none
Filestream : either a required impersonation level was not provided, or the provided impoersonation level is invalid

    Question

  • We are using filestream (SQL2008) from a console application.
    This works if the console application runs on the sql-server itself, but we receive the error 'either a required impersonation level was not provided, or the provided impersonation level is invalid' if the console application runs on another server.

    Does anyone know how to solve this ?

    thx

    Tuesday, January 26, 2010 4:28 PM

Answers

  • Hi,

    we installed a sql2008 standard edition the same way as the one with the filestream problems but on a windows 2008 server instead of a windows 2008R2 server.
    Now everything works ok.

    It seems like when a sql2008 server is installed on a windows server2008R2 you can only use filestream from a remote server which is also running on windows 2008R2.

    We'll contact microsoft to know if there is a way to fix this.

    Friday, January 29, 2010 7:19 AM

All replies

  • Hi Franky,

     

    From your description, you have a console application that uses FILESTREAM. You encounter the error “a required impersonation level was not provided, or the provided impersonation level is invalid” while running the console application from a server that is not the SQL Server. If I have misunderstood, please do not hesitate to let me know.

     

    By default, a Windows Form or console application typically runs under the currently logged-in account, so that account can be impersonated. This means we are using the currect login account to access the FILESTREAM. And FILESTREAM data is secured just like any other data is secured: by granting permissions at the table or column levels. Users must be granted permissions on the FILESTREAM column in order to open the associated files.

    I have also tested the same thing you mentioned in a domain, and the console application works fine.

    So, the possible issues should be:

    1.       The two servers are not in the same domain or trusted domains.

    2.       The SQL Server has an incorrect policy setting “Impersonate a Client After Authentication”.

          3.    The remote access is not enabled.
     

    To solve the issue, please follow these steps:

    1.       Make sure the two servers are in the same domain or in the trusted domains.

    2.       Add ‘SERVICE’the “Impersonate a Client After Authentication”

    1.  
      1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
      2. Expand Local Policies, and then click User Rights Assignment.
      3. In the right pane, double-click Impersonate a client after authentication.
      4. In the Local Security Policy Setting dialog box, click Add.
      5. In the Select Users or Group dialog box, click the user account ‘SERVICE’ and the account SQL Server runs under, click Add, and then click OK.
      6. Click OK.

           3.   Enable "Allow remote clients to have streaming access to FILESTREAM data" from SQL Server Configuration Manager.
                  a.  Open SQL Server Configuration Manager.
                  b.  Click "SQL Server services"
                  c.  Double-click "SQL Server(instance name) " service
                  d.  Go to "FILESTREAM" tab, make sure "Allow remote clients to have streaming access to FILESTREAM data" is checked.
           4.  Debug the application from the second server to check the detailed error message.

    By the way, if possible, could you please post the sample code and the system event logs? That will help us to solve the issue smoothly.

    If you have any more questions, please feel free to ask.

     

    Thanks,

    Jin Chen


    Jin Chen - MSFT
    Wednesday, January 27, 2010 9:54 AM
    Moderator
  • Hi Jin,


    We've been trying some things and the checks you suggest were already done/modified.

    Both of these servers are in the same domain.
    We discovered something new.
    The sql 2008 standard server which we use is installed on a windows 2008R2 server.
    When we try the console application which uses filestream from another windows 2008R2 server everything works ok.
    When we try it from a windows 2003 or a windows 2008 server (using the same account to execute the application) it does not work.

    So we think now it has something to do with Windows server 2008R2.

    thx for the response.

    Wednesday, January 27, 2010 11:22 AM
  • Hi,

    we installed a sql2008 standard edition the same way as the one with the filestream problems but on a windows 2008 server instead of a windows 2008R2 server.
    Now everything works ok.

    It seems like when a sql2008 server is installed on a windows server2008R2 you can only use filestream from a remote server which is also running on windows 2008R2.

    We'll contact microsoft to know if there is a way to fix this.

    Friday, January 29, 2010 7:19 AM
  • Hi Franky,

    I am glad to hear that you have solved the issue by installing SQL Server 2008 on the Windows Server 2008.

    If you have any more questions, please feel free to ask.

    Thanks,
    Jin Chen
    Jin Chen - MSFT
    Friday, January 29, 2010 10:07 AM
    Moderator
  • I know this post is a couple of months old, but did anyone find resolution to this issue other than downgrading the server to 2008 or upgrading all clients to 2008R2?
    Monday, April 05, 2010 7:38 PM
  • I have had this problem.

    A bespoke web application running on Server 2003, connection to a FILESTREAM enableld SQL 2008 SP1 cluster running on Server 2008 R2.

