November 24, 2008 at 1:59 pm
When trying to apply Microsoft Best practices I have created a service account for the SQL Server Service and the SQL Agent Service. These accounts have been given rights to access the server but are not part of the Local Admin Group. I then start the services with these account using Microsoft Configuration Manager. On other servers which I have done this the Configuration manager then go through and gives the service accounts the access it needs to run. However on this particular server when I try to start the services using these accounts I get "WMI Provider Error - Access is denied [0x80070005]". However if I add the accounts to the Local Administrator group I am able to start the services.
Can anyone help me with this.
Thanks
Don
November 29, 2008 at 1:54 pm
WMI is a bit of a funny animal, if you have an ms support contract I would give them a ring!
If you don't then I would run process monitor (get it from the ms web site) set up a filter on sqlsrvr.exe (or whichever service it is) - start the service and look for any ACCESS_DENIED's on either files or registry keys.
If you find any then these are the permissions you need to add - you should also compare the priviledges given to each of the machines, you can do this by logging on as the service account on each server and running gpresult /Z - if the failing server is missing any then add them in.
ed
November 29, 2008 at 1:54 pm
also - no matter how much work it is it is always worth setting it up securely instead of just adding them to the local admin account!!
December 3, 2008 at 1:32 pm
Ed thanks for the reply. Was not able to find anything with either of the tools listed above. Started looking at permissions and found the effective permissions in the registry \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList were not there for accounts except admins. Short story in the local user group this server had authinticated users and not domain users. Put domain users into the local users group and everything worked. 😀
January 15, 2009 at 10:22 am
I had that problem. The problem was that the user name text box contained ".\SQLServerAccount" and the "." was being used as the computer name or domain name by WMI when trying to change the password of that account. The fix is to remove the ".\" in front of the user name before
trying to change the passwords, or browse for the user name and click on Check Names, before returning to change the passwords.
December 9, 2010 at 1:50 pm
Just retyping any part of the account name works for me. This is less time than browsing.
July 13, 2011 at 9:59 pm
SQL-Service-Control is a handy tool that set service account/set service password...
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply