丢失所有凭据后如何重新连接到SQL Server实例

问题 (The Problem )

I came across a strange and rare situation at a client recently, where they asked me to resolve a problem on Microsoft SQL Server but did not give me any credentials to connect to the system. I asked them to state the actual problem and the reply was “we lost all credentials”. A number of questions started to generate in my mind. How are applications running? The Answer was “The application login is embedded in a DLL and it’s a third party application which we don’t have support”. How can you lose all the SQL Server credentials? The Answer “It was saved in a file and it was lost and the employee who knew it is no more working with the company”. Anyways, I had no choice but to have a solution for this strange problem.

最近，我在一个客户端上遇到一种奇怪而罕见的情况，他们要求我解决Microsoft SQL Server上的问题，但是没有提供任何凭据来连接到系统。我要求他们陈述实际问题，答复是“我们丢失了所有凭证”。我开始想到许多问题。应用程序如何运行？ 答案是“应用程序登录名嵌入在DLL中，它是我们不支持的第三方应用程序”。 如何丢失所有SQL Server凭据？ 答案是 “将其保存在文件中，并且丢失了，知道它的员工不再与公司合作”。 无论如何，我别无选择，只能为这个奇怪的问题找到解决方案。

解决方案（概念） (The Solution (Concept) )

Luckily, we have a solution to still log in to the Microsoft SQL Server even if we do not have a SQL or Windows Login. For the solution to work perfectly fine, you need to be a local admin on the server and have access to the SQL Server Configuration Manager. If you have the right amount of privileges on the system then you do not have to worry, just sit back and understand what I will explain here.

幸运的是，即使我们没有SQL或Windows登录名，我们也有解决方案，仍然可以登录Microsoft SQL Server。为了使该解决方案完美运行，您需要是服务器上的本地管理员，并有权访问SQL Server配置管理器。如果您在系统上拥有适当数量的特权，那么您不必担心，只需坐下来了解我将在此处解释的内容。

As soon as you implement my solution, you will be able to connect to the SQL Server (to which you do not have access to), Create new login and assign SYSADMIN role to the newly created login.

实施我的解决方案后，您将能够连接到SQL Server（您无权访问该SQL Server），创建新的登录名并将SYSADMIN角色分配给新创建的登录名。

实施 (The Implementation )

Let us start with implementing the solution. You have a situation where you do not have SQL Server login access to an Instance neither SQL nor Windows Authentication is working.

让我们从实施解决方案开始。您可能无法对实例进行SQL Server登录访问，而SQL或Windows身份验证均无法正常工作。

First, you need to have local admin access on the system (your windows login should be a member of the Administrators Group) on which the problematic SQL Server Instance is running. Log in to the system and access the SQL Server Configuration Manager.

首先，您需要在运行有问题SQL Server实例的系统上具有本地管理员访问权限（您的Windows登录名应该是Administrators组的成员）。登录系统并访问SQL Server配置管理器。

Next you need to start the SQL Server Instance in “Single User” mode. To do this, you need to open the properties window of the particular instance in SQL Server Configuration Manager.

接下来，您需要以“单用户”模式启动SQL Server实例。为此，您需要在SQL Server配置管理器中打开特定实例的属性窗口。

The Startup options are powerful ways for the initiation of the SQL Server Instance. There are plenty of options in SQL Server Instance, which we can use in different kind of situations to start the instance in normal or some special mode. Sometimes we need to start SQL Server in a special mode for some specific reason (like the one we are using) and at times, we need to add some additional functionality to the instance like Trace Flags.

启动选项是启动SQL Server实例的强大方法。 SQL Server实例中有很多选项，我们可以在各种情况下使用它们以正常或某些特殊模式启动实例。有时出于某些特定原因（例如我们正在使用的原因），我们需要以特殊模式启动SQL Server，有时，我们需要向实例添加一些其他功能，例如跟踪标志。

To know more about SQL Server Traces please visit the link here. I will not explain the trace flags here as it is a separate topic and it is much more advanced and needs a detailed explanation.

要了解有关SQL Server跟踪的更多信息，请访问此处的链接。我不会在这里解释跟踪标志，因为它是一个单独的主题，它要高级得多，需要详细说明。

In the Configuration Manager, Click on the “Startup Parameters”. Here you can add parameters to startup so we will be using the “-m” parameter which will start the Instance in “Single User Mode”. When supplied with the “-m” parameter, SQL Server instance will start in a single user mode. Any user, who tries to connect to SQL Server in this mode and succeeds, will be the only user for that instance. This mode is powerful, so only experienced DBAs should use it as you can end up in having no connections to the SQL Server.

在配置管理器中，单击“启动参数”。在这里您可以为启动添加参数，因此我们将使用“ -m”参数将在“单用户模式”下启动实例。当提供“ -m”参数时，SQL Server实例将以单用户模式启动。任何尝试以此方式连接到SQL Server并成功的用户将是该实例的唯一用户。此模式功能强大，因此只有经验丰富的DBA才应使用该模式，因为最终可能会导致与SQL Server无连接。

Keep in mind the all the applications, which are connected to this instance, should be disabled before you proceed with restarting the SQL Server. This is necessary because if the application tried to connect and succeeds, then it will be the only connection to the instance and you will not be able to log in.

请记住，在继续重新启动SQL Server之前，应禁用所有与该实例连接的应用程序。这是必需的，因为如果应用程序尝试连接并成功，则它将是与该实例的唯一连接，并且您将无法登录。

As shown in the below snapshot, you will add the parameter and apply the changes. You need to restart the instance for the changes to be applicable.

如下面的快照所示，您将添加参数并应用更改。您需要重新启动实例以使更改生效。

Please see the snapshot below for reference.

请参阅下面的快照以供参考。

Next, you need to start SQLCMD utility to connect to the instance. To do this, you need to connect to the CMD in Administrator Mode and type the command mentioned.

接下来，您需要启动SQLCMD实用程序以连接到实例。为此，您需要以管理员模式连接到CMD并键入提到的命令。

To start the command prompt you can go to the start menu and type “CMD”. When you find the Command Prompt, right click on the application and launch it with “Run as Administrator” mode. You will see the mentioned below command prompt.

要启动命令提示符，您可以转到开始菜单并键入“ CMD”。找到命令提示符后，右键单击该应用程序，然后以“以管理员身份运行”模式启动它。您将看到下面提到的命令提示符。

Now, to connect to the SQL Server, you need to enter the command mentioned below with –S parameter and mentioning the Instance name to connect. SQLCMD is a great utility to work with SQL Server in command line. I often use it to perform multiple activities, so do have a look at this utility by going to the link here.

现在，要连接到SQL Server，您需要输入以下带有–S参数的命令，并提及要连接的实例名称。 SQLCMD是在命令行中使用SQL Server的强大实用程序。我经常使用它来执行多个活动，因此请转到此处的链接来查看此实用程序。

Command: SQLCMD -S MUSAB-AIO\SQL2016

命令： SQLCMD -S MUSAB-AIO \ SQL2016

As of now, you will have the instance in single user mode and you will be the only user connected to the SQL Server. If you receive an error that you cannot connect to SQL Server then there might be other users trying to connect as well and one of them has the session. In that case, you need to restrict the other users first and restart SQL Server Instance.

到现在为止，您将具有单用户模式的实例，并且您将是连接到SQL Server的唯一用户。如果收到无法连接到SQL Server的错误，则可能还有其他用户尝试连接，并且其中一个用户拥有会话。在这种情况下，您需要首先限制其他用户，然后重新启动SQL Server实例。

If you have successfully logged into the instance then next step would be to create the login. The new login will use SQL Authentication and will be identified by the password you will specify.

如果您已成功登录到实例，那么下一步将是创建登录名。新的登录名将使用SQL身份验证，并将由您指定的密码标识。

Now, create a login and assign the rights to the SQL Server SYSADMIN role to the new user using the mentioned below TSQL.

现在，使用下面提到的TSQL，创建一个登录名并将SQL Server SYSADMIN角色的权限分配给新用户。

Note: The solution mentioned here is only applicable if you have SQL Server Authentication enabled.

注意：仅当您启用了SQL Server身份验证时，此处提及的解决方案才适用。


CREATE LOGIN mynewadmin WITH PASSWORD=N'mystrongpassword';
GO

The above command has created a user “mynewadmin” which is identified with the password “mystrongpassword”. Please always use a strong password (not the one which I provided, it is not strong) which should include alphabets, symbols and numeric as well.

上面的命令创建了一个用户“ mynewadmin”，该用户以密码“ mystrongpassword”标识。请始终使用强密码（不是我提供的密码，不是强密码），该密码也应包括字母，符号和数字。


ALTER SERVER ROLE [sysadmin] ADD MEMBER [mynewadmin];
GO

The above-mentioned command added the SYSADMIN role to the newly created SQL Server login. If the command executed successfully, then you are almost done and you have to disconnect the SQLCMD now.

上面提到的命令将SYSADMIN角色添加到了新创建SQL Server登录名中。如果命令成功执行，那么您差不多完成了，您现在必须断开SQLCMD的连接。

Type “exit”, press enter to exit from SLQCMD, and close the window.

输入“ exit”，按Enter键以退出SLQCMD，然后关闭窗口。

Now you have created a new SQL Server Authentication login with the SYSADMIN role so we will connect to the instance. However, before going further, we need to revert the changes done on the instance level i.e. remove the –m startup parameter and restart the SQL Server Instance.

现在，您已经使用SYSADMIN角色创建了一个新SQL Server身份验证登录名，因此我们将连接到实例。但是，在进一步操作之前，我们需要还原在实例级别完成的更改，即删除–m启动参数并重新启动SQL Server实例。

After the restart, you can connect to the SQL Server Instance using the new credentials and perform all the SYSADMIN activities.

重新启动后，可以使用新凭据连接到SQL Server实例，并执行所有SYSADMIN活动。

After you connect to the instance, you can go and verify that the newly created login is a SYSADMIN login. Please see the snapshot below for reference.

连接到实例后，您可以验证新创建的登录名是否为SYSADMIN登录名。请参阅下面的快照以供参考。

For the instance for which you have lost the credentials, this is the easiest and quickest way to connect and recover. Secure the logins after you have connected to the server. Also, keep in mind that this is the power of the local administrator, so, you must make sure not to assign local admin rights to unnecessary users.

对于您丢失了凭据的实例，这是连接和恢复的最简单，最快的方法。连接到服务器后，请确保登录名安全。另外，请记住，这是本地管理员的权限，因此，必须确保不要将本地管理员权限分配给不必要的用户。

翻译自: https://www.sqlshack.com/how-to-reconnect-to-a-sql-server-instance-when-all-credentials-have-been-lost/