Post reply

NT Authority/System User failed to open Model database

  • April 23, 2022 at 10:10 pm

    #4021147

    Hi,

    I am seeing messages every day failed to open explicitly specified database model for the user NT Authority/System  [Client: Local machine]. We don't have any jobs that run with that NT Authority/System . All jobs are running as sa only. I verified that there are no linked servers created. We have the 3rd party monitoring tool. Monitoring tool is enabled in all our production servers (About 30). I am not seeing this message in other servers. Is there any way to find which one causing the issue with out running trace. How do we know what other resources will be using the SQL Server using that account.

  • April 24, 2022 at 11:10 pm

    #4021489

    Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • May 2, 2022 at 5:16 pm

    #4025564

    Any service running on the local server as "Local System" trying to access databases will show up as "NT Authority/System" in the SQL logs.

    In my experience the cause is usually either some monitoring software, configuration management software, or a 3rd party backup tool.

    Over the years my DBA team has had a lot of issues with local techs at remote sites "helping" by turning on some database backup features on their local backup software.  Usually the access to SQL for backup software like that is via the "SQL Server VSS Writer" service which by default runs as Local System and starts Automatically.  If "NT Authority/System" has any rights to individual databases in SQL the 3rd party backup software will back them up (breaking the backup chain for our standard SQL backups).  Any databases where it doesn't have rights will get the message you describe.  Our solution has been to shut down and disable the "SQL Server VSS Writer" service on all servers.

     

     

  • May 7, 2022 at 11:06 pm

    #4028810

    We have 3rd party monitoring & backup tool. In other servers not seeing this problem

  • May 7, 2022 at 11:37 pm

    #4028832

    ramana3327 wrote:

    All jobs are running as sa only.

    Just to ask the question, you DO have the "sa" login disabled, correct?  And, yes, jobs can still run with sysadmin privs even when the "sa" login is disabled.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply