Problem Changing SQL Service Account On Clustered Servers
Oct 24, 2006
I've run into a problem attempting to change my service account on the clustered servers from an administrative account to a non-privileged account under SQL Server 2005 Enterprise Edition. When I change the login properties in Configuration Manager I get the following error:
"The user already belongs to this group"
I'm then prevented from making any changes to the service account. I don't know what I'm supposed to do at this point to resolve the problem, so any assistance will be greatly appreciated.
View 3 Replies
ADVERTISEMENT
Mar 18, 2004
Has anyone ever converted from running SQL Server under the Local System account to running under a Domain User account?
I have often installed SQL using a Domain User account, but I am inheriting a couple of SQL Servers that were set up to run under Local System. I have never had to convert "on the fly" before.
If you have any input or insights, I would be grateful.
Regards,
hmscott
View 6 Replies
View Related
May 4, 2004
I have a SQL 2000 (SP3) running on a Windows NT 4.0 (SP6) box used in our test environment. The SQL Server was configured to run under the local system account before I got here. In an effort to standardize things, I tried changing the SQL Service account to run under a designated domain user account purpose built for the job. We use this particular account for all of our new-build servers (which are W2K). This domain account is configured to be a "Power User" on the NT 4.0 Server in question.
Soon after changing things over to run under the new account, all the developers complained that they could no longer connect to the server. I could through QA and EM, but none of the developers could.
The developers are using WebLogic and JDBC drivers for the most part. I wasn't aware that the SQL Server service account affected client connectivity. Was I wrong or is there something else at work here?
Thanks,
hmscott
View 4 Replies
View Related
Apr 16, 2008
We are running SQL Server 2000 on two servers and when they were built, the same domain account was used for all installations, and the MSSQLSERVER and SQLServerAgent services run logged in as that same account. That account is also the dbo of all the SQL databases. We now need to change the password and possibly disable that domain account.
What do we need to do to make sure the SQL Servers and databases continue to run without problems after making the password change and/or disabling the account?
I appreciate any advice!
View 6 Replies
View Related
May 31, 2006
Guys,
I have got WINDOWS 2000 Advanced Server and MS SQL SERVER 7.0 running on my live server. Now when we are planning for replication, we have found that SQL server will require to run under a domain account. At the moment there are so many ASP pages running on our server accesses different databases created using SQL server 7.0. Most of them are DSN connections to the database. Now if i create a domain account and restart the server and MS SQL services with the domain account, how is it going to effect the current web pages running on it?
Any help will be greatly appreciated.
Thanks
View 3 Replies
View Related
Nov 22, 2014
If you were to do a fresh install it would set permissions on the disk so everything just works.
Now when changing the service account (e.g. to a domain user) use the configuration manager, does it do the same magic (possibly sans if the database data/log files are on another disk)? Or do you need to trawl through the dozens of folders and assign rights manually?
View 1 Replies
View Related
Jan 5, 2006
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies
View Related
May 9, 2002
I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account
they fail with this error.
" Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Thank you in advanced.
Jorge
View 2 Replies
View Related
May 18, 2007
Hello! I have the following problem. I developed CLR Stored Procedure "StartNotification" and deploy it on db. This sp calls external web service. Furthermore, this sp is called according with SQL Server Agent Job's schedule. On my PC SQL Server works under Local System account and this web service is called correctly (Executed as user: NT AUTHORITYSYSTEM). But on ther other server the following exception is raised during job running:
Date 17.04.2007 16:42:10
Log Job History (FailureNotificationJob)
Step ID 1
Server MSK-CDBPO-01
Job Name FailureNotificationJob
Step Name MainStep
Duration 00:00:00
Sql Severity 16
Sql Message ID 6522
Operator Emailed
Operator Net sent
Operator Paged
Retries Attempted 0
Message
Executed as user: CORPmssqlserver.
A .NET Framework error occurred during execution
of user defined routine or aggregate 'StartNotification':
System.Security.SecurityException: Request for the permission of type
'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' failed. System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Net. The step failed.
What is the reason of this behaviour? Unfortunately I do not have direct access to this server.
I have the following guesses:
1) CORPmssqlserver may have not enough permissions to call web service
2) Something wrong with SQL Server account's permissions
2) Something wrong with SQL Server Agent account's permissions
I will take the will for the deed. Thanks.
View 1 Replies
View Related
Jul 30, 2007
Hi all,
I do understand that it is highly recomended to have aserprate user (perfered a domain user account) for each of the SQL Server service and SQL Agent service.