    It didn't work, i was checking out the packet info from the web server to the DB using Net Mon, and saw the impersonation error.

    So after a lot of google, sorry Bing. I found this article.

    The fix, migrate the web application to Server 2008 R2 (after making it work on IIS 7.5)

    All good.

    Would be interesting to know what the underlying problem is.

     

    Wednesday, May 12, 2010 3:06 AM
  • Thanks for a very useful discussion guys - I have just come across the same symptoms but from another direction - SharePoint Server 2010 (RTM version!)  where I have installed Remote Blob Storage using Filestream.  Having installed RBS successfully - or so I thought - I tried uploading some documents to the Shared Documents library - documents less than 1MB in size uploaded correctly (presumably to the normal WSS content database) documents greater than 1MB in size would not upload (presumably to the RBS) - the upload reported an error saying that the URL for the uploaded document was invalid.

    After much trawling through the log files - btw the correlation ID worked a treat well done Microsoft ;-)  I found the impersonation error referred to in this forum.

    Further digging showed that my SharePoint Farm was using Windows 2008 Standard x64 on the web front end server and Windows 2008 R2 x64 on the SQL back end server (along with SQL 2008 R2 Enterprise) - I am now in the process of upgrading my web front end to R2 and will report my findings - it looks as though all the blogs and "how to.." pages for setting up RBS on SharePoint 2010 have been using a single server farm - not very PC in the real world!!

    I will report back asap.....

    Update - It worked!!!  Upgrading the SharePoint web front end server to Windows 2008 R2 to bring it in to line with the back end server has worked.  I can now upload large documents as well as small documents to my SharePoint site.  Thanks guys for pointing me in the right direction ;-)

     

    Wednesday, June 09, 2010 9:40 AM
  • Hi,

    Below are the results from the Microsoft call we've made for this problem.

    So it is a bug on windows2008.

     

    ACTION:

    You were unable to connect to SQL Server remotely from Windows Server 2008 using a C# application to create a filestream object on a SQL Server 2008 running on Windows Server 2008 R2.

    However when the application is run remotely on a Windows Server 2008 R2 it works fine.

    You need to know why.

     

    RESULT:

    Impossible to have the Web Server use SQL Filestream.

     

    CAUSE:

    BUG 394392 – THE INCIDENT WILL NOT BE DECREMENTED

     

    RESOLUTION:

    In order to overcome this you need to use Windows Server 2008 R2 to host your Web Server.

     

     

    Thursday, June 10, 2010 5:45 AM
  • I've been a strong proponent of MS for quite a few years now at my various job locations, even when my fellow developers have laughed and ridiculed me for it, but having had to deal with this problem and to see what the final "resolution" is has left me feeling angry and betrayed.

    At the very least, Microsoft, you could address this problem in your white paper on filestreaming and thereby give some warning to interested parties. Had I known this problem prior to implementing this expensive solution in my workplace, I would have thrown my weight behind Oracles implementation and not yours.

    BTW, the filestream white paper is located at:

    http://msdn.microsoft.com/en-us/library/cc949109.aspx

    Wednesday, July 14, 2010 9:28 PM
  • Hi Franky,

    I am glad to hear that you have solved the issue by installing SQL Server 2008 on the Windows Server 2008.

    If you have any more questions, please feel free to ask.

    Thanks,
    Jin Chen
    Jin Chen - MSFT

    As I'm reading this, I'm disturbed at how a Microsoft Moderator finds this to be a possible "solution" to the problem.  I too am having this issue with SharePoint 2010 and setting up a RBS.  To see that the "acceptable answer" marked by a Microsoft moderator is to upgrade/downgrade the OS on the servers for them to play nicely.  I hope that you all will at least make a note in your technet documentation to warn people of this serious issue.
    Wednesday, September 22, 2010 7:24 PM
  • There is a hotfix available via KB 2255379 "Error message when you run an ADO.NET Framework application to remotely perform read or write operations on FILESTREAM data on a SQL Server 2008 server" http://support.microsoft.com/kb/2255379
    • Proposed as answer by JCBrown79 Tuesday, September 28, 2010 9:26 AM
    Tuesday, September 28, 2010 9:26 AM
  • Hi All,

    I had the same problem, on an installation. Every time i tried to upload a file larger then 1.2 mb, sharepoint came with an error. After browsing google i found this blog, and the answar to my problem was here.

    The sql server was install on windows 2008 r2

    All the sharepoint servers was installed on windows 2008

    For some odd reason, RBS wount accept this. The OS installation must be the same, so when reinstalling the SharePoint servers to 2008 r2, RBS worked as expected.

    Best

    Carsten B. Larsson

     

     

    Tuesday, September 28, 2010 2:30 PM