ADFS WID Error: An exception occurred while enqueueing a message in the target queue

An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.

I had to do some troubleshooting on our ADFS (Active Directory Federation Service) servers today and I noticed the Event Viewer was completely full of hundreds of these messages every minute:

An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal “dbo” does not exist, this type of principal cannot be impersonated, or you do not have permission.

There was so many of these messages, I couldn’t see anything else and it was taking too long to filter. So I did a little bit of research on this and with my SQL DBA background, I was able to figure it out. My knowledge of ADFS is limited and this fix worked in our environment but every environment is different, so make sure it will work in your environment too before following this!

The issue is the fact that when ADFS tries to connect to the WID (Windows Internal Database) for ADFS, the user is tied to DBO for the DB. But when the DB Owner is no longer valid, you will get the impersonation error and will no longer be able to connect. Most likely (this is just my assumption for my environment) ADFS was setup a long time ago by a different user that no longer exists. Which then invalidated the owner of the DB. All that needs to be done is change the DB ownership – instantly without a reboot or service restart, it resolved the error messages in my environment and had to be done to each ADFS server.

Many other sites says to install the full SSMS, but this can require reboots and no updates pending, etc. That is actually not necessary if you use PowerShell. If you dont already have it installed for one reason or another, install PowerShell SQL commands:

Run PowerShell ISE (PowerShell will work, I just prefer ISE) AS ADMINISTRATOR. Run this command (be sure its cool with your security team you install this or follow any steps below):

Install-Module sqlserver

After installing the SQLserver module, if you want, you can verify if this is the issue by using the below command.

Invoke-SQLcmd -ServerInstance "np:\.\pipe\MICROSOFT##WID\tsql\query" -Query "select name,owner_sid from sys.databases"

After running the command, if SA does own the DBs (meaning this is NOT your issue) you should see all {1, 0, 0, 0…} in the owner_sid rows. If you see something other than {1, 0, 0, 0…} in all columns like the screenshot below, then you COULD be effected by this (its possible the owner is still a valid user)

To change the owner of the DBs, runs these two commands.

Invoke-SQLcmd -ServerInstance "np:\\.\pipe\MICROSOFT##WID\tsql\query" -Query "ALTER AUTHORIZATION ON DATABASE::[AdfsArtifactStore] TO [sa]"
Invoke-SQLcmd -ServerInstance "np:\\.\pipe\MICROSOFT##WID\tsql\query" -Query "ALTER AUTHORIZATION ON DATABASE::[AdfsConfiguration] TO [sa]"

After running those commands, you should no longer see any new events in the error log.

I hope this helps you! Please let me know if it does in the comments below!

MDBootstrap Discount/Promo Code

MDBootstrap

I have been eyeballing MDBootstrap Pro for a couple years now, and ran into this. I noticed that MDBootstrap was having a promotion where if you used their coupon code, you get 6% off your total. So I just wanted to share it in case you was considering buying it!

T6UR9RVQ

Please consider using my affiliate link so I can make a small commission (at no cost to you) for sharing this coupon with you!

https://mdbootstrap.com/

Save 16% with a few extra steps

They give you an extra 10% savings if you like their Facebook page and signup to their newsletter if you use this link..

https://mdbootstrap.com/coupon/

I hope all of this helps you save a little!

Material Design for Bootstrap 4

A powerful and free UI KIT for the newest Bootstrap 4 and Material Design

500 material UI elements, 600+ material icons, 77 CSS animations, Sass files, templates, tutorials and many more. Free for personal and commercial use.

Trusted by 1,500,000+ developers & designers. It’s used by companies like Nike, Samsung, Amazon, Ikea, and Sony.

