Post reply

Should you install AlwaysON via SQLSERVER service account ?

  • July 19, 2019 at 4:14 pm

    #3664577

    I have always used a service account so that both nodes were connected on an account that would not be removed or expired.

    If you install AlwaysON under your personnel domain account the availability account shows connection via your personnel account. Maybe this only used during the essential connection therefore it does not matter? I can not find any evidence to support the correct method.

  • July 20, 2019 at 5:10 pm

    #3664767

    Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • July 21, 2019 at 8:31 pm

    #3664886

    When you run through the wizard - the endpoint will be configured with your personal account.  This could cause an issue at some point when your credentials change.

    To avoid this - you can create your endpoints manually and grant connect to your service account prior to running through the wizard for the rest of the setup.  Or - you could script out the creation for all portions...

    USE [master]
    GO

         If Exists (Select * From sys.endpoints e Where e.name = 'HADR_Endpoint')
            Drop Endpoint [HADR_Endpoint];
         Go
         
    /****** Object:  Endpoint [Hadr_endpoint]    Script Date: 1/30/2015 9:18:37 PM ******/
    CREATE ENDPOINT [HADR_Endpoint] authorization sa
    STATE=STARTED
    AS TCP (LISTENER_PORT = 5022, LISTENER_IP = ALL)
    FOR DATA_MIRRORING (ROLE = ALL, AUTHENTICATION = WINDOWS NEGOTIATE
    , ENCRYPTION = REQUIRED ALGORITHM AES)
    GO

    You run the above on each node...then you run this on each node (changing the service account if each node has a different service account).

    GRANT CONNECT ON ENDPOINT::[HADR_Endpoint] TO [Domain\ServiceAccount]

    For example - if NodeA has ServiceAccountA and NodeB has ServiceAccountB then on NodeA you would grant connect to ServiceAccountB and on NodeB you would grant connect to ServiceAccountA.  If you have more than 2 nodes and each instance has its own service account you need to grant connect to every node.

     

    Jeffrey Williams
    “We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”

    ― Charles R. Swindoll

    How to post questions to get better answers faster
    Managing Transaction Logs

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply