Technology | Vinod Kumar (Blog home)

Archive for the ‘Technology’ Category

SQL Server: Locking basics November 15th, 2012

Vinod Kumar

The learning journey can never stop. As we learn the basic building blocks of SQL Server there is always a need to do refreshers. This blog is on the same lines. I would urge you to read the Blog around Concurrency over at Pinal’s site and then continue the reading below because the basics of Locking is incomplete if we don’t understand what are the concurrency basics. Just like you have traffic signals that regulates traffic to make sure there are no grid locks or long waits for commuters. The parallel lanes for traffic is synonymous to concurrency. SQL Server uses locks as an mechanism to bring the consistency at the same time build the concurrency for the system. Locks are inevitable in any database world and those are also fundamental building blocks.

Locks are applied in both optimistic and pessimistic concurrency models.
Locking is used for maintaining consistency for concurrent transactions.
Read operations acquire shared locks, exclusive locks by write operations while update locks are got during initial portion of an update operation when SQL Server is searching for the data to update.
SQL Server releases locks automatically and manages compatibility between various locking modes, resolves deadlocks and lock escalations are done to reduce overheads.
SQL Server controls locks on tables, on the pages of the table, on index keys and on individual rows of data based on the operation done.

Lock Modes

Shared Locks
1. Automatically acquired while reading data.
2. This lock can be on a page, table, index key or individual row based on the isolation level.
3. Multiple processes can hold shared locks on the same data and read from it too.
4. No other process can get an exclusive lock on data that has a shared lock. Neither can a process acquire a shared lock when there is an exclusive lock already on the table.
5. Shared locks are not held for the whole duration of read in the default isolation level.
Exclusive Locks
1. This lock is acquired on data when modifications are done by DML statements like INSERT, UPDATE or DELETE operation.
2. At any point in time exclusive locks can be held by only one process.
3. In an exclusive locking mode no other process can take locks in this process.
4. Exclusive locks are taken for the duration of the transaction length as the process can either commit or rollback.
Update Locks

This is an hybrid of exclusive and shared locks.
This lock is taken when SQL Server searches the table to find the resource that needs to be modified.
This can also be initiated using using query hints. It is desirable not to use the same.
Even in this lock, it is not the sufficient level to change data. SQL Server must take exclusive lock to modify data.
Used as an intermediate lock before escalating to exclusive locks.

Intent Locks

As the name suggests is a pre-qualifiers to shared/update/exclusive locks.
Since SQL Server can acquire locks at different levels, before the process completes or the statements completes SQL Server might want to know if locks are already acquired.
This is an intermediate locking state and not to be confused as a separate locking mode.

Special Lock Modes

Schema stability locks – at the time of compilations, this lock makes sure that no other process is modifying the schema of the underlying objects.
Schema modification locks – acquired when a table’s structure is being modified.
Bulk update locks – locks taken for BULK INSERT command or bcp utility operation. This lock can also be turned on using the table hints.

Conversion Locks

As the name suggests, this lock happens during a conversion from one mode to another. There are three types SIX, SIU, UIX where SIX is the most common and the details are below.

Key-Range Locks

Locks taken in serializable isolation level for locking ranges of data.
Can be taken only on keys.

Let us look at the common abbreviation and locking mode descriptions:

S – Shared: Allows processes to read concurrently but cannot change the resource locked.
X – Exclusive: Prevents processes from modifying or reading data in the data.
U – Update: Prevents external processes from acquiring an update or exclusive lock.
IS – Intent shared: Acquired when resource is locked with a shared lock.
IU – Intent update: Acquired when the resource is locked with an update lock.
IX – Intent exclusive: Acquired when the resource is locked with an exclusive lock.
SIX – Shared with intent exclusive: Shows that a shared lock pages have either a page or row with exclusive locks.
SIU – Shared with intent update: Shows that a shared lock pages have either a page or row with an update lock.
UIX – Update with intent exclusive: Shows that a update lock pages have either a page or row with exclusive locks.
Sch-S – Schema stability: Used to show a query using the object is being compiled at that moment.
Sch-M – Schema modification: Used to indicate the table’s structure is being updated at this moment.
BU – Bulk update: Lock acquired when bulk copy operation (like bcp) is copying data into a table.

Lock Granularity

SQL Server can lock resources at the table, page, partition or row level.
If locks are escalated, SQL Server can also lock a single partition of a table or index.
SQL Server can also lock index keys and ranges of index keys if needed.
DMV sys.dm_tran_locks view keeps track of each lock and contains information about the resource which is locked and an identifier for the specific resource

Key Locks

SQL Server use of key locks depends on the isolation level of the transaction.