Most important features:

  1. Lots of tutorials
  2. Fully responsive
  3. Plenty of useful templates
  4. Easy installation
  5. Easy to use and customize
  6. Active community
  7. Dedicated support forum
  8. Detailed documentation
  9. Available in jQuery, Angular, React and Vue versions

The most important free resources are:

  1. Material Design for Bootstrap – Details, Demo & Download
  2. Bootstrap 4 tutorial – best & free guide of responsive web design
  3. Free Bootstrap 4 Templates & Themes

Sophos XG Firewall Windows DHCP Server not getting IP Addresses

I recently setup Sophos XG Firewall in my Home Lab and setup vlans, firewall rules, DHCP relays to point to my Windows DHCP Server, etc. The whole 9 yards. After I had everything working, I decided to add in the rest of my VLANS and create relays so they all worked without a hitch. After doing this, something that should not have effected other already working VLANs, nothing was getting DHCP addresses. Not even ones that was working.

I spent MANY hours trying to figure out why. I tried changing all of my firewall rules to any-any, etc. Nothing was working. After looing in the logs, I noticed this:

Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port1.21" out_interface="" src_mac="68:b5:99:6f:b5:fe" src_ip="10.124.216.41" src_country="" dst_ip="10.124.219.254" dst_country="" protocol="UDP" src_port="67" dst_port="67" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature"

I was getting a block by the firewall rule 0 on Appliance Access as Denied. But why? A – it shouldn’t be a firewall rule blocking it because I put in an Any-Any rule. I tried changing everything. But it came down to one.. simple.. thing.. Here is my setup so you can understand the issue.

The Setup

  • VLAN 110 – 192.168.0.0/24 – Networking equipment
    • Sophos XG Firewall – IP 192.168.0.5
  • VLAN 111 – 192.168.1.0/24 – Servers
    • Windows AD/DNS/DHCP Server – 192.168.1.10
  • VLAN 112 – 192.168.2.0/24 Clients (No IP address)
    • Laptop
    • Cellphone

In Sophos, Windows DHCP, I setup DHCP subnets for all three vlans. Then in Sophos, I setup a DHCP relay just the Clients VLAN.

It worked! I was getting IP addresses assigned to the Clients.

The Issue

Then I decided to setup VLANs for every subnet and made quite a few other changes to get it to that perfect lab I was hoping for. I looked up and noticed all my Chromecasts was saying they couldn’t get an IP. I checked and sure enough, it was no longer dishing out IP addresses.

The Resolution

After much trial and error, I found that the fact I put a DHCP relay on the subnet the DHCP server was on, it was causing all the DHCP requests to fail.

Someone may have a better understanding of it and can explain better in the comments, but what my assumption is, when the DHCP request goes out, it gets blasted to the entire vlan to find a DHCP server by blasting out to port 67/68 UDP in search of a DHCP server. The gateway at 192.168.2.1 forwards this to the 192.168.1.0/24 vlan and it receives the blast on that subnet for the response, and blasts that back out to the requesting vlan.

If you put in a DHCP relay on the same subet as the DHCP server, then when it tries to “blast” the response back, the gateway takes that requests and tries to re-blast it in the same subnet. This causes a malformed loop and causes the request to fail. Thus removing the DHCP relay on the VLAN the DHCP server is in should fix this.

Please let me know if you have a better understanding of the cause or if this helps you!

Samsung Galaxy Watch (46mm) vs Fossil Gen 4 Explorist: Which one I stuck with

I have been wanting a smart watch for the last year or two, but one of the biggest reasons I waited till now to get one is because I could not decide which one I wanted. I had it narrowed down between a Samsung Galaxy Watch (46mm) and a Fossil Gen 4 Explorist. But there was a couple features from each one that made it stick out.

There are major differences between the watches and each one had a few of my requirements in what I wanted from a watch, but neither had them all. So I just had to choose which one was worth the most to me.

Continue reading “Samsung Galaxy Watch (46mm) vs Fossil Gen 4 Explorist: Which one I stuck with”

Error 1918 while Installing MySQL ODBC Driver on Windows

Had to install MySQL ODBC Driver on Windows when I was trying to use SSMA to convert a MySQL DB to Microsoft SQL. When I tried to install the driver, I got the below error and was completely puzzled. I finally found the fix..

Error 1918. Error installing ODBC driver MySQL ODBC
5.3 ANSI Driver, ODBC error 13: The setup routines for
the MySQL ODBC 5.3 ANSI Driver ODBC driver could
not be loaded due to system error code 126: The
specified module could not be found. …\myodbc5S.dll…

MySQL ODBC Error 1918

Continue reading “Error 1918 while Installing MySQL ODBC Driver on Windows”

Error When Setting Up Database Mirroring

I spent a full day attempting to setup Database Mirroring on two SQL Server 2017 Development Editions with SSMS 17.4 to test a setup. Took a full day when it should have only took a few minutes and I could not find any help online, so I thought I would share my fix.

The Problem

I was getting this error at first:

Database “AdventureWorks” is not configured for database mirroring. (Microsoft SQL Server, Error: 1416)

After doing some research, I discovered that I needed to restore a full backup with the NORECOVERY option. Did that. Here is what I got then:

Database ‘AdventureWorks’ cannot be opened. It is in the middle of a restore. (.Net SqlClient Data Provider)

Well of course it is.. That is what I am suppose to do.. Everything I found online said make sure you restore it with NORECOVERY. I was in a never ending loop. I tried everything I could think of.  Continue reading “Error When Setting Up Database Mirroring”

Creating Cron Jobs in Windows 10 and Windows Server 2016

I recently made the switch from a Linux LAMP server to a Windows Server 2016.  It didn’t take me too long to figure out I forgot to transfer my cron jobs for my PHP pages. I went to start the transfer and I soon realized that Windows does not support cron jobs. However, I did find the Windows version of Cron jobs. Below is what I did to create these cron jobs so my PHP crons will continue run on schedule. This trick will really work in all versions of Windows, but you must get to it different methods.

Continue reading “Creating Cron Jobs in Windows 10 and Windows Server 2016”

How to start your own blog

When you are looking to start a blog of your own, it can seem like a daunting task. In reality, if you take it one step at a time and with the right instructions, you can easily create your own blog in just a couple minutes. The hardest part is choosing your website name and creating content. But if you are serious about it, in just a few minutes you can be on your way to creating your first blog post.

Step 1 – Choose a provider

The first thing you want to do is pick out a hosting provider. A hosting provider is who will actually store the files for the website and who will make it available for people on the internet.

I, myself, am a hosting provider, therefore I host my own sites. If you are interested in using me as your hosting provider, you can signup at https://axelwebhosting.com and use the coupon code “1STMONTHHALF” and you get your first month 50% off. This tutorial will show you how to setup a WordPress blog on my hosting platform using the WordPress easy installer. Continue reading “How to start your own blog”

Creating Rooms in Office 365 Exchange Online and Add To Rooms List

The title above is quite long, but exactly to the point – I found myself unsure how to add a resource room in Office 365 for Exchange online because it was set up by previous employees and hadn’t been done since then. Then I needed to add it to the Rooms List. I will walk you through my process of how I created a room and added it to a room list. This was also done in a hybrid environment (Exchange Online and Exchange 2013).

Create User Account

The first step is to create a regular AD user account. I created it in Active Directory User and Computers. You will not need to know the password, so set it to something crazy long and forget it. Be sure to set the password to never expires. And after all of this is said and done, we will disable the account for security.

I filled out Display Name, Telephone Number and Password Never Expires. Continue reading “Creating Rooms in Office 365 Exchange Online and Add To Rooms List”

How to turn Modern View back on in SharePoint Online

When we first switched to SharePoint Online, I loved the new view! The only problem was as an administrator, I needed to switch back to the classic view to manage some parts of a list that wasn’t available in the new look. I could not find a button that allowed me to just switch back. After looking up some blog posts, I found that people said to simply log off and log back on. However, this did not work for me. Here are some other ways I found to do it, and some more “advanced” ways to do this, as well as a way to script it (or add a button for end users).

Continue reading “How to turn Modern View back on in SharePoint Online”