I'm using our development ID to set up peer-to-peer replication. I am following the steps outlined in the BOL using SQL Studio 2005. When I created the initial publication, I read the section on permissions and assigned the development login ID db_owner. Indeed, to eliminate any possible issues (I thought), I gave it db_datareader, db_datawriter, and all the db admin rights and made very sure the db_denydatareader and db_denydatawriter roles were not checked. I did this through the Logins section of the Security folder and applied the same rights to both the distribution and the publication database. Nevertheless, when I run the LogReader agent job, it fails with the message for step 2 that:
Executed as user: ourdomsqldev. A required privilege is not held by the client. The step failed.
The dev ID essentially has sa rights to the server and all the databases. It is also a domain authenticated ID. Any ideas what's causing this problem? I really need to get the replication going reliably before the weekend is out.
I keep getting this error message on the subscription execution, even though the account is a domain administrator. Both publisher and subscriber are on the same domain. Can someone tell me what is the problem?
Message Replication-Replication Distribution Subsystem: agent [Agent Name] failed. Executed as user: [Domain]administrator. A required privilege is not held by the client. The step failed.
I am getting this error message "Replication-agentclassname: agent F1TESTSQLSERVER20-ELC-ELC_Pub-F1TESTSQLExpress-39 failed. Executed as user: . A required privilege is not held by the client. The step failed." All the users replication agents have failed and I am looking on how to resolve this serious error. Where do I start? I am using merge replication.
I running SSIS package job without sql agent , it is working fine.when i am running through sql agent not running.
created Proxy account job failed and give above error. Server is cluster and taking data from desktop. server is in one domain and desktop in another domain.
I would appreciate any help here at all. I am pulling my hair out!
I am unable to start the snapshot agent or log reader agent from within SQL management studio. it fails on executing step 2 with unknown username or bad password.
I have checked all account details and they are correctly using my domain admin account. I can connect to SQL using teh same account and it also has sysadmin permissions.
If i copy the step 2 paramters and start from the cmd prompt (again logged in using the same domain account) they both start fine.
I am testing peer to peer replication in our environment. I simulated a three node peer to peer topology and a local distributor.
For some wierd reason I cannot get the Log Reader Agent and snapshot agent to start. The domain account under which SQL Server Agent runs has administrator previlage on the box. I also use a domain account for SQL Server Service. (none of the passwords changed).
This is the error I am getting - "Executed as user: abc. A required privilege is not held by the client. The step failed"
We restored a database with replicated tables. Now, the Log Reader Agent will not run. This displays: "The process could not execute 'sp_repldone/sp_replcounters' on 'ourservername'." In Error Details for the agent: "The process could not set the last distributed transaction." And, from the logs: "ForwardLogBlockReadAheadAsync: Operating system error 998(Invalid access to memory location.) encountered."
Does anyone know how we get the Distribution database and the Log Reader running again? It is only affecting Transactional replication (not snapshot or merge).
HELP>>> I am getting desperate we recently had a failure which ended up wrecking my replication. The basic layout is from a source server -> Distribution Server then out to several other servers. Long story short the distribution database had to be moved to a new drive and I am now getting the following error message
The specified LSN (0003d4f0:0000721e:001b) for repldone log scan occurs before the current start of replication in the log (0003d63a:00002803:0001). (Source: fsdpdcis (Data source); Error number: 18768) --------------------------------------------------------------------------------------------------------------- The process could not set the last distributed transaction. (Source: fsdpdcis-DPDDATA-1 (Agent); Error number: 22017)
I have reinitialized all subscriptions on the fsdpdcis server and run subscription validation (with no response). The data did re-load during the reinitialization but does not seem to be getting updated. This is driving me crazy and I am desperate. Any suggestions would be greatly appreciated. I have search MS knowledge base with no results and BOL has not been any help so far.
I recently set up transactional replication from one server database to another server database. I keep getting a Log Reader Agent error: An access violation occurred.
The SQL Server agent starts under one Windows account but the Server is registered under the system account. The log reader agent is using the system account.
I'm not sure what else to check or what database permissions or roles should be set. Can somebody help? Thanks.
Hello, by mistake I added an queue reader agent to a distribution database. But how can I drop the queue agent. There isn't a stored proc 'sp_dropqreader_agent'. The only way I found (apart from dropping the whole distribution databse) is to stop and disable the generated job!