If isolation level is Read Committed, Repeatable Read or Snapshot, SQL Server locks the actual index keys accessed while processing the query.
If isolation level is serializable, to counter phantoms reads, key-range locks are acquired for the range of values queried.
Incase of tables with clustered index, leaf node contains the data and hence the locks are acquired at this level.

There are 9 types of key-range locks:

RangeS-S
RangeS-U
RangeIn-Null
RangeX-X
RangeIn-S
RangeIn-U
RangeIn-X
RangeX-S
RangeX-U

Other Locking Assets

We saw locks on objects, pages, keys, partitions and rows. Three are other SQL Server can lock too.
Extents are units of 64KB disk space that can be locked. This is a special type of lock that is taken when an object needs to expand and a new extent is allocated.
Generally connections hold a lock on at least one database object and will have resource_type = DATABASE at a minimum running in the session.
You occasionally have locks on individual partitions, indicated in the lock metadata as HOBT locks. Occurs when locks are escalated and escalation to that partition level is allowed

Lock Duration

The length of time that a lock is held depends primarily on the mode of the lock and transaction isolation level in effect.
Shared locks in Read Committed and Snapshot isolation levels are released as soon as SQL Server has read and processed the locked data
Shared locks behave the same as exclusive locks in Repeatable Read and Serializable isolation levels – they are not released until the end of the transaction
Update locks are also held until the end of the transaction unless it has been promoted to an exclusive lock in which case it behaves like the exclusive lock

Lock Ownership

Lock duration is directly affected by lock ownership
Ownership == scope of the lock
Four types of lock scopes
1. Transactions – Durations depend on isolation level and lock mode (shared locks and update/exclusive locks)
2. Cursors – requested explicitly when a cursor is declared. If a cursor is opened using a locking mode of SCROLL_LOCKS, a cursor lock is held on every row fetched until the next row is fetched or the cursor is closed. Even if the transaction commits before the next fetch, the cursor lock is not released
3. Transaction_Workspaces – acquired every time a database is accessed and the resource associated with these locks is always a database. A workspace holds database locks for sessions – usually there is one workspace per session and all DATABASE locks acquired in the session are kept in the same workspace object. In distributed transactions, multiple sessions are enlisted into the same workspace so they share the database locks
4. Sessions – must be requested explicitly using the sp_getapplock procedure, and apply only to APPLICATION locks. Its duration is until the session disconnects or the lock is released explicitly

Thanks for reading this far. I know there is more to learn and write like Lock Timeout, Locking Hints, Version Stores, Snapshot Isolation Level, Row Versioning, Deadlocks, Lock Escalations, Row-level Locking and Page-level Locking, Lock Blocks, internal locking etc !!! I will surely keep you posted similarly in future.

4 Comments »

SQL Server: Transaction Logs and Recovery November 12th, 2012

Vinod Kumar

In my day-today customer interactions I meet a lot young, smart DBA’s who are still stepping into the ranks of making their applications robust. As part of their daily activities they are getting guided by some seniors who impose some of their views based on their past experience. Unfortunately, in this process the fundamentals are lost and as we build our career we need to understand the basics. One of the topics I explain almost every customer is about how Transaction Logs work, why they keep growing, how to make it cycle/reuse, what happens after backup etc. So I plan to write such posts in the future too, these are lists for reference making learning fun and easy. I am writing this post in the style of notes taken in a class, hope that will make reading easy and leaning faster :).

