Service Account - SQL service configuration Manager

Question

Service Account - SQL service configuration Manager

SQL_Surfer

SSCrazy Eights

Points: 8320
More actions
July 26, 2011 at 7:21 pm

#240585

One of our process access resources on shared network. We use xp_cmdshell through stored proc to access it. Stored proc is executed through a SQL job which runs under service account but once in a while it fails with the message "Access is denied"
I checked the SQL service configuration Manager and found out that MSSQLSERVER is set to LogOn as Local System Account. When I try to change this to service account, the account gets changed but SQL SERVICE AGENT stops.
Any help on this would be much appeicated.
SQL Surfer

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

Brandie Tarvin SSC Guru Points: 173061 More actions · Answer 1

Is there a problem with restarting SQL Agent? (which is required when you change accounts).

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

SQL_Surfer SSCrazy Eights Points: 8320 More actions · Answer 2

Yes. This is error logged in windows when I reattempt to start agent.

SQLServerAgent could not be started (reason: SQLServerAgent must be able to connect to SQLServer as SysAdmin,

but '(Unknown)' is not a member of the SysAdmin role).

- Win. SSCertifiable Points: 6790 More actions · Answer 3

If you change the SQL Server service account, change that to Agent as well and restart the services.

It should come up and running fine.

Is this SQL Service account, a windows account ?

Cheers,
- Win.

" Have a great day "

- Win. SSCertifiable Points: 6790 More actions · Answer 4

If you are on Win 2003 box, you can give a try ,

Administrative Tools -> Local Security Policy -> New window - >Local Policies -> User Rights Assignment - > Lock pages in memory Properties.

Add your AD user here.

Note : It doesn't work until a reboot

Hope this helps you..

- Win.

Cheers,
- Win.

" Have a great day "

Brandie Tarvin SSC Guru Points: 173061 More actions · Answer 5

SQL_Surfer (7/27/2011)
SQLServerAgent could not be started (reason: SQLServerAgent must be able to connect to SQLServer as SysAdmin,
but '(Unknown)' is not a member of the SysAdmin role).

Does the new account have permissions on SQL Server at all? What kind of permissions? What server & db roles is it a member of?

As Win asked, it needs to be a windows domain account. You can't use a SQL account to access off-server resources.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

Brandie Tarvin SSC Guru Points: 173061 More actions · Answer 6

- Win. (7/27/2011)
If you are on Win 2003 box, you can give a try ,
Administrative Tools -> Local Security Policy -> New window - >Local Policies -> User Rights Assignment - > Lock pages in memory Properties.
Add your AD user here.
Note : It doesn't work until a reboot

In my experience, an actual reboot is not necessary. However, a restart of the services is.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

SQL_Surfer SSCrazy Eights Points: 8320 More actions · Answer 7

SSC veteran, that worked. Thanks for your help. BTW, it didn't require a reboot.

Thanks again!!!!