Removing Service Account From SQLServer2005MSSQLUser Causes Decryption Error

May 2, 2007

I am attempting to implement tighter security on my instances of SQL Server 2005. One of my tasks is to make sure that the service account for the SQL Server service has the minimum privileges necessary to run the service. I thought I had everything configured correctly, but then I realized that the "SQLServer2005MSSQLUser" Windows group was a member of the "sysadmin" fixed server role. I do not want the service account to be a sysadmin, so I removed the service account from this group.



Everything seemed to be working, until I received a call from one of our developers. He was attempting to execute a stored procedure, and he kept getting the following error: "An error occurred during decryption".



I looked up the error, and found out it is related to the service master key. I am using the same service account that I did when I installed SQL Server, so I am baffled as to why I am receiving this error. The error was resolved when I added the service account back to the "SQLServer2005MSSQLUser" Windows group and restarted the SQL Server service.



Do have any idea what might be happening here?

View 3 Replies


ADVERTISEMENT

Error After Service Account Removed From SQLServer2005MSSQLUser Group

May 1, 2007

I am attempting to configure my SQL Server instance to use a service account with the minimum privileges. I thought I had everything configured correctly, when I realized that having the service account as a member of the "SQLServer2005MSSQLUser" Windows Group meant that the service account was now in the "sysadmin" fixed server role. This was not the configuration I wanted.



I went through the Books Online article "Setting Up Windows Service Accounts" and made sure the login had access to the appropriate folders used by SQL Server. Then I stopped the SQL Server service and tried to restart it, without success. These are the error messages:




Code Snippet

SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

FCB::Open failed: Could not open file E:MSSQL$STAGINGDatamodel.mdf for file number 1. OS error: 5(Access is denied.).

TDSSNIClient initialization failed with error 0x5, status code 0x1.

TDSSNIClient initialization failed with error 0x5, status code 0x90.



I checked some other posts on this board, and they suggested the problem might be that the "VIA" protocol was enabled. I checked for this protocol in the Configuration Manager, and it is DISABLED in both the SQL Server 2005 Network Configuration and the SQL Native Client Configuration. What else could be causing this error?



The errors do not occur when I add the service account back to the "SQLServer2005MSSQLUser" Windows Group. The SQL Server service starts successfully when the account is back in this group.



Here are my answers to the questions posted at the top of this board:



What is the MS SQL version? - SQL Server 2005 SP2 (9.00.3054.00)

What is the SKU of MS SQL? - Enterprise Edition (SKU ID: 1804890536)

What is the SQL Server Protocol enabled? - TCPIP, Named Pipes

Does the server start successfully? - NO

If not what is the error messages in the SQL server ERRORLOG? - See above.

If SQL Server is a named instance, is the SQL browser enabled? - YES

What is the account that the SQL Server is running under? - Domain Account

Do you make firewall exception for your SQL server TCP port if you want connect remotely through TCP provider? Not applicable, Windows Firewall is not used

Do you make firewall exception for SQL Browser UDP port 1434?
Not Applicable, Windows Firewall is not used

View 7 Replies View Related

SQL Server 2008 :: Error Occurred During Service Master Key Decryption

Mar 13, 2015

I have a SP SQL server that uses Handshake for the web parts. I am getting an error on SharePoint about 'An error occurred during Service Master Key Decryption' inside the web parts of the page, everything else comes up, from what I have researched MS says go under SQL Configuration Manager and change the service account. Is this the correct course of action for this type of error? I am just having a hard time believing that changing the engines service account will stop this issue, this account is used on several SQL server with no issues.

MCSA SQL Server 2012

View 1 Replies View Related

Whether To Use Local System Account Or Domain Account For Service Account

Jan 5, 2006

During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services.  I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.

View 6 Replies View Related

SQL Executive - Service Startup Account Error

Aug 5, 1998

Hello all,

I just inherited a SQL Server that was set up by a non-DBA. It`s running NT 4.0 and SQL Server 6.50 - 6.50.201 (the vendor hasn`t certified the product on SP4). I am trying to change the SQL Executive Service to use a non-system logon account. The account that I want to use is running SQL Executive on 9 other servers.

I went into Usrmgr and added the account to the administrators group. Made sure that it has rights to:
log on as a service, log on as a batch job, increase quotas, act as part of the operating system, replace a process level token.

When I try to change to that id in services, I get the following error:

"cannot set the startup parameters for SQL Executive service. Error 1057 occurred. The account name is invalid or does not exist."

Looking in Technet, I found that if "log on as a service" isn`t set you could get this message but I`ve check/re-checked, had someone else check and it`s set.

Any help would be appreciated!

View 1 Replies View Related

Error Logon Failed - SSRS Service User Account Rights

Jun 12, 2006

I am facing a problem which is based on the restrictions on the domain of the customer. After deplyoing the report on the server we are getting the following error message in the report manager after executing (clicking) a report link:



Logon failed.

Logon failure: the user has not been granted the requested logon type at this computer. (Exception from HRESULT: 0x80070569)

I googled for that and it seems to be an authentication issue where some user / account is not granted to log on as service / locally, but the problems is better described than the solutions. Did anyone faced that problem so far ? Which account has to be granted what priviledges or permissions in Windows. We are using a SQL Server 2005 / Reporting Services 2005 running on the same machine whereas the virtual directories Reports and Reportserver are running in a separate Application Pool



Thanks,





Thomas

View 6 Replies View Related

Error Message Web Service Account Not Setup How Do I Set One Up On Local Computer, Just For Training

Jan 31, 2008

Help, Had configuration error trying to set up reporting services. Uninstalled SQL Server and Reinstalled, but not all files were removed. How many files and directories do I have to remove to get Reporting Services to work?

Thanks!
Terry<Header>
<Product>Microsoft SQL Server Reporting Services Version 9.00.1399.00</Product>
<Locale>en-US</Locale>
<TimeZone>Central Standard Time</TimeZone>
<Path>C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFilesReportServerService__main_01_31_2008_16_16_12.log</Path>
<SystemName>JPADESKTOP1</SystemName>
<OSName>Microsoft Windows NT 5.1.2600 Service Pack 2</OSName>
<OSVersion>5.1.2600.131072</OSVersion>
</Header>
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing ConnectionType to '0' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing IsSchedulingService to 'True' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing IsNotificationService to 'True' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing IsEventService to 'True' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing PollingInterval to '10' second(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing WindowsServiceUseFileShareStorage to 'False' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing MemoryLimit to '60' percent as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing RecycleTime to '720' minute(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing MaximumMemoryLimit to '80' percent as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing MaxAppDomainUnloadTime to '30' minute(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing MaxQueueThreads to '0' thread(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing IsWebServiceEnabled to 'True' as specified in Configuration file.
ReportingServicesService!configmanager!4!1/31/2008-16:16:12:: w WARN: WebServiceAccount is not specified in the config file. Using default: JPADESKTOP1ASPNET
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing MaxActiveReqForOneUser to '20' requests(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing MaxScheduleWait to '5' second(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing DatabaseQueryTimeout to '120' second(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing ProcessRecycleOptions to '0' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing RunningRequestsScavengerCycle to '60' second(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing RunningRequestsDbCycle to '60' second(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing RunningRequestsAge to '30' second(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing CleanupCycleMinutes to '10' minute(s) as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing DailyCleanupMinuteOfDay to default value of '120' minutes since midnight because it was not specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing WatsonFlags to '1064' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing WatsonDumpOnExceptions to 'Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException,Microsoft.ReportingServices.Modeling.InternalModelingException' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing WatsonDumpExcludeIfContainsExceptions to 'System.Data.SqlClient.SqlException,System.Threading.ThreadAbortException' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing SecureConnectionLevel to '0' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing DisplayErrorLink to 'True' as specified in Configuration file.
ReportingServicesService!library!4!1/31/2008-16:16:12:: i INFO: Initializing WebServiceUseFileShareStorage to 'False' as specified in Configuration file.
ReportingServicesService!servicecontroller!9!1/31/2008-16:16:13:: Total Physical memory: 1055309824

View 1 Replies View Related

DTS Fails As A Job With Service Startup Account As &#34;System Account&#34;

May 9, 2002

I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account
they fail with this error.
" Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"

The data has change access to the System account under the NT security.

Thank you in advanced.

Jorge

View 2 Replies View Related

What Permissions Are Required For SQL Server Service Account To Call Web Service Using CLR Integration?