What is the reason behind that? (Someone told me to not run the service with an account that has a powerul privilegs! - I don't undrstanmd this point can you explain it please?)
What is the diffrent between: 1- Local System account 2 -Network Service account
Thanks in advanced!
CS4Ever
View 4 Replies
View Related
May 15, 2007
Microsoft recommends that you do not use the Network Service account to run the SQL Server service (see http://msdn2.microsoft.com/en-us/library/ms143504.aspx).
Can anyone tell me what the drawbacks are of doing this?
View 1 Replies
View Related
Dec 12, 2007
Okay now this is weird, today the Reporting Services was not running and here are the entries in the event log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7041
Date: 12/12/2007
Time: 9:47:22
User: N/A
Computer: TFS
Description:
The ReportServer service was unable to log on as DOMAINTFSREPORTS with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: ReportServer
Domain and account: DOMAINTFSREPORTS
This service account does not have the necessary user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, a Group Policy object associated with this node might be removing the right. Check with your domain administrator to find out if this is happening.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
I am the administrator of the machines and I can assure you that no domain policy has changed for a couple of weeks. What should I look for?
View 2 Replies
View Related
Jan 10, 2001
Is any one know of a way of changing the clustered index without creating in the middle the default clustered index
we have a big table that we use to switch the clustered index
whenever we change the clustered index we cannot change it directly we have
to drop the existing than the default clustered is built
and than we can built the new one - since it is a big table the process
takes a lot of time and I wonder if we can do it directly from one cluster
index to another
What we do not is running the following SQL:
-- remove the old index
drop index Tbl.I_oldId
GO
-- now create the newId as clustered
CREATE CLUSTERED
INDEX [I_newId] ON Tbl ([newId])
ON [PRIMARY]
GO
Any Idea ?
Thanks
David
View 2 Replies
View Related
Jun 30, 2000
I am trying to install failover support for my sql server 7.0 database on the in clustere server enviorment
Now We have operating system on two clusterd servers but just one common database disk
Now what will happen if i lose server A ( Active ) the server B will take over and use the same database . But what will
happen if database disk crashes IS it possible for me to replicate the data or use disk mirroring , or have one clustered
database server seperate
How does the database server cluster work ?
What kind of replication do i use for my backup support ?
what should be my recovery process ?
how can i use standby option on the database during recovery ?
Please try to reply as soon as possible
if you can also point to some documetation on the net that will also help
Also look at my current structure ( but this should not affect your answer )
Tables
group 1 --- 20 tables ( being replicated to server c )
group 2 ----60 tables
on cluster 1
Server A-- Holds Group 1 ( Transictional replication to server c )
on cluster 2
server B---(Production server ) Group 2 + Group 1
View 1 Replies
View Related
May 29, 2001
Hi All,
Just want to know if we can replicate data (Transactional Replication) from a clustered servers (server A and Server B are active-passive clustered running SqlServer 7) to another server C running SqlServer 7.
If yes, how to go about doing this. Any white papers, KB articles or books out there which will walk through the steps to do it.
Appriciate any help.
Thanks,
Sri
View 1 Replies
View Related
Jun 2, 2003
According to Microsoft, if you need to change the subnet for the clustered servers, you will need to either edit the registry or reinstall virtual SQL Server.
Does any one know which registry key(s) store the subnet information? I was reviewing the clustered key but was able to find the key for the IP address only.
Thanks ...byyu :D
View 4 Replies
View Related
Jan 29, 2004
I've been asked to write a script to monitor whether a clustered server is up and alive and if so which node it's actually running on. Apparently there's been some problems of failover to the passive server without anyone knowing that it happened and they want to know. Any suggestions?
View 9 Replies
View Related
Feb 27, 2015
After reading some comments here I decided to look at tables to see if any had a clustered index that was a unique identifier. Yep. So if I have a table with a unique identifier as the primary key/clustered index and an identity column that is indexed, I would like to make the identity a clustered index (maybe even the primary key) and make the unique identifier a unique non-clustered index (not the primary key).
Does this sound reasonable?If I do this will I need to drop and recreate the other indexes? Or maybe just rebuild the other indexes?
Currently:
CREATE TABLE Payments (
IDX INT IDENTITY(1,1) NOT NULL,
GUID UNIQUEIDENTIFIER NOT NULL DEFAULT(NEWID()),
.....
