Anonymous Authentication disabled), I connected to IIS with the identity that my Web browser was running under (Microsoft\brian.swan, the identity I logged in with). And, with impersonation on, the PHP process ran under the Microsoft\brian.swan identity. So, since that identity mapped to a valid login on my server, my connection attempt succeeded.

D. IIS Windows Authentication enabled and fastcgi.impersonate = 0: The results here were the same as with Anonymous authentication enabled and fastcgi.impersonate = 0 (the connection attempt failed). The only difference occurred when I requested the page from the Web server: a pop-up window asked for my identity when I requested the page.

E.Both Anonymous and Windows Authentication enabled: Web browsers will try to access a Web server by using anonymous authentication first. So, if both Anonymous and Windows Authentication are both enabled, the results will be the same as those above where Anonymous Authentication is enabled (A and B). For more background on this, see How IIS authenticates Web browser clients.

Upvotes: 1

Related Questions