May 18, 2007

Hello! I have the following problem. I developed CLR Stored Procedure "StartNotification" and deploy it on db. This sp calls external web service. Furthermore, this sp is called according with SQL Server Agent Job's schedule. On my PC SQL Server works under Local System account and this web service is called correctly (Executed as user: NT AUTHORITYSYSTEM). But on ther other server the following exception is raised during job running:
Date 17.04.2007 16:42:10
Log Job History (FailureNotificationJob)

Step ID 1
Server MSK-CDBPO-01
Job Name FailureNotificationJob
Step Name MainStep
Duration 00:00:00
Sql Severity 16
Sql Message ID 6522
Operator Emailed
Operator Net sent
Operator Paged
Retries Attempted 0

Message
Executed as user: CORPmssqlserver.
A .NET Framework error occurred during execution
of user defined routine or aggregate 'StartNotification':
System.Security.SecurityException: Request for the permission of type
'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' failed. System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Net. The step failed.

What is the reason of this behaviour? Unfortunately I do not have direct access to this server.
I have the following guesses:
1) CORPmssqlserver may have not enough permissions to call web service
2) Something wrong with SQL Server account's permissions
2) Something wrong with SQL Server Agent account's permissions
I will take the will for the deed. Thanks.

View 1 Replies View Related

User Account Per SQL Server Service && SQL Agent Service, Why?

Jul 30, 2007

Hi all,
 I do understand that it is highly recomended to have aserprate user (perfered a domain user account) for each of the SQL Server service and SQL Agent service.
What is the reason behind that? (Someone told me to not run the service with an account that has a powerul privilegs! - I don't undrstanmd this point can you explain it please?)
What is the diffrent between: 1- Local System account 2 -Network Service account
 
Thanks in advanced!
CS4Ever

View 4 Replies View Related

Running SQL Service Under Network Service Account

May 15, 2007

Microsoft recommends that you do not use the Network Service account to run the SQL Server service (see http://msdn2.microsoft.com/en-us/library/ms143504.aspx).



Can anyone tell me what the drawbacks are of doing this?

View 1 Replies View Related

TFSREPORTS Service Account Does Not Have The Necessary User Right Log On As A Service.

Dec 12, 2007

Okay now this is weird, today the Reporting Services was not running and here are the entries in the event log:


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7041
Date: 12/12/2007
Time: 9:47:22
User: N/A
Computer: TFS
Description:
The ReportServer service was unable to log on as DOMAINTFSREPORTS with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.

Service: ReportServer
Domain and account: DOMAINTFSREPORTS

This service account does not have the necessary user right "Log on as a service."

User Action

Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.

If you have already assigned this user right to the service account, and the user right appears to be removed, a Group Policy object associated with this node might be removing the right. Check with your domain administrator to find out if this is happening.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp

I am the administrator of the machines and I can assure you that no domain policy has changed for a couple of weeks. What should I look for?

View 2 Replies View Related

SQL Error 15466: Decryption

Jun 15, 2007

Hi

I get a strange error on my SQL Server 2005 database when I try to start replication.

Here is the manipulation leading to my problem:
1. Install new Windows server 2003 and SQL Server 2005 STD, service pack 2.
Server is part of a domain.
SQL2k5 is running under the LocalSystem account on each machine.
2. Get a copy of yesterday's full backup and transaction logs from running production SQL2k5 server.
3. Restore master, model, msdb and other user databases.
4. Try to start replication using the wizard.
I get the following error message

Msg 15466 sp_addlinkedsrvlogin
An error occurred during decryption.
Msg 15185 no remote user distributor_admin


I suspect this problem has to do with master service keys but need some advice. I am not sure it is related to the master restore since it also occurs on the production machine.


What should I do with this error message ?



TIA



Stephane

View 1 Replies View Related

Error 15466 An Error Occurred During Decryption

Nov 13, 2007



i cann't create the credential.
when i type the user and password. i get error 15466 An error occurred during decryption.
the first time i use this code
Use master
crate credential outs_cred with identity='DomainNameAdministrator',secret='xxxxkmn'


i will get error 15466 An error occurred during decryption.


but i use this code (no secret)
Use master
crate credential outs_cred with identity='DomainNameAdministrator'
i will create the Credential success.

Why??

Best regards,
Mr.Problem

View 10 Replies View Related

Removing SQL 2005 Express Service

Jan 18, 2008

I read on MSDN how to manually uninstall the instance of SQL server 2005 express, however i am not sure that it will remove the service. The reason i need to do this is that an application i have installed SQL Server 2005, and also QPulse5 SQL Server. I have two instances and it is giving me compile issues which i believe is related to having both services. I did add/remove programs and reinstalled just SQL Server 2005 and recieved error message saying that the service failed to start. The whole problem of this occured when we ran DCPromo with SQL installed. After we did we relized you could not promote with SQL Server. I understand that it is not recommended running SQL Server on a DC, however we did not have a choice. I am hoping someone here may have a solution for this. If there is any other information you need just let me know. Thanks

View 1 Replies View Related

SQL Service Account

Oct 9, 2007

How can I find account that the SQL Server service is using ?
Plz help.

