I use my DOMAINuserid account for starting/stopping the SQL services. This account has an account on our mail domain as well for sending alerts.
while on vacation, the password wa changed on this account. now that account continually gets locked up and things fail. I've gone on all the servers (~5) and changed this account password. But the NT account continues to lock up.
I've disabled all the SQL jobs that were scheduled to be running, thinking that this might be the problem? Does SQL cache the password?? I doubt it?
Any where else I can look other than taking down all the databases and resetting the passwords on mssqlserver and sqlagent services.
I've got an INSERT that's selecting data from a linked server and attempting to push 10 million rows into the blank table. More or less, it looks like this:
The instance of the SQL Server Database Engine cannot obtain a LOCK resource at this time. Rerun your statement when there are fewer active users. Ask the database administrator to check the lock and memory configuration for this instance, or to check for long-running transactions. There are no other active users. I ran it again and monitored the following DMO to watch the growth of locks for that spid:
SELECT request_session_id, COUNT (*) num_locks -- select * FROM sys.dm_tran_locks --where request_session_id = 77 GROUP BY request_session_id ORDER BY count (*) DESC
The number of locks started small and held for a while around 4-7 locks, but at about 5 minutes in the number of locks held by that spid grew dramatically to more than 8 million before finally erroring again with the same message. Researching, I can't figure out why it's not escalating from row locks to table locks at the appropriate threshold. The threshold in was set to 0 at first (Server Properties > Advanced > Parallelism > Locks). I set it to 5000, and it still didn't seem to work. Rewriting the INSERT to include a WITH (TABLOCK) allows it to finish successfully in testing. My problem is that it's coming out of an ETL with source code that I can't edit. I need to figure out how to force it to escalate to locking the entire table via table or server level settings.
A colleague suggested that installing service packs may take care of it (the client is running SQL Server 2008 R2 (RTM)), but I haven't found anything online to support that theory.
We are migrating our database(s) from ORACLE to SQL. In Oracle we were able to issue a SELECT statement and see all of the locks (Blocking and Non-Blocking) currently in the system. The query also included the Process ID of the process we needed to kill in order to get rid of the lock.
We now need to create the same type of query for Microsoft SQL Server 2012. I have seen postings on different sites saying that this info can be obtained using SP_WHO2 or using the SQL Server Management Studio Activity Monitor's PROCESSES tab, but we are looking for a SELECT statement that will give us similar information.
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
I want to remove the SQL Services account from the Local Adminstrators group of the server, so that it cannot be used to login, (using trusted sa).
I have removed from administrators in user manager, granted the account the rights to login as a service, edited the permissions on HKLMSoftwareMicrosoftMSSQLServer, HKLMSoftwareMicrosoftWindowsNTCurrentVersionPerlib , HKLMSystemCurrentControlSetServicesMSSQLServer for the account.
SQL now runs with the service account stopping and starting SQL services, but any Scheduled Tasks on the server do not run.
Any ideas what I can do to get the tasks to run, without adding the service account as an administrator on the server?
I am trying to access SSIS packages saved to the server from either the SSMS or from BIDS, and I only have a SQL Server account on the server--there is no option on either of those clients to enter a SQL Server account, only windows authentication is available--is this by design?
I've done some searching, but have found no definite answer yet. Our SQL 2005 servers are members of Active Directory Services. We want to run SQL services using an ADS account.
I see 7 SQL services in the SQL Server Configuration Manager: Integration Services, FullText Search, SQL Server, Analysis Services, Reporting Services, Browser, and Agent.
Question: Is it a bad move to run them all using the same domain account? I mean, wouldn't this give, say the Browser service, more privileges than it needs by allowing its account access to the same resources as, for example, the Agent service? What I'm concerned about is a vulnerability in one service compromising another service.
I would like to be able to use one domain account for all 7 services on two SQL servers, but I have a feeling this is a poor choice.
What is the best method for running SQL services using a domain account?
A former Network Manager setup the Sql Server Services NT Domain account. I need the password to set it up on our MS Exchange server, should I change the password or create a new domain account. How can I find out if there is no other applications using the service account in our domain, since the new Network manager doesn't know the password. What happens if I change the password.
We may need to change the account presently used to run the Windows Service "SQL Server Integration Services".What are the implications of making such a change?
I have a question about ssrs security. In report manager I have set a list of users as browsers, and the builtin administrators are content manager in the parent folder where reports are. A user that is not an administrator and neither a user I added, has access to reports.
I'm thinking this person is having access because the data source of the reports use a administrator account to connect to the analysis services using the option Credentials stored securely in the report server with the 2 checkboxes marked (use as windows credentials when connecting to the data source and impersonate the authenticated user).
I simply marked this option because SSRS is in 1 server and SSAS in other and I think kerberos need to be configured and I haven't looked into it, but I think the report access is separated from the data source.
I have an instance of SSRS that will not run my report subscriptions if it is using a dedicated domain account I made for the express purpose of using it to run this service.
If I have SSRS use my personal domain account as the service account, my subscriptions run correctly. If I have SSRS use this other domain account, the subscriptions do not run.
What else do I have to configure to make this run correctly not on my personal account?
Error message below.
"ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: AuthzInitializeContextFromSid: Win32 error: 5; possible reason - service account doesn't have rights to check domain user SIDs., Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error. ;"
I running SSIS package job without sql agent , it is working fine.when i am running through sql agent not running.
created Proxy account job failed and give above error. Server is cluster and taking data from desktop. server is in one domain and desktop in another domain.
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account they fail with this error. " Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Basically a dts package has been setup that pulls in data from another companies server, this data requires to be on-demand i.e individual users can pull in updates of the data when they require it.
I am using xp_cmdshell and dtsrun to pull in the data. This obviouly works fine for me as i am a member of sysadmin.
Books online quotes " SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell"
So i went to the SQL Server Agent Properties 'Job System' tab and unchecked 'Non-sysadmin job step proxy account' and entered a proxy account.
The proxy account has been setup as a Windows user with local administrator privilages and even a member of the sysadmin server role - just in case.
Now when i log onto the db with my test account - a non-sysadmin - and attempt to run the stored proc to import the data i recieved the message 'EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo' '
hmm... so basically i have either misunderstood BoL or there is something not quite right in my setup.
I have search the net for a few days now and yet i can find no solution.
Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
I have a situation that I have discovered in our QA database that I need to resolve. When I looked at the Activity Monitor for our server, I discovered that a process is running under a domain user account for one of our .Net applications. The problem is that that domain user account has not been created as a SQL login account on the server. I am trying to figure out how someone can log in to the database server with a domain user account that has not been added to SQL Server as a login account.
Does anyone have any insight on this? I don't like the idea of someone being able to create domain account that can access the database without me granting them specific access.
I have read that even during read procedures (sql select statements), sql server uses row locking. I know that you can use the NOLOCK keyword, but if you don't everytime that a user makes a selects statement on a table, does sql server really lock those rows, and if so are they then unavailable to another user who wants to make a select statement at the same time on that same table? That does not seem like it would be the case otherwise it would not scale well. Thanks for any clarification on this.
I am using SQL Server7.0. I opened a table through the Enterprise Manager and left it open. In the Query Analyzer when I try to update a field on that table(more than 2000 rows), it goes on running. When I watched the Current Activity, it shows that the update process is being blocked by the select query. But if I try to update the same column for less than 1500 rows, there is no blocking issue and the update occurs immediately. Can anybody let me know why this is happening and what should I do to prevent it?
To I got the following error message. Can some one tell how to solve this issue.
Server: Msg 1204, Level 19, State 1, Procedure OPEN_OBJECTS, Line 2 SQL Server has run out of LOCKS. Rerun your statement when there are fewer active users, or ask the system administrator to reconfigure SQL Server with more LOCKS.
Hi I have a big query which updates around 14000 rows at a time if i place a lock on the table and others try to update the same table is it possible to let them know that table is locked by someone else.
I have a stored proc which will be entering/updating a record into a table. The table's key is an integer field which I may have to increment by one. I know I can use
declare @nextid int set @netxid = max(id) from table insert @nextid into table Is some kind of lock the best way to approach this?
I Have 359 locks on MY Database ,They are always there on my DB.The DB is a development database and lots of summary Stored procedures will be running on this DB. Does it effect the performance.How can I remove those locks. Thanks.
Hi I want to write all my select ststements using locks how i should write a select ststement using locks i searched for examples but iam not getting the syntax Plz give me one example for select statements using locks