Is there any other way to get rid of the queue reader agent ?
among our server-agent jobs is one for the log-reader-agent and its run status is displayed as error though the log-reader is working correctly, replication is working fine. it had hit an error some days ago after an unexpected shutdown - but it has been auto-restarted correctly on restart of the sql-server agent. now - what can i do to get back to a sensible run-status report? i have already deleted the job-history with the hope that this might help - but it didn't. should i just stop and restart the job again? can i somehow delete the status in the jobhistory? i would gladly appreciate any ideas because it's making me just mad to have a 'failed' job status on the monitor *g*
I've set up transactional replication with queued updating. If I stop the queue reader agent through EM, I can't start it again. Agent's history says "Queue Reader aborting. The step failed."
On one of our servers the sqlseragent was running fine. But now it is not running. We se the option to start the server agent each time the OS starts. Even when I tried to start the agent manually from service manager it is not starting. Would any one help on this urgently.
Also how can we identify under what account any job runs. The reason is when we deleted some NT user accounts one of the job failed as this job runs under that userid. But in the properties it shows that sa is the owner of that job. What is best way to create a job so that these jobs run under one userid so that it won't fail when we delete users.
As you see in the images the connection is closing. During the read it counts 5 columns which is correct. When I step through the code it closes the connection when it hits dt.Load(reader) and nothing is loaded into the datatable.
------------------------------------------------------------AS I STEP THROUGH -----------------------------------------------------------------------------------------------------------------------
HelloI have recently decided to upgrade my programs to enable users to have mssqldatabases instead of access.I have since then run into many incompatibilities between their sql:access has IIF(x>y,a,b) whereas mssql hase case when (this already meanshundreds of changes in queries)it does not have format(number,'#,##0.00') or format(date,'dd.MM.yyyy') butmost surprising is following:access allows this while mssql reports error ("Cannot perform an aggregatefunction on an expression containing an aggregate or a subquery")SELECT ....SUM(a*b/(SELECT SUM(c) FROM d WHERE e=f))FROM ...(a-f are fields and tables )I am totaly dissapointed in MS since I will have to have two variants ofqueries in programs just to enable users to choose between databases.Does anyone know an MS e-mail where I could flame them
I had been trying to solve this error with no success :
One or more of the server network addresses lacks a fully qualified domain name (FQDN). Specify the FQDN for each server, and click Start Mirroring again.
The syntax for a fully-qualified TCP address is: TCP://<computer_name>.<domain_segment>[.<domain_segment>]:<port>
I had installed three instances on my local machine to test Data base mirroring :
Principal : running SQL Developer Instance
Mirror : running SQL Developer Instance .
Witness : Running SQL Express.
Database mirroring already enabled using startup flag : -T1400
i even tried to configure it with out a witness but still have the same error .
I used the follwoing server name in the mirroring wizard(not localhost) :
it is possible to grant all privilege (CRUD) to specified table to user. But, now, i want to grant all privilege (CRUD) of all tables, views, sp, ... of database to the user. is it possible?regards,
hi, can anyone help me out with this report.I need to produce a report for the database level user permission.like for a database: DB_A, I want to output as such:[SELECT] [INSERT] [UPDATE] [DELETE] [CREATE TABLE] .... otherpublic G Dguest D D D D Ddbo G G G G Guser_A G D D D GG stands for Grant and D stands for Deny.I need not only to look at direct grant/deny but also whether that useris a member of fixed database role and fixed server role. like dbo willhave G on all.I am trying to look into sysprotects table and looking at lines with id= 0 but I just can't get to know what different action and protecttypenumbers means!Many thanks
Hi friends, I have created a database DB1 using CREATE DATABASE DB1 command. Then i created login name using CREATE LOGIN login1 WITH PASSWORD = 'password1' command and created user name using CREATE USER user1 FOR LOGIN login1 command. Now i have to assign the user1 to the database DB1. Any one please tell me how to assign DB1 access privilege to user1?
My server administrator has created a few users as domain user privilege for connecting SQL server from my application. However it faild to connect, and
with Domain Admin privilege, my app is running ok.
I asked admin person to upgrade domain user privilege to connect SQL server,
but he couldn't do this for security reason, and told it should work with domain user.
Is it true for domain user to connect SQL server without any problem?
Do I need to add the user, domain user, into Logins of Security inside SQL server Enterprise Manager?
Or inside users of my database section of SQL server EManager?