View 1 Replies View Related

Installl Service Account

Jun 12, 2008

hi.. i do not know which to choose when my installation comes to the service account page ..
should i use the local system or write the domain user account ?
i use domain user account .. but what is my domain ?

View 1 Replies View Related

Service Account Password

Jan 22, 2002

Folks,

MSSQLServer and SQL Server Agent services under NT are running under a system account under our domain (setup many moons ago) for which we have lost the passsword. Is there any way we can recover these passwords?


Thanks.

Sam

View 1 Replies View Related

Can&#39;t Set Up Start Up Service Account

Aug 25, 2000

Hi,

I am trying to set properties on a SQL Server7, but when I get to the tab for 'Startup Service account', it is greyed out. Also, the same for properties for SQL Server Agent.

Why can't I change it?

To schedule jobs, and have SQL mail, don't I need to set up a Startup Service Account?

Thanks for your help,
Judith

View 4 Replies View Related

Changing SQL Service Account

Mar 18, 2004

Has anyone ever converted from running SQL Server under the Local System account to running under a Domain User account?

I have often installed SQL using a Domain User account, but I am inheriting a couple of SQL Servers that were set up to run under Local System. I have never had to convert "on the fly" before.

If you have any input or insights, I would be grateful.

Regards,

hmscott

View 6 Replies View Related

SQL Service Account Permissions

Oct 2, 2007

I just set up a SQL 2005 Server about a month ago that we will be moving all of our scattered DBs onto. I basically set it up with the default settings and didn't touch anything special, until I tried to install Microsoft System Center Essentials 2007 in our environment. I had problems getting it to use our SQL server, and a forum post told me to change all of the service accounts for SQL to use the LocalSystem login. So here are my service accounts:

SQL Server Integration Services
- NT AUTHORITYNetworkService
SQL Server FullText Search (MSSQLSERVER)
- LocalSystem
SQL Server (MSSQLSERVER)
- LocalSystem
SQL Server Analysis Services (MSSQLSERVER)
- LocalSystem
SQL Server Reporting Services (MSSQLSERVER)
- LocalSystem
SQL Server Browser
- LocalSystem
SQL Server Agent (MSSQLSERVER)
- LocalSystem

So Sandisk makes this software called CMC. It's for controlling their enterprise USB drives. And their software won't install. It errors out saying that it couldn't drop the database on our SQL server (but it doesn't exist). If I make an empty DB by the same name, it sees it, and then errors out anyway. I am using the SA login for testing (I was using a purposed SQL account before) so I don't think it's a rights issue. Sandisk says it should work, and they suggested I use SQL server express. But we run VMs, and running SQL server in another VM is going to use more of our memory pool. Plus we want centralized backups and all that.

Do my service account logins have anything to do with it? Can someone tell me what these should be set to by default so I can change them back?

Here's a trace I did when I tried to install the software:

-- network protocol: TCP/IP
set quoted_identifier on
set arithabort off
set numeric_roundabort off
set ansi_warnings on
set ansi_padding on
set ansi_nulls on
set concat_null_yields_null on
set cursor_close_on_commit off
set implicit_transactions off
set language us_english
set dateformat mdy
set datefirst 7
set transaction isolation level read committed

set implicit_transactions on
go
drop database [CruzerDb]
go
IF @@TRANCOUNT > 0 ROLLBACK TRAN
go

And here's more info if needed:

Product Version
- 9.00.3042.00
Edition
- Standard Edition
Server Collation
- SQL_Latin1_General_CP1_CI_AS
Is Clustered
- No
Is FullText Installed
- Yes
Is Integrated Security Only
- No
Is AWE Enabled
- No
# Processors (used by instance)
- 2

View 2 Replies View Related

SQL Server Service Account

Jul 20, 2005

SqlServer2k is on the domain serverSqlServer2k is on a laptop tooI want to copy a database from the domain to the laptop over the networkusing the copy database wizard.I have done this before with no problem but this time I get thefollowing error:Your SQL Server Service is running under the local system account. Youneed to change your SQL Server Service account to have the rights tocopy files over the network.I went into the properties of MSSQLSERVER under Services andApplications and see no setting described.Where do manage the SQL Server Service?*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!