Transaction Log Basics

Transaction log records changes made to the database and stores enough information to allow SQL Server to recover the database.
Recovery is the process of reconciling the data files and the log.
Any changes to the data that the log indicates have been committed must appear in the data files and any changes that are not marked as committed must not appear in the data files
Log also stores information on how to roll back transactions if a ROLLBACK TRAN is received from the client or a deadlock generates an internal ROLLBACK.
One or more transaction log files are associated with a database when the database is created.
Log record is labeled with a Log Sequence Number (LSN) which is guaranteed to be unique.
Log entries part of the same transaction are linked so that they can be located easily for undo or redo activities.
SQL Server keeps track of the current position in the log by the LSN and when a page is changed the LSN corresponding to the log entry for that change is written into the header of the data page.
Dirty pages can be written to the disk only when the LSN on the page is less than or equal to the LSN for the last record written to the log.
The Buffer Manager guarantees that the transaction log will be written before changes to the database are written (write-ahead logging).
Buffer Manager also guarantees that log pages are written in a specific order making it clear which log blocks must be processed after a system failure regardless of when the failure occurred.
Log records for a transaction are written to disk before the commit transaction is sent to the client process. Actual changed data might not have been written out to data pages yet.
Though log writes are asynchronous, at commit time thread must wait for the write to complete to the point of writing the commit record in the transaction log. Data page writes are completely asynchronous.
Logging involves "demarcating" the begin and end of each transaction with information about changes made to the data in between. At the end, its marked with a commit record.
An aborted transaction undoes the changes made to the original data and these changes are written to the log and marked as "compensation log records".
There are two types of recovery (goal for both is to make sure log and data are in sync):
1. Restart Recovery – runs every time SQL Server is started. Runs on each database (in parallel) and the SQL Server error log tells you how many transactions were rolled forward and back. This is also called as Crash Recovery.
2. Restore Recovery – also known as Media Recovery is run by request when a restore operation is requested via the backup route.
Both the above types have to deal with 2 important situations:
1. When transactions are recorded as committed in the log but not written to the data file.
2. When changes to the data file don’t correspond to committed transactions. This can happen when a implicit indirect or explicit checkpoint forced this case.

Phases of Recovery

Now that I have set some context to the basic units of transactional logs and why they are used. We need to also understand the stages of recovery process.

Phase 1: Analysis Phase – Forward pass starting at the last checkpoint record in the transaction log. Determines and constructs a Dirty Page Table (DPT) consisting of pages that might have been dirty when SQL Server stopped. Active Transactions Table is also built consisting of uncommitted transactions
Phase 2: Redo Phase - Returns the database to the state it was in at the time SQL Server was stopped. Starting point for this forward pass is the start of the oldest uncommitted transaction. The minimum LSN in the DPT is the first page that is expected to be redone. But all logged operations starting at the oldest open transaction need to be redone for necessary locks to be acquired
Phase 3: Undo Phase – Uses the list of Active Transactions found in Phase 1 to roll each transaction back individually. Any transaction that was not committed is undone
Fast Recovery Phase – available in Enterprise and Developer edition allows for a database to be online as soon as redo phase is finished

Page LSNs and Recovery

Every database page has a LSN in the page header that reflects the location in the transaction log of the last log entry that modified a row on this page.
Also keeps track of the LSN which was on the data page before the change recorded by the latest log record.
During redo, LSN of each log record is compared to the LSN of the data page that the log entry modified.
1. If it’s equal to the previous page LSN in the log record, the operation indicated in the log entry is redone.
2. If it’s equal or higher than the actual LSN for the log record, REDO operation is skipped.
A transaction log cannot be truncated prior to the point of the earliest transaction that is still open, no matter how many checkpoints have occurred.

Virtual Log Files

A transaction log for any database is maintained as a set of virtual log files (VLFs) who size is determined internally by SQL Server by the total size of all the log files and the growth increment used when enlarging the log.
Log file is grown in units of entire VLFs and be shrunk only to a VLF boundary:
1. When a log file is first created it always has between 2 and 16 VLFs.
2. If its 1 MB or less – log file size is divided by minimum VLF size 31 * 8KB to determine number of VLFs.
3. If its between 1 and 64 MB – log is split into 4 VLFs.
4. If greater than 64 MB but less than 1 GB 8 VLFs are created.
5. If greater than 1 GB, 16 VLFs are created.
  The above rules of thumb can be different depending on the version of SQL Server you are working.
4 states for a VLF:
1. Active – active portion of the log begins at the minimum LSN representing an active transaction. The active portion of the log ends at the last LSN written
2. Recoverable – portion of the log preceding the oldest active transaction is needed only to maintain a sequence of log backups for restoring the database to a former state
3. Reusable – If transaction log backups are not being maintained or if log was already backed up, VLFs before the oldest active transaction are not needed and can be reused
4. Unused – One or more VLFs at the physical end of the log files might not have been used yet if not enough log activity has taken place. Or if earlier VLFs have been marked as reusable and then reused
Automatic Truncation – understand when the Log backups are not existent:
1. You have configured the database to truncate a log on a regular basis by setting the recovery model to SIMPLE.
2. You have never taken a full database backup.
3. All log records prior to the oldest active transaction are invalidated and all VLFs not containing any part of the active log are marked as reusable. This process doesn’t shrink the physical file it is used in a cyclic manner.
Automatic Shrinkage – A database is truncated to allow for shrinking. If autotruncate and autoshrink option is set, the log is physically shrunk at regular intervals. This is something not recommended, though this option exists.

Database Recovery Models

As we learn about transaction logs, we cannot miss understanding the recovery models and the effects of the same. There are 3 modes of recovery models:

FULL Recovery Model
1. Provides the least risk of losing work in case of a damaged data file.
2. All operations are fully logged – in addition to logging every row changed via DML, the entire row is written to the transaction log using BCP or BULK INSERT operation.
3. Also fully logs CREATE INDEX operations.
4. Use this if you need to recover to a Point-in-time from your backup.
BULK_LOGGED Recovery Model
1. Allows you to restore a database completely in case of media failure and gives the best performance and least log space usage for certain bulk operation.
2. Minimal logging compared to FULL recovery model.
3. Minimal logging consists of logging information that is required to roll back the transaction without supporting point-in-time recovery.
4. Every data file in SQL has a special page called Bulk Changed Map (BCM) page also called Minimally Logged Map (ML Map) page. Each bit on a BCM page represents an extent and if the bit is 1 it means that this extent has been changed by a minimally logged bulk operation since the last transaction log backup.
5. BCM map is located on page 7 of a 4GB span and all the bits are reset to 0 every time a log backup occurs.
SIMPLE Recovery Model
1. Offers the simplest backup and restore strategy.
2. Transaction log is truncated whenever a checkpoint occurs (which happens regularly).
3. Only backups that can be made are ones that don’t require log backups.

Choosing the right recovery model is very important for functioning of your databases.

Backing Up and Restoring a Database

SQL Server has four main types of backups:

Full Backup – Copies all pages from a database onto a backup device.
Differential Backup – Copies only the extents that were changed since the last full backup was made. Done by examining the bits on the DCM pages for each data file in the database. When any page in an extent is changed, the corresponding bit in the DCM page is set to 1
Log Backup – Copies all the log records that have been written to the transaction log since the last full or log backup was made
File and Filegroup Backup – these backups are intended to increase flexibility in scheduling and media handling compared to full backups, in particular for very large databases. Useful when database contains varying update characteristics or priority levels

Thanks for reading this far. Hope the basics are clear now. Given these pointers, feel free to explore more into MSDN documentation.

20 Comments »

SQL DBA Checklist November 8th, 2012

Vinod Kumar

Long time back I did write about what activities constitute a DBA role and as I start meeting more DBA in my day job – I get asked, is there any checklist? If you really ask me, that article does call out most of the points. Here is just yet another list. Feel free to add more to this list -

As a DBA we work to keep the systems up and running for the business, hence there are business requirements we need to be aware off like below – know the answers to the below and ask your respective stakeholders before designing the system:

Establish specific SLAs (service level agreements) with stakeholders
What Availability do they want? (aka find our your maintenance windows)
RPO (recovery point objectives – how much you can afford to lose if DR / corruption occurs)
RTO (recovery time objective – how long to bring database/system back up after DR/Corruption)
Points of contact (owners) for the various databases. This is true in consolidation environments. People change roles or switch jobs – keep this uptodate always.
Change control – how often, who has what rights to DB, what auditing is in place etc. – especially important for shared instances
Response times & escalation procedures (how soon you will do changes if you do them for the customer, how soon you respond when problems arise – are you a 24×6, 24×7, 7×12, 5×10 shop, do you have people on call, how do they reach on call person, etc.)
Based on the responses, make your backup strategy based on this because the RTO, RPO will be something decided by this strategy.
Know the immediate or near future plans of the organization to support newer versions. Plan on a upgrade or migration strategy before hand and know the nuances. Check my previous post on Upgrading to SQL Server 2012.
Know your various contact points from an Hardware perspective – SAN vendor, Software vendors, Network switch vendors, Network Admins and the various access mechanisms to reach the server. Document them and keep them handy always.

Other lists include:

Test your disaster recovery plan by a junior DBA to check if you have missed any steps.
Pre-grow your databases to cover the projections for the next year
Pre-size the tempDB to its regular maximum size.
Check that security is still tight – people who have left the group/company no longer have logins, no new logins have snuck into highly privileged groups, etc.
Check all your logs thoroughly for abnormality.
If you’re not yet using Policy Based Management, double check that all your configuration settings are still correct.
Take new performance baselines to track if the system is performing better compared to a baseline.
Resync your test and development systems with production or production like data
Implement some of those cool new techniques, functionality, tips, etc. you learned at your last conference. Always look at implementing new efficient methods of code.
Ask your hardware admins to do low level hardware diagnostics
Install MOM/SCOM agents (or at least some other monitoring / alerting tool).
At the very least configure SQL (SMTP) Mail and Operator alerts for job failures.
Ensure you have maintenance plans for re-indexing/defragging and updating statistics.
Configure your maintenance plans to pick up new databases automatically or write your own scripts to detect and configure new plans (in the process of writing some now).
Add a job to recycle the error log every night to keep logs small.
Keep an script handy for any non-compliance and keep running them time-to-time on the environment.
Test your disaster recovery plan again!!

Additionally I might do things on a daily basis and quarterly basis like, some tasks done daily are:

Monitor and Check for blocking spids
Monitor and check for deadlocks
Monitor and check status of SQLAgent jobs
Monitor disk growth (especially processes that might be eating up transaction log-space).
Monitor for rogue, ad-hoc queries that might be running against your production systems (and take appropriate, punitive action).
Check if there are Login Errors or any suspicious activity on the logs.

Maybe quarterly I might do:

Collect database and table growth history (at least once per week), then review growth rate every quarter. Compare the actual growth rate against expected growth rate from the TECH spec (DEV should always provide estimated growth rates in either the tech spec or deployment plan!)
Create a simple SQL Profile trace that you can run as a SQLAgent job that collects samples of durations of the most critical stored procs and queries in the system. Just like the growth rates above, compare the actual durations against expectations in the tech spec… Also, look for concerning performance degradation over time.
Collect blocking history and review trends quarterly
Collect deadlock history and review trends quarterly
Check who has access to the database regularly
Keep looking at the organizations operational guides and see if there needs to be changes because of upgrades or if the behavior changed in the next releases.
Check once in a while if the tapes and backups are uptodate and functional. This can be randomly done during the quarter.

I am sure I am missing some of the vital points you are doing in your environment. So please feel free to add it over comments and I will be more than happy to merge them.

12 Comments »

SQL Server Script: When were Statistics last updated October 30th, 2012

Vinod Kumar

At my job I often help customers with Performance tuning their SQL Server environments and their application. One of the common recommendation we give is to check their maintenance plans and see if the Statistics of tables are up-to-date. This is a very common exercise and given that you have 1000s of tables to monitor, you might want an easy script to figure out which are those tables / indexes that need attention. I am giving a simple script that we use at our environments to identify the same.

SELECT
OBJECT_NAME(ind.object_id) AS ‘Table Name’,
ind.name AS ‘Index Name’,
STATS_DATE(ind.object_id, ind.index_id) AS ‘Statistics Date’
FROM sys.indexes ind
WHERE OBJECTPROPERTY(object_id,‘IsMSShipped’)=0
ORDER BY 3 DESC

With the above script the output would be as below:

Look at the “Statistics Date” column and this gives you information of how dated the statistics are. Once you have figured out the statistics are out-of-date by few weeks or months, use the UPDATE STATISTICS command to update the same. Yet another command used for this purpose is sp_updatestats.

Also, even if you have AUTO_CREATE_STATISTICS, AUTO_UPDATE_STATISTICS and AUTO_UPDATE_STATISTICS_ASYNC (Statistics documentation) options enabled inside your database Statistics *can* be out-of-date. So analyze your environments from time-to-time and then come up with your updating strategy.

4 Comments »

SQL Server: How to find mapping of tables with filegroups October 29th, 2012

Vinod Kumar

One of the recommendations I give to customers coming to MTC is to do proper placement of tables to appropriate filegroups. The default behavior is – SQL Server would create a default PRIMARY filegroup and all the data would be placed into the .mdf file. And this is something I have seen at a lot of ISV’s forget to work on and configure.

Recently, when this recommendation was given, one of the DBA did ask me – “How do we know which table is in which filegroup? Is there an instant script for the same?”. Well, there are a number of ways to find this information and I am attaching the same for reference here.

Method 1: sp_help

The simplest and the old technique is to use our proven sp_help. The last result set has the filegroup this table dbo.t1 is associated with.

sp_help ‘[dbo].[t1]‘
go

A typical output looks like below:

Method 2: sp_objectfilegroup

The limitation of the method 1 is that it gives in different result set and it is difficult to take this information for future use. Here is an undocumented procedure which can get you this information.

DECLARE @ObjectID INT = (Object_id(‘[dbo].[t1]‘))
EXEC sys.sp_objectfilegroup @ObjectID
go

The output for the above call is:

Method 3: DMV’s

Since SQL Server 2005 we have DMVs that give us important information and interesting insights that we are not aware off. And this information is also hidden inside few DMVs like the query below.

SELECT d.name AS Data_located_on_filegroup
FROM   sys.data_spaces d
WHERE EXISTS (SELECT 1
               FROM   sys.indexes i
               WHERE i.object_id = OBJECT_ID(‘[dbo].[t1]‘)
                      AND i.index_id <= 1
                      AND d.data_space_id = i.data_space_id)

The output of this query would look like:

A small extension to the same query can be made in such a way that we can get all the tables and the filegroups these tables are mapped to. So feel free to use the same.

SELECT OBJECT_NAME (a.object_id) AS ObjectName,
       (SELECT name
        FROM   sys.data_spaces
        WHERE data_space_id = a.data_space_id) AS FileGroupName
FROM   sys.indexes a
WHERE index_id <= 1

I just ran this on my AdventureWorks2012 DB to get the output as below.

Thanks for reading so far. Hope this query will help you plan placing your tables in the right filegroups.

1 Comment »

SQL Server Script: Finding past connectivity issues October 25th, 2012

Vinod Kumar

In my day job I meet a lot of DBA’s who try to send some really interesting requirements. Recently, one of these proactive customer wanted to know if there were any past errors that they can query from the DMVs about connectivity issues. This was interesting and I had sent them the below script for use.

SELECT
CONVERT (VARCHAR(30), Getdate(), 121)
AS [Run_Time],
Dateadd (ms, ( ORB.[timestamp] - OSI.ms_ticks ), Getdate())
AS Time_Stamp,
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/RecordType)[1]‘, ‘varchar(50)’) AS [Action],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/RecordSource)[1]‘, ‘varchar(50)’) AS [Source],
Cast(record AS XML).value(‘(//Record/ConnectivityTraceRecord/Spid)[1]‘,‘int’) AS [SPID],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/RemoteHost)[1]‘, ‘varchar(100)’) AS [RemoteHost],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/RemotePort)[1]‘, ‘varchar(25)’) AS [RemotePort],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/LocalPort)[1]‘, ‘varchar(25)’) AS [LocalPort],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/PhysicalConnectionIsKilled)[1]‘, ‘int’) AS [isPhysicalConnectionIsKilled],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/DisconnectDueToReadError)[1]‘, ‘int’) AS [isDisconnectDueToReadError],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/NetworkErrorFoundInInputStream)[1]‘, ‘int’) AS [isNetworkErrorFound],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/ErrorFoundBeforeLogin)[1]‘, ‘int’) AS [isErrorBeforeLogin],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/SessionIsKilled)[1]‘, ‘int’) AS [isSessionKilled],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/NormalDisconnect)[1]‘, ‘int’) AS [isNormalDisconnect],
Cast(record AS
XML).value(‘(//Record/ConnectivityTraceRecord/TdsDisconnectFlags/NormalLogout)[1]‘, ‘int’) AS [isNormalLogout],
Cast(record AS XML).value(‘(//Record/@id)[1]‘, ‘bigint’)
AS [Record_Id],
Cast(record AS XML).value(‘(//Record/@type)[1]‘, ‘varchar(30)’) AS [Type],
Cast(record AS XML).value(‘(//Record/@time)[1]‘, ‘bigint’)
AS [Record_Time]
FROM sys.dm_os_ring_buffers ORB
CROSS JOIN sys.dm_os_sys_info OSI
WHERE ORB.ring_buffer_type = ‘RING_BUFFER_CONNECTIVITY’
AND Cast(record AS XML).value (‘(//Record/ConnectivityTraceRecord/Spid)[1]‘, ‘int’) <> 0
ORDER BY ORB.timestamp ASC

There are so many interesting hidden information that is available inside a DMV that we miss to visualize. If you want, we can also look into why the connection got lost or why it didn’t go through.

If you want to be a proactive DBA then using the DMV can be tricky as the values can be lost in a restart of the instance. But using other mechanisms will also help -

Use default logging of Invalid Logins.
Use SQL Server Auditing to track Failed Logins

Being proactive DBA is a challenge and we need to use every trick inside SQL Server to achieve our requirements. Hope you found the script useful.

No Comments »

SQL Server 2012: Offline Documentation October 24th, 2012

Vinod Kumar

With the installation of SQL Server 2012, a lot of people ask how to get the documentation offline. Every time we fire the F1 for help it tries to connect online for content. This is not always useful and people want to have an offline version when they are on the move and getting online is not an option. Just initialize the Help library Manager from the SSMS Tools –> Help –> Manage Help Settings. Select the Install from Online.

Select SQL Server 2012 and Add the Books Online + Developer reference and Select Update.

Another way to get the same as an offline version is to download it from the Download Center. “Product Documentation for Microsoft SQL Server 2012 for firewall and proxy restricted environments”. Please keep checking the Download Center for the latest update for the documentation.

No Comments »

SQL Server 2012: Finding Sequence of backup taken October 22nd, 2012

Vinod Kumar

Recently I had a customer come over for a session on designing their HA/DR strategy and one of the steps for that was to understand the backup strategy too. I took sometime to talk at length what FULL Backup, Differential Backup and Transaction Log Backups. After understanding the core concepts one of the developer asked me, “Is there a way I can know in what sequence the current backups are taken? This will help me re-visit the current process done by my networking team”. Interestingly, a lot of people fail to understand how Page level restore needs to be done.

This was an interesting question and needed a little digging into the MSDB database which has most of the information. The below query will give you a list of backups and feel free to check the same in your environments. This also works in any of the SQL Server versions.

SELECT s.database_name,
       m.physical_device_name,
       s.backup_start_date,
       CASE s.[type]
         WHEN ‘D’ THEN ‘Full’
         WHEN ‘I’ THEN ‘Differential’
         WHEN ‘L’ THEN ‘Transaction Log’
       END AS BackupType,
       s.recovery_model
FROM   msdb.dbo.backupset s
INNER JOIN msdb.dbo.backupmediafamily m
ON s.media_set_id = m.media_set_id
ORDER BY database_name,
          backup_start_date,
          backup_finish_date

A typical output looks like below:

All these information are great stuff and the best part starts when we use the same for RESTORE. The UI for example will show interesting information which I was pleasantly surprised.

There are two things that stand out in the above dialog -

The header shows we need to take the tail of the log backup for the restore. This is an awesome step which a lot of DBA forget in their restore process.
The Backup Step shows what you will be restoring and in what sequence. This is also a pre-requisite for any restore stage.

On initializing the Filegroup restore dialog I can see ALL the Backups taken for the restore step and this is also handy if you are planning to restore any corrupt files.

Hope you find these improvements useful and the scripts handy. In future posts, let me take a shot in showing what all can be done with these backups.

No Comments »

SQL Server 2012: THROW your errors October 11th, 2012

Vinod Kumar

In this post let me take a shot at showing some of the nice features SQL Server THROW command. When I planned to write this post, was tempted to write about Error handling, TRY-CATCH, Raiserror commands etc. But I have had the unique privilege of reading the Joes2pros Series and the basics are explained well there. Interestingly, Pinal Dave did run few contests around Joes2Pro’s series sometime back and I thought it will be better to just link the concepts rather than rehashing the efforts already done. Read about Error Messages and RAISERROR, Structured Error Handling with TRY-CATCH explained. They are a great start to learn those basics.

From SQL Server 2012, it is recommended to use the THROW syntax instead of the conventional RAISERROR syntaxes. The MSDN documentation for THROW syntax can be got here.

Simple usage

Let me take a moment to start the simplest form of throw. Assume we get an error inside a nested procedure and we want to bubble it up. the previous avatar was to use the RAISERROR and it was quite an task sometimes. In the THROW construct it can be simply done with a single THROW command. like below.

BEGIN TRY
    THROW 51051, ‘I come from the THROW construct :)’, 1
END TRY
BEGIN CATCH
    PRINT ERROR_NUMBER();
    THROW;
END CATCH

The output for the above batch will be:

There is a small thing to take care, the previous statement before the THROW construct needs to have a semicolon – else an error is raised. This is one of the requirement for THROW. A typical error would be like below:

Msg 102, Level 15, State 1, Line 7
Incorrect syntax near ‘THROW’.

This is one of the common mistakes all of us make and hence thought will be worth sharing here.

With Custom Message

The second common mechanism to use RAISERROR with applications is to add an custom message and then invoke the same parameterized via the RAISERROR. Let me show a fundamental functionality of creating a custom error message and then raising the same.

EXECUTE sp_addmessage @msgnum=55055, @severity=16,
@msgtext=N’This error was raised for %s user’,
@replace=’replace’
GO
RAISERROR (55055, 16,1, ‘vinod’)

The output for the above batch would be as below. You can see the username has been properly replaced in the final message as it got rendered.

To get the same effect with the THROW statement we need to manually format the message before using the same. A typical construct would be:

DECLARE @message NVARCHAR(2048) = FORMATMESSAGE(55055, ‘vinod’);
THROW 55055, @message, 1;

This gives the same output as above and behaves the same way as before as we used with RAISERROR.

As you can see, we have used the FORMATMESSAGE function to make the replacement with RAISERROR as it allows the error message to be formatted to be used later with the THROW statement.

Final words

Hope this new construct of THROW will be useful and I highly recommend we use this new feature of SQL Server 2012 for our future coding practices. Do tell me if you have used this in your environments already. Will be interested in listening to your usecases.

3 Comments »

Minimum Certificate RSA Key Length Windows Update (1024 Bits) October 5th, 2012

Vinod Kumar

Microsoft Security Advisory (2661254) – This is the root to all the content available.

PLEASE TEST THE PATCH AND THE IMPACT ON APPLICATIONS BEFORE DEPLOYMENT. THIS UPDATE WILL BE AVAILABLE ON OCT-9th-2012.

What is this update about?

Microsoft is announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Recommendation: Microsoft recommends that customers download the update and assess the impact of blocking certificates with RSA keys less than 1024 bits in length before applying the update to their enterprise.

What OS / Systems/ devices does this update apply to?

Read about the affected software and devices at http://technet.microsoft.com/en-us/security/advisory/2661254. Navigate to the section on Affected Software and Devices.

Where can I download this update from?

The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows.

Direct Catalog Link.

What could be the potential impact if I do not test this update before deploying in my environment?

It is possible that after the update, some systems will cease to function as before, because their underlying digital certification relies on certificates that do not meet the new requirement, a key length of at least 1024 bits.

Read about known issues here: http://support.microsoft.com/kb/2661254

How do I know if my environment is impacted by this?

There are four main methods for discovering if RSA certificates with keys less than 1024 bits are in use:

Check certificates and certification paths manually
Use CAPI2 logging
Check certificate templates
Enable logging on computers that have the update installed

Read about each of the four methods in detail at this link (Under section Discover RSA certificates with key lengths of less than 1024 bits) http://support.microsoft.com/kb/2661254

What if I find a certificate with a RSA key less than 1024 bits in length?

Customers that identify any certificates that use RSA key lengths less than 1024 bits in their environments:

Will need to request longer certificates from their certification authority.
Customers that manage their own PKI environments will need to create new longer key pairs and issue new certificates from these new keys.

Customers should evaluate using a sufficient key length to match their requirements for data encryption which may exceed the minimum required by this update.

What if I am not ready to deploy this update? What are my options?

1. Enable certificate logging to help identify the usage of RSA keys less than 1024 bits in length

By default, logging is not enabled. Logging can be enabled to help identify the usage of RSA keys less than 1024 bits in length by setting the logging directory in the registry.

Warning - If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config]
" WeakSignatureLogDir"

You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, see Core Group Policy Tools and Settings.

2. Block the update from being deployed through your deployment solution.

Use your current patch deployment solution [System Center Configuration Manager or WSUS or any other.] and disable the automatic deployment of this patch.

Opt-out Setting – You can also make manual changes to the key lengths that are blocked. Read here: http://blogs.technet.com/b/pki/archive/2012/07/13/blocking-rsa-keys-less-than-1024-bits-part-2.aspx

Example – You can modify a registry setting using the certutil command to modify the size of the keys that are blocked. For example, if you wanted to allow 512 bit keys, but block all keys less than 512 bits, you could run the following command:

Certutil -setreg chain\minRSAPubKeyBitLength 512

Note - This approach should not constitute a long term solution, as you will remain exposed to digital certificate weaknesses until you finally renew their certificates with a key size equal or greater than 1024 bits.

Where can I read more about this update?

Below is a chronological listing of the blog postings discussing this upcoming change:

RSA keys under 1024 bits are blocked (2012-06-11)
Certificate Trust List update and the June 2012 bulletins (2012-06-12)
Gadgets, certificate housekeeping and the July 2012 bulletins (2012-07-10)
Microsoft’s continuing work on digital certificates (2012-07-10)
Blocking RSA Keys less than 1024 bits (part 2) (2012-07-13)
Blocking RSA keys less than 1024 bits (part 3) (2012-08-14)

Microsoft released a security advisory, KB article, and software update for all supported versions of Windows that blocks RSA certificates with keys less than 1024 bits. The software update was released to the Download Center.

The security advisory is located at http://technet.microsoft.com/security/advisory/2661254.
The KB article is available at http://support.microsoft.com/kb/2661254.

The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. The update is planned to be sent out through Windows Update in October 9, 2012.

September ANS and an important heads-up concerning certificates (2012-09-06)

Thought this was important update to pass on. Feel free to spread the news.

Vinod Kumar (Blog home)

Archive for the ‘Technology’ Category

SQL Server: Locking basics November 15th, 2012

SQL Server: Transaction Logs and Recovery November 12th, 2012

SQL DBA Checklist November 8th, 2012

SQL Server Script: When were Statistics last updated October 30th, 2012