SQL 2012 :: Changing SA Account Name Causes Maintenance Jobs To Fail
Sep 23, 2014
SQL 2012 Standard on Windows Server 2012 Standard
After observing brute force attacks on our VPS myhosting instance against the SA login, I change the SA login name. Now my two new backup jobs are failing. The agent service logs in as NT ServiceSQLSERVERAGENT. Nothing changed there (so far as I know and I'm the only one who should be on the VPS). The job owner was SA and after changing the SA account that was reflected in the SSMS gui; job owner 'newsaname'. I'm sure I can just rebuild the maintenance plans but I'd like to know what happened.
Also, I would like to learn more about the brute force attacks and how to determine what port they are comming in on. I see an IP address associated with them. Does that mean they are coming in on 1433 or 1434?
SQL 2012 Standard VPS Windows 2012 Server Standard
I used the wizard to create maintenance plans on my SQL 2000 servers. Part of the plan fails (checking data and index linkeage) when the job runs in off hours. It fails because it says the DB is not in single user mode. Shouldn't something in the plan take care of this. The wizard gives you no options. Or is this a bug. These jobs ran fine in SQL 7
In the server agent properties I use the Test button and I receive the response. "Successfully started(and stopped) a mail session with this profile." Indicating that mail should work.
If I send a email notification from a scheduled job it gives me the error: NOTE: Failed to notify 'operations' via email
In the SQL Server Agent Error log I get. "[264] An attempt was made to send an email when no email session has been established"
Hi, I have a scheduled maintenance plan that backs up my database (SQL 2000). The db is 108 Meg. Usually the backup files are around 89 Meg and the transaction log backups are around 4.5 Megs.
The problem is that every once a while the backup fails with the following error:
[Microsoft SQL-DMO (ODBC SQLState: 42000)] Error 3202: [Microsoft][ODBC SQL Server Driver][SQL Server]Write on 'C:Program FilesMicrosoft SQL ServerMSSQLBACKUPCRM_db_200312230100.BAK' failed, status = 112. See the SQL Server error log for more details. [Microsoft][ODBC SQL Server Driver][SQL Server]BACKUP DATABASE is terminating abnormally.
What usually happens is that the last backup that has failed has a size of 9 or 8 Gigs!
My guess is that a backup file gets corrupt (the size increases to 8 Gigs) and the server runs out of space and won’t be able to do more backups. However I can’t figure out why the backup file size increases to and gets corrupt.
Today when I came into work, I noticed all of my jobs failed on a particular server. I tried to manually kick off the packages, but to no avail. Both the job history and the error message from the packages state a timeout error. Any idea on this? Also, I have no problem running a query from query analyzer...even on a remote machine. Any help would be appreciated Trevor
The SQL Server Agent process is running. When I use EM to start a database integrity check job, it fails with an error message of 22029 and the following:
[LOG] SQLServerAgent security context does not have server-autorestart privileges
I can not find error 22029 in Books on Line. I will go to Microsoft Knowledge base and research this problem.
In the mean time if someone can help, it is much appreciated.
It is our yearly procedure to change the sa password. This time we do it for the first time in ss2005. After changing the sa password, all jobs fail with the following error:
MessageLogin failed for user 'sa'. [CLIENT: <local machine>] MessageError: 18456, Severity: 14, State: 8.
When i check the properties of the job i can see (in the general tab) that all jobs are running through Windows authentication.
Any newly created jobs run successfull. What do i do wrong?
Running MSSQL 2000 on Windows2000 in an NT domain. We have several jobs created by the web assistant wizard. They run along just fine for days or weeks, then all of a sudden SOME of them (?!) begin to fail with the message "Unable to perform a SETUSER to the requested username 'dbo' because the username is invalid for database 'xxx'" where xxx is of course the db where the proc resides. SQLAgent service is running as a domain admin and has not changed; job is owned by sa and has not changed; the domain admin in question is in sa role and has not changed. Something sure has changed, but what? Sometimes when this happens we can clear it up by deleting the web job and simply re-creating it. Today we have three culprits and none of our usual tricks are working. Why does this happen? How can we fix it? How can we PREVENT it! Thanks for any words of wisdom out there.
After upgrading a server from SQL 2000 to SQL 2005, I can't get any SQL Agent jobs to run, giving logon failed messages. MSSQLSERVER and SQLSERVERAGENT services are set up to run as the same domain account which has administrative rights to the server and is a SQL login with the sysadmin role. For basic testing purposes, I created a test job that all it does is run a T-SQL command 'SELECT @@VERSION'. The job is also set to run as the same account that the Agent is running under. Below are the logs (with trace messages on) from the point of starting the Agent to my attempt to run the job (user and server names have been changed to protect the innocent):
2007-10-22 15:31:15 - ? [297] SQLServer Message: 15457, Configuration option 'show advanced options' changed from 0 to 1. Run the RECONFIGURE statement to install. [SQLSTATE 01000] (DisableAgentXPs)
2007-10-22 15:31:15 - ? [297] SQLServer Message: 15457, Configuration option 'Agent XPs' changed from 0 to 1. Run the RECONFIGURE statement to install. [SQLSTATE 01000] (DisableAgentXPs)
2007-10-22 15:31:15 - ? [297] SQLServer Message: 15457, Configuration option 'show advanced options' changed from 1 to 0. Run the RECONFIGURE statement to install. [SQLSTATE 01000] (DisableAgentXPs)
2007-10-22 15:31:15 - ? [100] Microsoft SQLServerAgent version 9.00.3042.00 (x86 unicode retail build) : Process ID 5168 2007-10-22 15:31:15 - ? [101] SQL Server TESTSERVER version 9.00.3042 (0 connection limit) 2007-10-22 15:31:15 - ? [102] SQL Server ODBC driver version 9.00.3042 2007-10-22 15:31:15 - ? [103] NetLib being used by driver is DBNETLIB.DLL; Local host server is 2007-10-22 15:31:15 - ? [310] 4 processor(s) and 3328 MB RAM detected 2007-10-22 15:31:15 - ? [339] Local computer is TESTSERVER running Windows NT 5.2 (3790) Service Pack 2 2007-10-22 15:31:15 - ? [431] Populating subsystems cache... 2007-10-22 15:31:15 - ? [432] There are 11 subsystems in the subsystems cache 2007-10-22 15:31:15 - ? [124] Subsystem 'TSQL' successfully loaded (maximum concurrency: 80) 2007-10-22 15:31:16 - ? [124] Subsystem 'ActiveScripting' successfully loaded (maximum concurrency: 40) 2007-10-22 15:31:16 - ? [124] Subsystem 'CmdExec' successfully loaded (maximum concurrency: 40) 2007-10-22 15:31:16 - ? [124] Subsystem 'Snapshot' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [124] Subsystem 'LogReader' successfully loaded (maximum concurrency: 100) 2007-10-22 15:31:16 - ? [124] Subsystem 'Distribution' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [124] Subsystem 'Merge' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [124] Subsystem 'QueueReader' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [124] Subsystem 'ANALYSISQUERY' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [124] Subsystem 'ANALYSISCOMMAND' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [124] Subsystem 'SSIS' successfully loaded (maximum concurrency: 400) 2007-10-22 15:31:16 - ? [129] SQLSERVERAGENT starting under Windows NT service control 2007-10-22 15:31:16 - + [260] Unable to start mail session (reason: No mail profile defined) 2007-10-22 15:31:16 - ? [174] Job scheduler engine started (maximum worker threads: 400) 2007-10-22 15:31:16 - ? [193] Alert engine started (using Eventlog Events) 2007-10-22 15:31:16 - ? [146] Request servicer engine started 2007-10-22 15:31:16 - + [396] An idle CPU condition has not been defined - OnIdle job schedules will have no effect 2007-10-22 15:31:16 - ? [110] Starting SQLServerAgent Monitor using '' as the notification recipient... 2007-10-22 15:31:16 - ? [133] Support engine started 2007-10-22 15:31:16 - ? [167] Populating job cache... 2007-10-22 15:31:16 - ? [297] SQLServer Message: 0, SQLServerAgent Monitor started successfully. [SQLSTATE 01000] 2007-10-22 15:31:16 - ? [168] There are 2 job(s) [0 disabled] in the job cache 2007-10-22 15:31:16 - ? [170] Populating alert cache... 2007-10-22 15:31:16 - ? [171] There are 0 alert(s) in the alert cache 2007-10-22 15:32:59 - ? [177] Job Test1 has been requested to run by User DOMAINmyaccount 2007-10-22 15:32:59 - ! [382] Logon to server 'TESTSERVER' failed (ConnAttemptCachableOp) 2007-10-22 15:32:59 - ! [382] Logon to server 'TESTSERVER' failed (ConnAttemptCachableOp) 2007-10-22 15:32:59 - ! [382] Logon to server 'TESTSERVER' failed (ConnAttemptCachableOp) 2007-10-22 15:32:59 - ? [184] Job completion for Test1 is being logged to sysjobhistory 2007-10-22 15:32:59 - ! [382] Logon to server 'TESTSERVER' failed (ConnAttemptCachableOp)
Hi Recently I have moved sql 2005 from one box to another with bigger hdd space and more memory. Since then I am getting the attached error message when I Execute all the job.