View 3 Replies View Related

Service Account And CLR Security

Aug 6, 2007


By default does CLR code run under the SQL Service Server account or the SQL Agent Service Account? Does anybody have a link to BOL or MSDN???

My assumption is its under SQL Server Service Account.

I'm trying to satisfy the DBA's security concerns in regards to CLR Code. If the account it runs under (Agent or service) has zero privliges will a dba still be able to maintain the server? Wouldnt all their backups work under a privilaged account that isnt the SQL Server Service Account?


Double posted in security.

View 6 Replies View Related

Creation Of Service Account

Jan 8, 2008

Hi,

I come from an Oracle background, and am having trouble getting to grips with SqlServer

I've installed SqlServer 2005 and created a Database called Midas, which is owned by SA

I've created a login called ServiceAccount. I want this login to have 'select', 'update' and 'insert' permission on specific tables in the Midas database. How do I do this?

View 15 Replies View Related

SSIS Service Account

May 12, 2006

Hi All,

I understand Sql Server Integration Services by default uses"NT AuthorityNetwork Service" account as service account. Is running SSIS using "NT AuthorityNetwork Service" account is good or should we create a domain account to run the SSIS service.

Regards, Balaji Thiruvenkataraju.

View 3 Replies View Related

Service Account In Setup

Mar 25, 2008

On the screen "Service Account" during SQL 2005 Developer Edition, I am choosing built-in System Account = Local System and uncheck the Customzie for each service account. that means, that this system account is set to all services,

Right?

please refresh my memory on this.

Thanks,

View 1 Replies View Related

Service Account Set During Install

May 11, 2007

I am trying to install an SQL Express 2005 instance and have the built-in system account set to "Local system" because I was having some security issues while trying to attach a database. Is there a command line switch that will allow me to do this?

If there isn't then I will have to make sure the clients uncheck the "Hide advanced settings" checkbox and I would rather not have them do anything but hit the next button.

View 5 Replies View Related

ASP.Net Service Account Gray Out

Jul 20, 2007

I am installing RS2005 on Windows server 2000 with IIS 5.0. Everything is fine in configuration tool except service account. It is empty. I have added ASPNET account in reportservice user group and tried to add <machinename>ASPNET to <WebServiceAccount>. It is still empty. Any idea?



Thanks.

View 5 Replies View Related

Installation Question - Service Account

Feb 19, 2007

Hi All,
 We are upgrading from Sql Server Express to SQl Server 2005. As part of the installation process, it is not asking us to specify a service account for various services, and we are not sure what to specify. (This was handled automatically with Express). Any ideas?
 Thanks.
 Claude.

View 2 Replies View Related

Startup Service Account Greyed Out - Why

Sep 11, 2000

I would like to enter info into the startup service account so that the MS
SQL Server Agent will run under this account. Then I can run jobs.

However, I don't know why the "startup service account" info is
greyed out, which prevents me from entering this information.

Any help would be appreciated!!

View 2 Replies View Related

Assigning Password To SQL Service Account

Jul 6, 2000

We have changed NT Administration Password. Now how to reassign the new password setting for sql server service account. As right now all schedule jobs are getting failed & needs to be executed manually.

Thanks in Advance

Manoj

View 1 Replies View Related

Service Account Password Change - Help!

Dec 3, 1999

Ugh! Someone changed the password of our SQL Server service account. It is called syssql, and it is used by the MSSQLServer and SQL Executive services to log in at startup. After the password was changed, we noticed that replication wasn’t running, and since I know that replication uses the Executive service, I restarted that service using the new password. That worked to get replication working again, and since the boxes were production machines I didn’t restart the MSSQLServer service with the new password yet. Now, our syssql account keeps on locking up every so often, and scheduled tasks that use xp_sendmail stopped working, and alerts stopped sending. Is this happening because of the MSSQLServer service still being logged in with the old password? I suspect that the SQL Mail logs in through the MSSQLServer service, which is still using the old password, and the login failures are causing the syssql account to lock. Any other ideas???

Cindy Rutherfurd
cindy.rutherfurd@zcsterling.com

View 2 Replies View Related

What Account Runs SQL Server Service?

Sep 18, 2001

We are debating whether to run the SQL Server service as Local System, a domain user without local admin rights, or a domain user with local admin rights. MSDN recommends local admin rights, but doesn't require them.
I would like to get some idea of how the real world handles this. If you run as a local admin, how do you handle the security implications? And if you run without local admin rights, what gotchas have you run into with extended stored procs, replication, etc?

Thanks,
Jerry Ratner

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved