Error On SET Proxy Account
Aug 3, 2005
I'm trying to set a proxy account for the SQL agent. The user is Local
administrator on the SQL Server when I try to set the account I get a message back that says
"The system cannot find the path specified."
I get the same error with TSQL too.
EXEC master..xp_sqlagent_proxy_account
'SET', N'MY_DOMAIN', N'Myadm', N'MyPassword'
My system :
Windows Server 2003 SP1
SQL Server 2000 SP4
I am worried it might be interfering with someing.
Any ideas what paths it could be after?
View 5 Replies
ADVERTISEMENT
Feb 5, 2008
Hello,
I am trying to create a job that runs a SSIS package. I am getting the following error:
Message
Unable to start execution of step 1 (reason: Error authenticating proxy domainsckeels, system error: Logon failure: unknown user name or bad password.). The step failed.
Our DBA ran the following to create the credentials and proxy account.
USE MSDB
CREATE CREDENTIAL [sckeels] WITH IDENTITY = 'domainsckeels', secret = 'sckeels_credentials'
GO
Sp_add_proxy @proxy_name='ssis_users', @credential_name='sckeels'
GO
Sp_grant_login_to_proxy @login_name='domainsckeels', @proxy_name='ssis_users'
GO
Sp_grant_proxy_to_subsystem @proxy_name='ssis_users', @subsystem_name='SSIS'
Any help with this would be appreciated.
Steven
View 7 Replies
View Related
Mar 2, 2004
Hi all, i hope you can help me.
Basically a dts package has been setup that pulls in data from another companies server, this data requires to be on-demand i.e individual users can pull in updates of the data when they require it.
I am using xp_cmdshell and dtsrun to pull in the data. This obviouly works fine for me as i am a member of sysadmin.
Books online quotes " SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell"
So i went to the SQL Server Agent Properties 'Job System' tab and unchecked 'Non-sysadmin job step proxy account' and entered a proxy account.
The proxy account has been setup as a Windows user with local administrator privilages and even a member of the sysadmin server role - just in case.
Now when i log onto the db with my test account - a non-sysadmin - and attempt to run the stored proc to import the data i recieved the message 'EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo' '
hmm... so basically i have either misunderstood BoL or there is something not quite right in my setup.
I have search the net for a few days now and yet i can find no solution.
Can anyone help?
View 2 Replies
View Related
May 8, 2007
Hi Experts,
Is it possible to connect to SQL Server just using the SQL server agent's proxy account and access data ( without SQL management studio or SQL / Window authentication ). The proxy account is active only for SSIS package execution subsystem.
Thanks in advance,
DBLearner.
View 1 Replies
View Related
Jan 14, 2015
I have a frustrating problem where I am using the Ola Hallengren jobs to backup to a network share. (This isn't something specific to his scripts).
For various reasons the SQL Server account can not be granted access to the share so I thought I would use a proxy account which does have access (this has been fully tested). I am using a CmdExec proxy.
The problem comes now that when I run the job it still thinks access is denied when running the xp_create_subdir command.
When I recreated this problem locally on my machine, as soon as I add the SQL Server account access to the share the backups work, so why isn't the job using the proxy account?
View 1 Replies
View Related
Oct 30, 2006
I am trying to run SSIS packages under SQL Server Agent 2005 and I keep getting a package failed error in the event viewer.
I've heard that I need to set up a proxy account. I have found the following code and need a little explanation on what all the parts mean since I am very new to this:
Use master
CREATE CREDENTIAL [MyCredential] WITH IDENTITY = 'yourdomainmyWindowAccount', secret = 'WindowLoginPassword'
Use msdb
Sp_add_proxy @proxy_name='MyProxy', @credential_name='MyCredential'
Sp_grant_login_to_proxy @login_name=' devlogin', @proxy_name='MyProxy'
Sp_grant_proxy_to_subsystem @proxy_name='MyProxy', @subsystem_name='SSIS'
Let's say for the sake of argument my domain is called CompanyInc and I log into windows with my name Philip_Jaques and my password is badpassw0rd. Would I modify the above code this way to create my proxy?
Use master
CREATE CREDENTIAL [MyCredential] WITH IDENTITY = 'CompanyIncPhilip_Jaques', secret = 'badpassw0rd'
Use msdb
Sp_add_proxy @proxy_name='MyProxy', @credential_name='MyCredential'
Sp_grant_login_to_proxy @login_name='Philip_Jaques', @proxy_name='MyProxy'
Sp_grant_proxy_to_subsystem @proxy_name='MyProxy', @subsystem_name='SSIS'
Also, when I create this proxy account where in SQL Server 2005 can I go to view it and its properties? And assuming I get the proxy account set up correctly, how do I get my current jobs to start using it so they will successfully run?
Thanks in advance for your help and advice!
View 2 Replies
View Related
Feb 14, 2008
There is one thing that��s confusing me in creating a proxy account.
I am trying to get an SSIS package configured as a SQL Server job and execute it from a non-sysadmin login. But when I execute it gives the error message:
Non-SysAdmins have been denied permission to run DTS Execution job steps without a proxy account. The step failed.
I know that we have to create a proxy account for this to happen and creating of proxy account prompts me to choose a credential, and that is where I do not understand the logic. From MS website I can find the following, but it is confusing to me
This proxy account must use a credential that lets SQL Server Agent run the job as the account that created the package or as an account that has the required permissions.
ref: http://support.microsoft.com/default.aspx?scid=kb;EN-US;918760
I tried reading all the related articles, but still the process of creating the credential is confusing to me, can someone throw some light on the logic of proxy/credential here?
Thanks
Satya
View 23 Replies
View Related
Jul 31, 2006
Hi,
because my package does not run with SQL-Server-Agent, but without problems if started by "hand", I created a new credential which contains the information needed for the package. I did this as described on: http://msdn2.microsoft.com/en-us/library/ms190703.aspx .
After that i tried to create an proxy account, but when I chose the created credential, Management Studio says "Der Proxy "[name_of_credential] ist kein gültiger Windows-Benutzer(Microsoft SQL Server, Fehler: 14529)". This means something like: "This Proxy is not a valid windows-user. Error: 14529".
Any hints how to use a credential that is not a windows-user?
Regards,
Jan Wagner
View 7 Replies
View Related
Feb 15, 2006
Hi,
I have an SSISS package running in a job step, the job is owned and has to be run by a non-sysdamin SQL login. I have created a new credential (windows autrhentication, sysadmin priviledges) , mapped it to proxies 'SSISS' and 'Operating systems (CmdExec)' and have assigned the job step to run as that credential. Yet I'm getting the following error message:
Unable to start execution of step 1 (reason: Error authenticating proxy DomainUserName, system error: Logon failure: unknown user name or bad password.). The step failed.
Does anyone know why this is?
Thanks
View 4 Replies
View Related
Jan 2, 2008
Hello,
I'm having trouble setting up PROXY account. I follow the documentation, and Under Credentials, I can only select Operator. Is there a way to select any account under Security?
Your help is appreciated!
View 3 Replies
View Related
Apr 26, 2007
Hi experts,
Is there any potential security threat using Proxy accounts in SQL Server 2005 ? If any , Please give URLs for reference.
Thanks,
DBLearner
View 3 Replies
View Related
May 15, 2007
I have read all the posts regarding this error, but non-solve my problem as I had already addressed them.
I am setting up Merge Replication via the Web and I get this error when i try to sync. Let me give you some background.
I wrote a small windows test app to test merge replication, in which i am using RMO to accomplish the replication. This works. It syncs every time. I then copied the "sync" code from the winform application and created a Windows Service in which i placed "sync" code. The sync code did not change other than adding the additional following four lines:
_mergeAgent.InternetUrl = _internetURL;
_mergeAgent.InternetLogin = _internetLogin;
_mergeAgent.InternetPassword = _internetPassword;
_mergeAgent.InternetTimeout = _internetTimout;
where the internet url is https://ipaddress/virtualdirectory/replisapi.dll
I have been working with this for a while now trying to figure out why this works (on the same machine) in a winforms app but not through the web (via a windows service).
Any insight would be greatly appreciated.
Thanks...
View 3 Replies
View Related
Jul 12, 2007
I am trying to create a Proxy account to use for Job Scheduling, but when ever I add Logins to the Principals in the Proxy Properties and click OK, when I check again, they are not saved. Is there a reason why this happens? Is there an alternate way to add principals? Thanks.
View 2 Replies
View Related
Sep 18, 2007
Hi all,
I have a problem while i create a proxy account.The situation is like this...There is a user who has an login in to the server.He has a stored procedure which calls some on the SSIS packages and XP_cmdshell...so this stored procedure basically load some data in to the tables .So for the login in order to execute the stored procedure as he is not a Sys admin I have created a proxy account in my account as Iam an SA and then in the proxies and in principals I selected his login name and this way I have created a credential and a proxy account.
Now the problem is if he logins with his id and password and try to execute the stored procedure it gives an error message
Server: Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
....so this mean the login is not able to see the proxy account.So what I did is I created a job and then in the job owner tab I have selected his login and then created a step with the type operating system (CmdExec) as I need to just execute the stored procedure and used the proxy account that I have created.
so I gave the command -- exec <stored procedure> --.
But this job fails and gives the error message as
[298] SQLServer Error: 536, Invalid length parameter passed to the SUBSTRING function. [SQLSTATE 42000]....
So now ....first My question is am I doing in a right way....if its right then why Iam not able to execute the stored procedure.
If there is any other way through which I can execute the stored procedure using a proxy account for the logins who are not sys admins....please do let me know.....
Thanks
Raja.V
View 5 Replies
View Related
Aug 15, 2007
Hi, I have the following setup:
- Win 2K Server, SP4
- SQL Srv 2K, SP4
- A 'DEV' domain, with an 'Administrator' account with all possible rights on the system
I need to configure a CmdExec proxy account in order to allow non-sys-admin users to execute the master.dbo.xp_CmdShell procedure.
When attempting to do this via QA as follows:
EXEC master.dbo.xp_sqlagent_proxy_account N'SET',
N'DEV', -- agent_domain_name
N'Administrator', -- agent_username
N'password' -- agent_password
...I get the following error:
"The system cannot find the path specified."
When attempting to do this via QA as follows (note: only change is adding domain to agent_username arg):
EXEC master.dbo.xp_sqlagent_proxy_account N'SET',
N'DEV', -- agent_domain_name
N'DEVAdministrator', -- agent_username
N'password' -- agent_password
...I get the following error:
"Error executing extended stored procedure: Specified user can not login"
I have tried this through Enterprise Manager and get identical results, of course.
I have also tried all of the following:
- different OS user accounts, including local system accounts with local admin rights;
- assigning the OS account to a SQL login with System Admin role/rights;
- specifically assigning the above SQL login with EXEC rights on the master.dbo.xp_CmdShell procedure;
- verifying local security policy settings, as per the following link: http://support.microsoft.com/?id=283811;
- pulling out my hair and banging my head against the wall.
Can anyone H E L P ? ! ! !
Thanks,
Joe
View 6 Replies
View Related
Sep 18, 2007
Hi all,
I have a problem while i create a proxy account in SQL Sever 2005.The situation is like this...There is a user who has an login in to the server.He has a stored procedure which calls some on the SSIS packages and XP_cmdshell...so this stored procedure basically load some data in to the tables .So for the login in order to execute the stored procedure as he is not a Sys admin I have created a proxy account in my account as Iam an SA and then in the proxies and in principals I selected his login name and this way I have created a credential and a proxy account.
Now the problem is if he logins with his id and password and try to execute the stored procedure it gives an error message
Server: Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
....so this mean the login is not able to see the proxy account.So what I did is I created a job and then in the job owner tab I have selected his login and then created a step with the type operating system (CmdExec) as I need to just execute the stored procedure and used the proxy account that I have created.
so I gave the command -- exec <stored procedure> --.
But this job fails and gives the error message as
[298] SQLServer Error: 536, Invalid length parameter passed to the SUBSTRING function. [SQLSTATE 42000]....
So now ....first My question is am I doing in a right way....if its right then why Iam not able to execute the stored procedure.
If there is any other way through which I can execute the stored procedure using a proxy account for the logins who are not sys admins....please do let me know.....
Thanks
Raja.V
View 1 Replies
View Related
Oct 4, 2007
Re: SQL Server 2005
Does the xp_cmdshell proxy account need admin-level permissions on the server?
The reason I ask this is because I keep getting "Access is Denied" errors when trying to run this command as a non-admin:
master..xp_cmdshell dtexec 'some package'
The 'some package' has an "execute process task" which calls a batch file on the server.
If the proxy account is NOT a local admin, the "execute process tasks" fails with an "Access is Denied" error.
If the proxy account is a local admin, it executes fine.
We have given "Everyone" FULL CONTROL of all the folders that are affected by the batch file, and it still does not work.
I am out of ideas at this point. It just does not work unless it's an admin.
Are we missing something here?
View 7 Replies
View Related
Jun 16, 2015
I running SSIS package job without sql agent , it is working fine.when i am running through sql agent not running.
created Proxy account
job failed and give above error.
Server is cluster and taking data from desktop.
server is in one domain and desktop in another domain.
View 3 Replies
View Related
Sep 18, 2007
Hi all,
I have a problem while i create a proxy account.The situation is like this...There is a user who has an login in to the server.He has a stored procedure which calls some on the SSIS packages and XP_cmdshell...so this stored procedure basically load some data in to the tables .So for the login in order to execute the stored procedure as he is not a Sys admin I have created a proxy account in my account as Iam an SA and then in the proxies and in principals I selected his login name and this way I have created a credential and a proxy account.
Now the problem is if he logins with his id and password and try to execute the stored procedure it gives an error message
Server: Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
....so this mean the login is not able to see the proxy account.So what I did is I created a job and then in the job owner tab I have selected his login and then created a step with the type operating system (CmdExec) as I need to just execute the stored procedure and used the proxy account that I have created.
so I gave the command -- exec <stored procedure> --.
But this job fails and gives the error message as
[298] SQLServer Error: 536, Invalid length parameter passed to the SUBSTRING function. [SQLSTATE 42000]....
So now ....first My question is am I doing in a right way....if its right then why Iam not able to execute the stored procedure.
If there is any other way through which I can execute the stored procedure using a proxy account for the logins who are not sys admins....please do let me know.....
Thanks
Raja.V
View 2 Replies
View Related
Jun 8, 2006
(Posting this again since my original post has disappeared from the forum sometime during the day.)
I have about a dozen jobs that are being started at the same time (1:30am). Each time they start up, I end up with a random number of those jobs failing to run and logging the follow error:
Unable to start execution of step 1 (reason: Error authenticating proxy LSPJobUser, system error: Logon failure: unknown user name or bad password.). The step failed.
Each night it is a different collection of failed jobs (some work and some do not). If I manually run the job they ALL work EVERY time.
As anybody experienced this before? Is it possible that SQL Agent cannot handle a dozen jobs at once? (Or at a minimum cannot authenticate a dozen jobs at once.) (I do not believe it but cannot think of any other possibility.)
(For a quick fix I am going to stagger the dozen jobs to start over a ten minute period instead of starting at the same time.)
- Jason
View 4 Replies
View Related
May 29, 2008
I'm attempting to run a ssis package via sql server agent.
The package and the DB are on a cluster.
The package runs fine when 'Sql Server Agent' is the run-as.
When I try and use a proxy to run the package, it fails with this error:
Date 5/28/2008 6:21:54 PM
Log SQL Agent (Current - 5/28/2008 6:21:00 PM)
Message
[136] Job CorpFoo New reported: The process could not be created for step 1 of job 0xDAE2A53F27943D4CA412A0D177CAA546 (reason: A required privilege is not held by the client)
I've:
Create Credential to be used by proxy
Create Proxy
Give Permissions to Proxy in SQL Server
Give Permissions to Proxy at the Server for SQL Agent Batch Run
Give Permissions to Proxy at the Server to Connect to SSIS
EXEC dbo.sp_grant_login_to_proxy
@login_name = N'Myapplication_DBO',
@proxy_name = N'Myapplication_Batch_PROXY' ;
EXEC dbo.sp_grant_proxy_to_subsystem
@proxy_name = 'Myapplication_Batch_PROXY',
@subsystem_id = 11;
I've tried a number of things, including adding the sql user (who has access to the proxy) as sys admin on SQL and the OS. That didn't help either.
Has anyone experienced this error? Is there any way to further diagnose this (completely unhelpful) error message?
Thanks,
Steve.
View 2 Replies
View Related
Feb 6, 2006
I have been attempting to create a snapshot of a database. Just install a SQL2005 cluster. The snapshot appears to create ok, but when I view snapshot agent status I get the following error which I have not been able to figure out:
Unable to start execution of step 2 (reason: Error authenticating proxy ohaevservices, system error: Logon failure: unknown user name or bad password.). The step failed.
This account has admin and dbowner --- Help
View 15 Replies
View Related
Jan 5, 2006
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies
View Related
Jan 11, 2007
Hello Experts,
I have a Report Server when i try to deploy my report on the same server and if i use the Fully Qualified Domain Name in my report path i get the below Error
TargetServerURL : http://jptoclq901.corpusers.net/ReportServer
Error : The request failed with HTTP Status 407 : Proxy Authentication Required (Microsoft.ReportingServices.Designer)
but if i use the TargetServerURL as http://localhost/ReportServer, things do work fine. but company requirement is to use complete path.
Is this a limitation or some way out, any Idea???
Thanks in advance for the help
/Soni
View 1 Replies
View Related
Jul 21, 2006
My proxy class returns web service responses well if I use it in a C# code.
I compile it with CSC and put it in GAC to use it with SSIS.
Then I get web service response with some field values populated with "Exception of type :{System.InvalidOperationException "' occured.
Here is the part of web service response received by the C# program:
Name
Value
Type
mainAddress
{Address}
Address
city
Metuchen
string
cityField
Metuchen
string
country
USA
Country
countryField
USA
Country
state
NEW_JERSEY
State
stateField
NEW_JERSEY
State
Here is the same object returned by compiled dll used in SSIS:
mainAddress
{BrokerConnectServiceV1.Address}
BrokerConnectServiceV1.Address
city
Metuchen
String
country
{System.Nullable(Of BrokerConnectServiceV1.Country)}
System.Nullable(Of BrokerConnectServiceV1.Country)
HasValue
FALSE
Boolean
Value
Exception of type: '{System.InvalidOperationException}' occurred.
BrokerConnectServiceV1.Country
Data
{System.Collections.ListDictionaryInternal}
HelpLink
Nothing
InnerException
Nothing
Message
Nullable object must have a value.
Source
mscorlib
StackTrace
at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource resource)
at System.Nullable`1.get_Value()
TargetSite
{System.Reflection.RuntimeMethodInfo}
state
{System.Nullable(Of BrokerConnectServiceV1.State)}
System.Nullable(Of BrokerConnectServiceV1.State)
HasValue
FALSE
Boolean
Value
Exception of type: '{System.InvalidOperationException}' occurred.
BrokerConnectServiceV1.State
Below is another posting by my associate on the same issue :
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=536615&SiteID=1
Any help is appreciated....
View 11 Replies
View Related
Dec 4, 2006
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
yours sincerely
Craig Hoy
View 9 Replies
View Related
May 9, 2002
I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account
they fail with this error.
" Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Thank you in advanced.
Jorge
View 2 Replies
View Related
Aug 5, 1998
Hello all,
I just inherited a SQL Server that was set up by a non-DBA. It`s running NT 4.0 and SQL Server 6.50 - 6.50.201 (the vendor hasn`t certified the product on SP4). I am trying to change the SQL Executive Service to use a non-system logon account. The account that I want to use is running SQL Executive on 9 other servers.
I went into Usrmgr and added the account to the administrators group. Made sure that it has rights to:
log on as a service, log on as a batch job, increase quotas, act as part of the operating system, replace a process level token.
When I try to change to that id in services, I get the following error:
"cannot set the startup parameters for SQL Executive service. Error 1057 occurred. The account name is invalid or does not exist."
Looking in Technet, I found that if "log on as a service" isn`t set you could get this message but I`ve check/re-checked, had someone else check and it`s set.
Any help would be appreciated!
View 1 Replies
View Related
Jan 1, 2006
Hi, need help
Yesterday Installed MSSQL Server 2005 Developer Edition
on Windows XP SP2
IIS 5.1
Windows Authentication
login/psw the same as login to Windows
Everything was ok, can log to server and play with Database Engine
But today can't login.
================================================== =====
TITLE: Connect to Server
Cannot connect to MyPCName.