I am migrating the SQL server 7 to SQl server 2005 (side by side upgrade).... I copied all the jobs including the maintenance jobs .is that the right way ? do we need to copy the maintenance jobs as well ??? or do we have to create the maintenance plan which will create the new jobs itself ????? please Guide ....... its urgent ....
I've just set up 2 new SQL 7.0 servers, and my new maintenance jobs - backups, optimisations, consistency check jobs etc - are all mysteriously failing. I've created them both with the Maintenance Wizard, and again by hand. I've attempted manual and scheduled runs. All to no avail. Nor do they populate the sysmainthistory table, although they're configured to do so. The mystery is that we have successfully installed some user DTS processes, and THEIR jobs work. In order to resolve the problem, I've:
(1) ensured the Agent service is running;
(2) ensured adequate space on the drive etc;
(3) verified that sqlmaint.exe exists in Mssqlinn;
(4) unchecked the 'attempt to repair minor errors' box (I read this was a known cause of the problem);
I've got some clues to go on, but nothing conclusive;
'sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.'
Executed as user: NT AUTHORITYSYSTEM. sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.
Additionally, both servers hold databases that I imported from another server-INCLUDING the msdb, and BOTH have the same problems and same error messages. This cannot be a coincidence.
2 SQL2000 ent sp4 servers. Try to 'one step' to export all jobs and related maintenance plans from serverA to serverB, via backup msdb from A and restore to B.
After restore msdb to serverB, I saw all jobs and related maintenance plans, but the jobs are not runable.
Do I have to save jobs scripts one by one from A, then rerun on B one by one?
I recently changed the SA password on my SQL Server 6.5 installation and discovered that this had caused the Scheduled CmdExec Tasks (defined in SQL Executive) to fail with:
"Process Exit Code 1. Microsoft (R) SQLMaint Utility, Version 6.50.240 Copyright (C) Microsoft Corporation, 1995 - 1996 [Microsoft SQL-DMO] Error 4002: [SQL Server] Login failed"
Changing the password back to the original resolves the problem, but is a less than satisfactory solution.
Any advice on how I can change the SA password and allow CmdExec tasks to continue running would be gratefully appreciated.
I'm working with SQL 2000 and am just learning about Maintenance Plans (MP). They seem convenient, but after some time, I'm wondering if they're the best approach long-term. Here are my experiences.
Using the MP Wizard, I created a plan with tasks from all the dialogs:
I was puzzled to find 4 jobs were created, each with just 1 step, and staggered starting times. I expected to find 1 job with 4 steps. So, brimming with confidence, I did just that. I combined all 4 into 1 job, deleted the 3 other MP created jobs, and checked for any job-specific details in the code. However now when I open the MP, I get this pop-up:
"One or more of the jobs created for this plan has had additional steps added to it. It is not recommended that jobs created by the maintenance plan be modified in any way."
Okay, fair warning. Yet it appears the job and all steps run successfully, both on demand, and on a schedule. So now I'm wondering if jobs always need a MP. If I don't mind working with xp_sqlmaint syntax, it appears the only thing I'm giving up is the MP history. But I expect job history and '-WriteHistory' will minimize that loss.
I searched BOL, this Forum, and Google, and found a couple articles. One author preferred the ease of the Wizard, another preferred the control and added features of T-SQL, but both created a MP in their examples. So I'm hoping some experienced DBAs can advise.
If I create a job with multiple steps, and no MP, are there important things I give up or problems I create? Is this approach a bad idea in SQL 2005?
At this stage, I don't need replication or other advanced features. Just simple database maintenance.
Has anyone ever converted from running SQL Server under the Local System account to running under a Domain User account?
I have often installed SQL using a Domain User account, but I am inheriting a couple of SQL Servers that were set up to run under Local System. I have never had to convert "on the fly" before.
If you have any input or insights, I would be grateful.
Environment: SQL Server 2005 Enterprise Edition x64, 3 server cluster. Two active servers with seperate instances and one passive server. SQL Server was installed on the two active servers.
Problem: When I fail over either of my instances to the passive server in the cluster my maintenance jobs fail to run and there are error messages in the application event viewer "SSIS Subsystem failed to load". I am guessing that all of the needed components are not installed on the passive server? Is this a close guess? If so, exactly what components are missing and do you have to have another license to install them?
I need to replace the operator in about 50 jobs on several servers because the old operator has left the company. Does anybody know an easy way how to do this without going through all the jobs one by one ?
I have a SQL 2000 (SP3) running on a Windows NT 4.0 (SP6) box used in our test environment. The SQL Server was configured to run under the local system account before I got here. In an effort to standardize things, I tried changing the SQL Service account to run under a designated domain user account purpose built for the job. We use this particular account for all of our new-build servers (which are W2K). This domain account is configured to be a "Power User" on the NT 4.0 Server in question.
Soon after changing things over to run under the new account, all the developers complained that they could no longer connect to the server. I could through QA and EM, but none of the developers could.
The developers are using WebLogic and JDBC drivers for the most part. I wasn't aware that the SQL Server service account affected client connectivity. Was I wrong or is there something else at work here?
We are running SQL Server 2000 on two servers and when they were built, the same domain account was used for all installations, and the MSSQLSERVER and SQLServerAgent services run logged in as that same account. That account is also the dbo of all the SQL databases. We now need to change the password and possibly disable that domain account.
What do we need to do to make sure the SQL Servers and databases continue to run without problems after making the password change and/or disabling the account?
I installed SQL Server 2005 Express Edition. When I try changing the account name, password in the SQL Server Configuration Manager, i.e. by clicking on Apply, the SQLEXPRESS restarts and the password gets replaced by a longer password. Also the user name gets prefixed with "./". Any help on this will be highly appreciated.
Another query: Do we have the query analyser (gui or command line) kind of thing in Express Edition? Also where can I get a proper documentation of doing elementary things in setting up a database, like creating a database, adding a user, etc)
Guys, I have got WINDOWS 2000 Advanced Server and MS SQL SERVER 7.0 running on my live server. Now when we are planning for replication, we have found that SQL server will require to run under a domain account. At the moment there are so many ASP pages running on our server accesses different databases created using SQL server 7.0. Most of them are DSN connections to the database. Now if i create a domain account and restart the server and MS SQL services with the domain account, how is it going to effect the current web pages running on it? Any help will be greatly appreciated. Thanks
We find that if we deploy the OLAP database with a different name on the test server, then regardless of how we change the connection string provided to the SSIS package that processes the cube, then the package fails to connect to the database. To clarify:
In development the OLAP database is called MyOlapDB and the source database is called MySqlDB. Both are on the same machine. When the the application is built and released for test, the test team install the databases on a replica of the production environment (i.e. web app on one machine, OLAP DB on another and SQL database on yet another). They also, quite rightly, implement the new test databases so they incorporate the build version number. So, MyOlapDB123 and MySqlDB123 are both from build 123.
This is when the problems start. Regardless of how the connection string is specified in the job that processes the cube, the SSIS integration package fails with the error:
[Analysis Services Execute DDL Task] Error: Errors in the metadata manager. Either the database with the ID of 'MyOlapDB' does not exist in the server with the ID of 'OurTestServer', or the user does not have permissions to access the object.
We have tried config files and job properties, but neither work. Also, simply attempting to run the package using the DTEXECUI does not work either.
Looking inside the XML of the package, we clearly see the ConnectionManager object which has the original connection string, which is
Data Source=localhost;Initial Catalog=MyOlapDB;Provider=MSOLAP.3;Integrated Security=SSPI;Impersonation Level=Impersonate;
However, editing the initial catalog here still does not solve the problem. Searching the XML for the string MyOlapDB reveals the OLAP database name in two other places - both within the object data of the two Analysis Services Execute DDL tasks.