Hi. Thru a sproc, I drop & re-create some temp tables.When I call that sproc from the client, though, I cannot drop thetables.I need to allow the user, say "Alex", to drop/create tables (actually,that would be DDL). Which role should "Alex" assume ? How do I do that?I run the following sproc named, say, "CREATE_TABLE" (SNIP):__________________________________________________ __________________Set @StrSQL = 'if exists (select * from dbo.sysobjects where id =object_id(N''[dbo].[' + @TableName + ']'') and OBJECTPROPERTY(id,N''IsUserTable'') = 1) drop table [dbo].[' + @TableName + ']'Exec (@StrSQL)Set @StrSQL = 'CREATE TABLE [dbo].[' + @TableName + '] ([GROUP] [varchar] (6) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,...........[Stuff] [varchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL) ON [PRIMARY]'Exec (@StrSQL)Set @StrSQL = 'GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo].['+ @TableName + '] TO [Alex]'Exec (@StrSQL)__________________________________________________ __________________As you can see, it is dynamic, because I need to repeat it for many@TableName values - that means, further more, that I will be executingthis in the context of the current user, Alex, and therefore I have togive Alex rights to both executing the sproc and to the tables referredto by the sproc, as specified by @TableName.I created a _TEST sproc which contains only the following:_______________________________________________CREATE PROCEDURE _TEST ASDROP TABLE [dbo].[SomeTable]RETURN_______________________________________________When I execute it from the client, thru ADODB, on user Alex, I get"User does not have permission to execute this operation on tableSomeTable"The table has been created thru "CREATE_TABLE", abovePlease help, I have to finish this tomorrow, and I'm under tons ofpressure.Thanks a lot,Alex.
I have a requirement to allow a user to restore a database and then create database users and add them to the db_owner database role. The user must not have sysadmin rights on the server.
The database restore works ok by placing the user in the dbcreator role.
There is a stored procedure to create the database user and alter role membership, I want the user to execute the sp as a different, higher privilege account so as not to give the user underlying permission to create users in the database.
USE [master] GO
/****** Object: StoredProcedure [dbo].[sp_create_db_users] Script Date: 22/07/2014 13:54:46 ******/ SET ANSI_NULLS ON GO
[Code] ....
The user has execute permission on the stored procedure but keeps getting the error:
Msg 916, Level 14, State 1, Line 2
The server principal "Mydomainadmin1" is not able to access the database "Mydatabase" under the current security context.
Mydomainadmin1 has dbowner to Mydatabase and sysadmin rights for server. If the 'execute as' is changed to 'caller' and run by mydomainadmin1 it works so the issue is between the execute sp and the actual running of the procedure.
An old website I inherited uses sa to connect to SQL SessionState and had the details in the web.config. This is bad for security.The session state database is of -sstype "t" which is defined as:Temporary. Session state data is stored in the SQL Server tempdb database. Stored procedures for managing session state are installed in the SQL Server ASPState database. Data is not persisted if you restart SQL. This is the default.What kind of WIndows user, SQL Login, role and permissions do I need to create to make Session State secure? (Windows Server 2012 and SQL Server 2012 mixed mode authentication, Webfarm).
- restore a backup of a 3rd party database onto one of our servers - this has no users that I can use - there is some ETL processing so we're using Control-M to manage the process - create a database user and grant it db_reader.
I'd like to do this without granting any users elevated privileges if possible.
What I've done so far is grant the Control-M user (this is a domain user) dbcreator rights and made it owner of our copy of the database that is being refreshed.
The refresh is completing, but Control-M is not able to log onto the database to create the user.
What is the best way to accomplish this task without granting the control-m user sysadmin rights?
Would I be able to do it if I used a SQL Agent job for the restore and user creation?
I've read all the posts... set the security policy (for the service account running SQL Server) to lock pages in memory... ran gpupdate... still same error... HELP !!!!
when I run a package from a command window using dtexec, the job immediately says success. DTExec: The package execution returned DTSER_SUCCESS (0). Started: 3:37:41 PM Finished: 3:37:43 PM Elapsed: 2.719 seconds
However the Job is still in th agent and the status is executing. The implications of this are not good. Is this how the sql server agent job task is supposed to work by design.
I am relatively new to sql developer. There is a new user that just joined our organization. I am trying to grant him the same direct grants privilege to the tables that an existing user has. The existing user has a ton of direct table access privileges and it will take days if I had to do each grant one by one like: grant select,insert,delete,update on 'table name' to 'user id'. Is there a way of copying or inserting an existing user's privilege and granting it to a new user.