ADDITIONAL INFORMATION:
Login failed for user 'MyPCNameMyLogin'. Reason: The account is disabled. (MS Server, Error: 18470)
------------------------------
Server Name: MyPCName
Error Number: 18470
Severity: 14
State: 1
Line Number: 65536
------------------------------
Program Location:
at System.Data.SqlClient.SqlInternalConnection.OnErro r(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndW arning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlInternalConnectionTds.Com pleteLogin(Boolean enlistOK)
at System.Data.SqlClient.SqlInternalConnectionTds.Ope nLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ct or(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlConnectionFactory.CreateC onnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionFactory.Creat eNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
at System.Data.ProviderBase.DbConnectionFactory.GetCo nnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenCo nnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.SqlServer.Management.UI.VSIntegration.Ob jectExplorer.ObjectExplorer.ValidateConnection(UIC onnectionInfo ci, IServerType server)
at Microsoft.SqlServer.Management.UI.ConnectionDlg.Co nnector.ConnectionThreadUser()
================================================== ====
Is it possible to enable this account again?
View 3 Replies
View Related
Jul 20, 2005
Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
View 1 Replies
View Related
May 2, 2007
I am attempting to implement tighter security on my instances of SQL Server 2005. One of my tasks is to make sure that the service account for the SQL Server service has the minimum privileges necessary to run the service. I thought I had everything configured correctly, but then I realized that the "SQLServer2005MSSQLUser" Windows group was a member of the "sysadmin" fixed server role. I do not want the service account to be a sysadmin, so I removed the service account from this group.
Everything seemed to be working, until I received a call from one of our developers. He was attempting to execute a stored procedure, and he kept getting the following error: "An error occurred during decryption".
I looked up the error, and found out it is related to the service master key. I am using the same service account that I did when I installed SQL Server, so I am baffled as to why I am receiving this error. The error was resolved when I added the service account back to the "SQLServer2005MSSQLUser" Windows group and restarted the SQL Server service.
Do have any idea what might be happening here?
View 3 Replies
View Related
May 1, 2007
I am attempting to configure my SQL Server instance to use a service account with the minimum privileges. I thought I had everything configured correctly, when I realized that having the service account as a member of the "SQLServer2005MSSQLUser" Windows Group meant that the service account was now in the "sysadmin" fixed server role. This was not the configuration I wanted.
I went through the Books Online article "Setting Up Windows Service Accounts" and made sure the login had access to the appropriate folders used by SQL Server. Then I stopped the SQL Server service and tried to restart it, without success. These are the error messages:
Code Snippet
SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
FCB::Open failed: Could not open file E:MSSQL$STAGINGDatamodel.mdf for file number 1. OS error: 5(Access is denied.).
TDSSNIClient initialization failed with error 0x5, status code 0x1.
TDSSNIClient initialization failed with error 0x5, status code 0x90.
I checked some other posts on this board, and they suggested the problem might be that the "VIA" protocol was enabled. I checked for this protocol in the Configuration Manager, and it is DISABLED in both the SQL Server 2005 Network Configuration and the SQL Native Client Configuration. What else could be causing this error?
The errors do not occur when I add the service account back to the "SQLServer2005MSSQLUser" Windows Group. The SQL Server service starts successfully when the account is back in this group.
Here are my answers to the questions posted at the top of this board:
What is the MS SQL version? - SQL Server 2005 SP2 (9.00.3054.00)
What is the SKU of MS SQL? - Enterprise Edition (SKU ID: 1804890536)
What is the SQL Server Protocol enabled? - TCPIP, Named Pipes
Does the server start successfully? - NO
If not what is the error messages in the SQL server ERRORLOG? - See above.
If SQL Server is a named instance, is the SQL browser enabled? - YES
What is the account that the SQL Server is running under? - Domain Account
Do you make firewall exception for your SQL server TCP port if you want connect remotely through TCP provider? Not applicable, Windows Firewall is not used
Do you make firewall exception for SQL Browser UDP port 1434?
Not Applicable, Windows Firewall is not used
View 7 Replies
View Related
Feb 28, 2007
Hi There
When i go to configuration manager and change the sql server service to run as a domain account i get the following error:
No mapping between account names and security IDs was done.
This is Sql Server Express running on a domain controller - Windows Server 2003 R2.
Everything i find ont he net refer to IIS, DHCP etc etc , i cannot find the issue regrading sqls server configuration manager.
Thanx
View 13 Replies
View Related