Anyone know how to solve this problem without having to hack the XML of the package?
Hello. I am using SQL Server Management Studio (SQL 2005) and created a daily backup job. Inside the job, i have an "Operating system" step to copy backuped up files onto another directory. However, the job kept on failing with an error "Executed as user ... Access is denied." With this error, how can i change the user used to execute the job? Thanks.
I've run into a problem attempting to change my service account on the clustered servers from an administrative account to a non-privileged account under SQL Server 2005 Enterprise Edition. When I change the login properties in Configuration Manager I get the following error:
"The user already belongs to this group"
I'm then prevented from making any changes to the service account. I don't know what I'm supposed to do at this point to resolve the problem, so any assistance will be greatly appreciated.
If you were to do a fresh install it would set permissions on the disk so everything just works.
Now when changing the service account (e.g. to a domain user) use the configuration manager, does it do the same magic (possibly sans if the database data/log files are on another disk)? Or do you need to trawl through the dozens of folders and assign rights manually?
I'm trying to figure out a way to automatically restart the SQL Agent service when an AG fails over to a secondary node. I've created a job on each AG node that runs every 15 seconds and detects when a fail over has happened. It then issues a SQL Agent stop command and then a SQL Agent start command. The problem is that once the stop command happens the start command never fires because the SQL Agent is now stopped.
My environment is a 64 bit Windows Server 2012 Standard edition that is running SQL Server 2012 SP1 Standard Edition (64 bit) which has an Active Passive Cluster set up and I unfortunately had no involvement in this cluster build. The person who did is no longer with the company and is not responsive to questions.
This morning this following errors popped up:
Event ID: 1230 - Cluster resource 'Databases' (resource type 'Physical Disk', DLL 'clusres.dll') did not respond to a request in a timely fashion. Cluster health detection will attempt to automatically recover by terminating the Resource Hosting Subsystem (RHS) process running this resource. This may affect other resources hosted in the same RHS process. The resources will then be restarted.
The suspect resource 'Databases' will be marked to run in an isolated RHS process to avoid impacting multiple resources in the event that this resource failure occurs again. Please ensure services, applications, or underlying infrastructure (such as storage or networking) associated with the suspect resource is functioning properly.
Event ID: 1146 - The cluster Resource Hosting Subsystem (RHS) stopped unexpectedly. An attempt will be made to restart it. This is usually associated with recovery of a crashed or deadlocked resource. Please determine which resource and resource DLL is causing the issue and verify it is functioning properly.
When I saw these errors, I brought the "Databases", "Logs", and "Quorom" disks back online and all was well. I then proceeded to check Application and System Logs noticing there where some VMWare/SAN errors that caused the CPU spike resulting in the Cluster errors.
Regarding the questions, why didn't a failover occur and What can I do to mitigate this process are now what I am focusing on. Researching the above errors, I discovered that you could a policy based what happens in a situation like occurred this morning. You can set policies at the Role level, "Server" level, and at the disk level.
The Role Policy seems to be a little less involved, screenshot RoleProperties.png show these. I assume these are defaults. The server name properties are set to the following screenshot, Servername_Properties_Policy.png. This seems to be correct to me, but there is where I am lacking. I think this means that if it fails at this level all associated resources, disks, etc will failover to node 2.Now where I think the issue is, the third screenshot, Database_Properties_Policy.png. There is no policy set to for situation where a disk resource fails. Which I believe is what happened this morning. Some questions:
1. Do I need to set this similar to what is in the ServerName screenshot? 2. What happens if I check the box for "If restart is unsuccessful, fail over all resources in the role"? Will this only fail over this one disk? If so, it doesn't seem like that would be ideal. Would it fail over at the Role level and move over all associated resources?
I am also not sure what time limits I should set for Period restarts, maximum restarts, delay between restarts, etc...
I have configured three transactional replication one from DC - Data center & DB for database
DC1-DB1 to DC2-DB1 -- 1 DC2-DB1 to DC2-DB2 --2 DC2-DB2 to -DC2-DB3 --3
Before synching the data on DC2 databases I wanted to truncate / drop the objects on 1 and 2 setup as these are already participating in replication. Setup 1 and 2 are publisher as well as subscriber. I am not able to reinitialize these tables on these setup. I cannot use SSIS.