cancel
Showing results for 
Search instead for 
Did you mean: 

SQL Remote hook procedures do not get called after migrating to v16/v17

VolkerBarth
Contributor
3,596

I have migrated several SQL Remote remote databases to 16.0.0.2158 and 17.0.0.1211. They run fine but I have noticed that they don't call hook procedures while older remotes do.

I have confirmed that the hook procedures are there (it's a sp_hook_dbremote_receive_end() hook in particular) and that they do the desired work when called explicitly.

But why are they ignored by DBREMOTE?

That's what a v16 remote log reveals (no hint to a hook procedure):

I. SQL Remote Message Agent Version 16.0.0.2158
I. 
I. Copyright © 2015 SAP SE or an SAP affiliate company.
I. All rights reserved.
I. Use of this software is governed by the Sybase License Agreement.
I. Refer to http://www.sybase.com/softwarelicenses.
I. 
I. Received message from "Zentrale" (20-02145857622-02145857622-0)

In contrast, a v12 remote log lists the defined hooks:

I. SQL Remote Message Agent Version 12.0.1.4301
I. 
I. Copyright © 2001-2015, iAnywhere Solutions, Inc.
I. Portions copyright © 1988-2015, Sybase, Inc. All rights reserved.
I. Use of this software is governed by the Sybase License Agreement.
I. Refer to http://www.sybase.com/softwarelicenses.
I. 
I. Found hook procedures:
I. sp_hook_dbremote_receive_end
I. Received message from "Zentrale" (3-02132130761-02138560117-0)

Accepted Solutions (1)

Accepted Solutions (1)

regdomaratzki
Product and Topic Expert
Product and Topic Expert

Stored procedure owned by dbo were not being recognized as valid hook procedures in v16 and up, even though they satisfied all the requirements.

This will be fixed in v16.0.0 build 2245 and v17.0.0 build 1414.

Reg

Breck_Carter
Participant
0 Kudos

dbo... one more reason to loathe ASE 🙂

VolkerBarth
Contributor
0 Kudos

Well, not in this case, the original database schema was developped for MS SQL Server a long time ago, so "dbo" was handy. I guess now I should ask "Why should I not use dbo as owner for my schema?"

Or, as Reg has told me: "Everyone in Waterloo would be much happier if your user objects were NOT owned by a mutable system role (see the documentation for the SYSUSER table)." - another lesson learnt:)

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

The change I made has introduced some unexpected failures in our test stream, and I've been forced to back it out for now so we can continue testing the v16 EBF for an escalated customer. I'll post back with new build numbers when I check the change back in.

VolkerBarth
Contributor

Thanks for the notification, and I guess that's a side-effect that would make you even more "much happier if [my] objects were not...". As stated, I can cope with that issue, as a workaround is available.

VolkerBarth
Contributor
0 Kudos

Reg, are there plans to fix that error in a coming v16/v17 version?

regdomaratzki
Product and Topic Expert
Product and Topic Expert

I know you will find this hard to believe (I wouldn't believe me), but I was actually running the Mobilink/dbmlsync test suite to verify a change to the database engine needed to implement this fix. I expect the change to be checked into the source code today after I look over the handful of failures from the test stream that ran overnight.

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

I edited my answer to include the new build numbers.

It's v16.0.0 build 2245 and v17.0.0 build 1414 to save you a click if you're reading this in an email.

VolkerBarth
Contributor
0 Kudos

Thanks, Reg, I'll respond here once those new builds are available:)

VolkerBarth
Contributor
0 Kudos

For the record:

Now that v16.0.0.2270 and v17.0.4.2053 are available on Windows, the fix has been applied and the dbo-owned hooks do get called - thanks, Reg!

Breck_Carter
Participant
0 Kudos

Volker, you have the power to edit questions, answers, even comments, right?

So IMO if you wanted to insert a short Update: ... at the top of Reg's answer, that would be ok... save OPs from having to read further unless they want the details (which are still there).

In other words, be bold 🙂

VolkerBarth
Contributor
0 Kudos

You're so right, sorry:)

justin_willey
Participant
0 Kudos

or has the Book of Common Prayer has it:

Brethren: Be sober, be vigilant, because your adversary the devil, as a roaring lion, walketh about, seeking whom he may devour: whom resist, steadfast in the faith. But thou, O Lord, have mercy upon us.

VolkerBarth
Contributor
0 Kudos

1 Peter 5:8 - now, that's a "remote hook" of another kind:)

Answers (1)

Answers (1)

VolkerBarth
Contributor

EDIT: I turned that comment into an answer (though it is none yet) in order to unnest the thread comments.

Reg had previously suggested:

I'd suggest running the v16/v17 dbunload on the database and comparing how your reload.sql is defining permissions versus the way they are done in the reload.sql generated by dbunload.

Well, as stated, I'm not really familiar with that RBAC stuff (and for smaller companies like ours, it just feels like admin overkill) - but I had been quite sure the compatibility mode would work well enough for me (you know, that Golden Watcom rule).

Here are the few statements from the v12 script w.r.t. the user with REMOTE DBA authority (note, "4711_SB1" is the particular publisher of that remote, whereas the "RemUser" is a group and used to run DBREMOTE):

GRANT CONNECT,GROUP,REMOTE DBA TO "RemUser" AT 102 IDENTIFIED BY ENCRYPTED '...';
GRANT MEMBERSHIP IN GROUP "RemUser" TO "4711_SB1";
...
SET OPTION "RemUser"."wait_for_commit"='ON';

In constrast, that's what a v16/v17 unload will create:

GRANT CONNECT TO "RemUser" AT 102 IDENTIFIED BY ENCRYPTED '...';
CREATE ROLE FOR USER "RemUser";
GRANT ROLE "RemUser" TO "4711_SB1";
CREATE OR REPLACE ROLE FOR USER "RemUser" WITH ADMIN ONLY "SYS_MANAGE_ROLES_ROLE";
GRANT ROLE "SYS_RUN_REPLICATION_ROLE" TO "RemUser" WITH NO SYSTEM PRIVILEGE INHERITANCE;
...
SET OPTION "RemUser"."wait_for_commit"='ON';

According to the v16 doc, the deprecated REMOTE DBA statement is replaced by granting the SYS_RUN_REPLICATION_ROLE role, and apparently that has been done here.

VolkerBarth
Contributor
0 Kudos

Just to add:

SYSUSERPERM shows that the according user is the one and only with "remotedbaauth = Y". And everything else around SQL Remote v16/v17 works fine for that user account, i.e. though she has minimal granted permissions she is perfectly capable to apply all DML changes and all DDL changes via passthrough mode inside a DBREMOTE session.

The problem seems only be related to the ignoring of the hook procedures. - And by default that "RemUser" is member of group PUBLIC which in turn is member of dbo so a dbo-owned hook procedure should certainly be "visible" for that user.

I'm really out of my wits here.

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

We'll probably need the remote database to reproduce the problem here. I can't sort out what the issue is from this thread either.

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

Random Thought : If you take your v12 database and rebuild it using dbunload -ar, if you run dbremote with the exact same command you used in v12 on the newly rebuilt database, does it find the hook procedures?

VolkerBarth
Contributor
0 Kudos

rebuild it using dbunload -ar

To a v16/v17 database, right? - I'm gonna test that tomorrow.

VolkerBarth
Contributor
0 Kudos

Well, surprisingly I cannot make v16/v17 dbunload -ar work for a (strongly encrypted) v12 database whereas the same command runs fine with v12.

When using -ar, I would think I have to specify the current DBKEY in the -c connection string, and the same key will be used for the new database. So I supplied that DBKEY, and v12 certainly can use that to rebuild the database. But v16/v17 still ask me for a DBKEY - and when I supply that by additionally specifying -ep or ek, they report

"Unable to open database file <dbfilepath> - <dbfilepath> no database specified."

As stated, the same runs fine with v12.

So - as a workaround - I did a manual reload with v16 and used the generated reload.sql to build a v16 database - and it still does not call these hooks. And that's not a surprise in the end: The related parts of the v16 reload.sql file are still "old school", i.e. using "GRANT REMOTE DBA to ..." - exactly like I have used in the modified v12 script.


So what do you need me to do to supply the database? - FWIW, Chris has received a similar one a few weeks ago, cf. that FAQ "Unloading an v10 OEM database fails with v17".

VolkerBarth
Contributor
0 Kudos

FWIW, I just tried to use unload -ar against a strongly encrypted SA12 demo database, and that does work well with v12/v16/v17. So it seems there's something particular about my test case (or SR remote databases)?

VolkerBarth
Contributor
0 Kudos

@Reg: What do you need me to do to supply the database? - FWIW, Chris has received a similar one a few weeks ago, cf. that FAQ "Unloading an v10 OEM database fails with v17".

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

Sorry Volker, I seem to be getting some, but not all updates on this thread being emailed to me and missed the comments from the last few days.

Drop me an e-mail (it's just firstname.lastname@sap.com) and we can talk offline about sending in your database.

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

Argh. I completely ignored the fact that the stored procedure was owned by dbo. That's the source of the problem here.

I'll be back again once I know what to do about it.