-- many other columns
);
GO
ALTER TABLE [dbo].[PAYMENTS] ADD CONSTRAINT [PK_PAYMENTS_GID] PRIMARY KEY CLUSTERED ([GUID] ASC);
GO
CREATE NONCLUSTERED INDEX [IX_Payments_ID] ON [dbo].[PAYMENTS] ([IDX] ASC);
GO
Would like:
ALTER TABLE [dbo].[PAYMENTS] ADD CONSTRAINT [PK_PAYMENTS_IDX] PRIMARY KEY CLUSTERED (IDX ASC);
GO
CREATE UNIQUE NONCLUSTERED INDEX [IX_Payments_GUID] ON [dbo].[PAYMENTS] (GUID ASC);
GO
View 9 Replies
View Related
Jun 29, 2006
Hi
I installed SQL Server 2005 Express Edition. When I try changing the account name, password in the SQL Server Configuration Manager, i.e. by clicking on Apply, the SQLEXPRESS restarts and the password gets replaced by a longer password. Also the user name gets prefixed with "./". Any help on this will be highly appreciated.
Another query: Do we have the query analyser (gui or command line) kind of thing in Express Edition? Also where can I get a proper documentation of doing elementary things in setting up a database, like creating a database, adding a user, etc)
Thanks and Regards
Roopesh
View 4 Replies
View Related
Sep 10, 2015
Is it possible to use registered servers feature in clustered environment and with different versions of Sql server like 2012 & 2014.
View 0 Replies
View Related
Jun 22, 2006
Hello,Being a bit of a SQL Server novice, need some advice with the followingsituation.Server A and Server B have SQLServer 2000 based databases. The vendorof the application/system has implemented their own replication processto ensure the 2 databases are in sync. However, there is no clusteringwith virtual IP addresses implemented. So to an external client/db, itis 2 identical databases with the same name on 2 distinct servers.We need to develop an application that will reside on a networkedserver C and with SQLServer 2000 as well. While most of the tables inthis database are self contained, around 10 tables will have to bemirror copies of the same tables from either Server A or Server B.Question, how do we implement subscription based replication on top ofa redundant database, when no clustering is implemented? So, inessence, when Server A is alive, the database on Server C willperiodically (or on change) replicate the 10 tables from Server A. WhenServer A is not alive, it needs to do same from server B. (When bothserver A and B are alive, it is acceptable to get data from either,since they are synchronized internally).Any alternate suggestions on achieving this functionality are welcometoo. If SQL Server 2005 has some capabilities that may address thisproblem, that is a consideration as well.Thanks
View 1 Replies
View Related
Feb 7, 2007
I am unclear as to which Ip address to change the standard port on. When setting up a cluster you have multiple IP address's including the nic that is used for the heartbeat. I have not found any documention on how to change both nodes to listen on a port other than 1433..
Any help would be greatly appreciated.
View 1 Replies
View Related
Sep 23, 2014
SQL 2012 Standard on Windows Server 2012 Standard
After observing brute force attacks on our VPS myhosting instance against the SA login, I change the SA login name. Now my two new backup jobs are failing. The agent service logs in as NT ServiceSQLSERVERAGENT. Nothing changed there (so far as I know and I'm the only one who should be on the VPS). The job owner was SA and after changing the SA account that was reflected in the SSMS gui; job owner 'newsaname'. I'm sure I can just rebuild the maintenance plans but I'd like to know what happened.
Also, I would like to learn more about the brute force attacks and how to determine what port they are comming in on. I see an IP address associated with them. Does that mean they are coming in on 1433 or 1434?
SQL 2012 Standard VPS Windows 2012 Server Standard
View 3 Replies
View Related
Jul 2, 2015
I have 4 servers, 2 each for application (Dev & Prod)
DEV 1 & DEV 2 are standalone serversĀ
Prod 1 & Prod 2 are Windows Clustered Servers.
From one application to other we do Distributed transactions. Dev 1 - Dev 2 or Dev 2 - Dev 1 can start DTC and working fine,but issue comes when Prod 1 - Prod 2 or Prod 2 - Prod 1. I get error messageĀ OLE DB provider "SQLNCLI" for linked server "xyz" returned message "No transaction is active.".
Msg 7391, Level 16, State 2, Line 3
The operation could not be performed because OLE DB provider "SQLNCLI" for linked server "xyz" was unable to begin a distributed transaction.
I have tested Dev 1 - Prod 1, Dev 1 - Prod 2, Dev 2 - Prod 1, Dev 2 - Prod 2 everything is working fine only Production servers are causing issue.
I enabled all settings needed for DTC on Cluster MSDTC service but no luck.
View 2 Replies
View Related
Jan 24, 2007
I have read all the FAQs on restore and find myself still confused.
So I apologize if the information is there and I am missing it.
I want to move the databases from an old server to a new server, brand new, will be the same name and IP address once the database is transfered.
Everything I have read says do a full back up and then restore onto the new server. Makes sense so far, my question is how does the Database Master get handled?
Is it necessary to restore it?
If so what is the best way to go about it?
Thanks for your help
View 12 Replies
View Related
Jul 20, 2005
Greetings:I am trying to conceive what risks might be created by runningmultiple SQL servers within a domain under a single domain account, asopposed to 1) running under the local service account or 2) multipledomain service accounts.In this case, all the SQL servers are SQL2000 running on Win2003. Theservice account is assigned only to the "Domain Users" group.We do use linked server calls, and I have played and suceeded gettingKereberos up to avoid double hop issues when using Windows Auth. Infact, this is one of the reasons that sparked the question in my mind-- in all the MS Kerebos SQL<->SQL examples, the SQL servers run undera unique service account.As an aside, most of the servers are "line of business" servers, butHR runs under a unique server with more sensitive information. I don'treally think that merits a seperate service account, but again, Icould well be missing something.I mostly looking for food for thought, but concrete examples ofgotchas would be appreciated.Thanks all.d.
View 2 Replies
View Related
Apr 24, 2007
Hi.
While hardening a ms-sql2000 , I faced with a problem and I`m completely lost !
few days of reading and google searchs didn't gave me any hint...
Here's the scenario :
Ms-sql is connected to Oracle , through "MS OLE DB provider for Oracle" .
By default MS-SQL runs as SYSTEM , but even if we change it to a "local admin"
account , everything works fine .
The problem is that it's not wise to let sqlservice to run under privilaged accounts such
as system or a member of 'local administrators' . So I tried a normal local user on the
host running sql . I fixed every related problem appearing because of using a limited user
account and ms-sql works fine in all aspects but one !
While using normal-user account , sql-server fails to load linked-servers and this error
pops up in enterprise-manager :
"OLE/DB Provider 'MSDAORA' IDBInitialize::Initialize returned 0x80004005:
The provider did not give any information about the error."
I've tried much to find root of this error ( including any comments from related KB articles... ) but no luck . My guess is that , using OLE requires administrative privileges on host , and as I'm running SqlService with normal user, it fails to use OLE. So I should give requried permissions to the user running SqlService . But the problem is that I've no idea where/how I should do that. I've already tried some registry/file permissions but non of them helped me.
Some where I red that using ODBC instead of OLE may help , but that seems fail too !
*Note that I'm almost sure it`s a problem OUT of circle of ms-sql , meaning any modifications should apply OUT of ms-sql , because simply giving local administrative privileges to the user, fix the problem.
Any comments?
regards
Hamid.K
View 4 Replies
View Related
Apr 28, 2007
Hi ,
I've asked about my problem previously in "sql server security" forum ,but
no hint . so I've been redirected here .
here's my problem :
http://forums.microsoft.com/msdn/showpost.aspx?postid=1513189&SiteID=1
View 2 Replies
View Related
Oct 9, 2007
How can I find account that the SQL Server service is using ?
Plz help.
View 1 Replies
View Related
Jan 9, 2008
Hi,
We've had this issue for awhile, but I have not been able to find a resolution for this. We have 2 identical servers (hardware & software) set-up: IBM x3850-(88633RU) running Windows Server 2003 Enterprise x64 (5.2.3790 SP1 Build 3790 R2). Server A was running SP1 (Build 9.0.2047) on a 3-node active-passive-passive failover cluster. Server B was running SP2 + Hotfix KB933097 (Build 9.0.3152) on a 2-node active-passive failover cluster. Both these servers are heavily utilized, and when originally installed with these versions of SQL Server Enterprise 2005 experienced no issues during or post-install. The original install of SQL 2005 Enterprise on both these servers had the Cluster Group Selection "Data files" setting changed to "M:MICROSOFT SQL SERVER" so that all system dbs and binaries would be installed to that location. On Server B where SP2 had already been applied, the update was downloaded on May 1, 2007, well after the GDR issues which had been plaguing SP2 releases was supposed to have been resolved.
Our problems began the night when we tried to apply hotfix KB933097 on Server A, and cumulative update packages 1,2,3 on Servers A & B, as well as catch-up the same SP2 and hotfix packages on other non-clustered servers where default system db locations remained the same. On all servers other than Servers A and B, the installs proceeded smoothly and without issue.
On Server B, which was already running SP2 + Hotfix KB933097, we tried installing Cumulative Update Package 1 (Build 9.0.3161) on the primary node. The install proceeded until the following errors were encountered:
"[Microsoft][SQL Native Client][SQL Server]Cannot find the object 'dm_exec_query_resource_semaphores', because it does not exist or you do not have permission."
"[Microsoft][SQL Native Client][SQL Server]Cannot find the object 'dm_exec_query_memory_grants', because it does not exist or you do not have permission."
After this, the setup finished with the message "Product: Microsoft SQL Server 2005 (64-bit) - Update 'Hotfix 3161 for SQL Server Database Services 2005 (64-bit) ENU (KB935356)' could not be installed. Error code 1603. Additional information is available in the log file C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGHotfixSQL9_Hotfix_KB935356_sqlrun_sql.msp.log."
We rebooted the server and tried several times to reinstall the hotfix as sa and as the database service account with full windows and sa credentials, each time with no success, and rebooting between retries. All other components were installed successfully. We were hesitant to try uninstalling the hotfix, since it was unable to be removed successfully in previous attempts. However, when I connected to Database Engine using Management Studio, I found that the version of SQL being reported was in fact Build 9.0.3161! Everything also appeared to be running properly.
I tried to to Google the answer, but could only find information as applied to SP1 when system dbs master and mssqlsystemresource were located on different locations (http://support.microsoft.com/default.aspx?scid=kb;EN-US;918695 ). I had already verified that all system dbs, including the ones mentioned, were originally and currently located together on M:Microsoft SQL ServerMSSQL.1MSSQLData.
Finally I contacted a fellow DBA who advised me to continue installing all the other hotfixes, and then compare all SQL files against other servers where the install succeeded to ensure all system files were updated correctly (matching file sizes and datetime stamps). Since we were depending on a fix in Cumulative Update Package 3 to fix a critical log-shipping security issue, I went ahead with the rest of the installs, getting the same error with each package, rebooting between each install.
We found after the final install that the mssqlsystemresource files in the M:Microsoft SQL ServerMSSQL.1MSSQLData
directory were in fact updated after each install with a new timestamp, and that all files in C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinn matched on both file size and timestamp. The log-shipping security issue we were looking to fix also appeared to be resolved by the last update.
On Server A, which was running SP1 (Build 9.0.2047), we installed the same SP2 package as we had on Server B with no issue. We rebooted and then tried to apply the same Hotfix KB933097 (Build 9.0.3152) that had been applied successfully on Server B and found to our surprise that the same errors were being generated here as well. We continued to apply the rest of the hotfixes so that both servers matched software updates. Comparing the above directories showed that files seemed to have been updated, even though database services appeared to be not installed.
It looks like we now need Cumulative Update 5 hotfix package in order to deal with WMI alerting issues, but I'm afraid to apply it until we have a known resolution for the past errors.
Since this issue was supposed to be resolved by SP2, I'm not sure why these post-SP2 hotfixes should fail. It seems to me to be an issue of the directory location of the system files which is in question.
I can post the hotfix log files as well, if anyone is interested in seeing them.
Any help would be greatly appreciated. As well, does anyone have any idea when SP3 is scheduled to come out? I really don't like applying hotfixes which are usually untested for general purposes, and it seems Microsoft is delaying this in favour of releasing SQL 2008.
View 6 Replies
View Related
Jun 12, 2008
hi.. i do not know which to choose when my installation comes to the service account page ..
should i use the local system or write the domain user account ?
i use domain user account .. but what is my domain ?
View 1 Replies
View Related
Jan 22, 2002
Folks,
MSSQLServer and SQL Server Agent services under NT are running under a system account under our domain (setup many moons ago) for which we have lost the passsword. Is there any way we can recover these passwords?
Thanks.
Sam
View 1 Replies
View Related
Aug 25, 2000
Hi,
I am trying to set properties on a SQL Server7, but when I get to the tab for 'Startup Service account', it is greyed out. Also, the same for properties for SQL Server Agent.
Why can't I change it?
To schedule jobs, and have SQL mail, don't I need to set up a Startup Service Account?
Thanks for your help,
Judith
View 4 Replies
View Related
