Post reply

Switch from MSSQL SVC to MSA - Unable to start services

  • October 3, 2024 at 9:33 pm

    #4465079

    Using MSSQL 2019 standard edition

    It was installed using SVC Account. But now I want to switch from SVC to Managed Service Account.

    When I granted folder level permissions for NT SERVICE\MSSQL$SQLSERVER and NT SERVICE\SQLAgent, and tried to switch, it is throwing below error after starting agent. it shows like Services are started aling with agent but when I refresh, i see only agent is running. services are not

     

    Switched MSA on all logon parameters.

     

    error in event log:

    FCB::Open failed: Could not open file F:\log\SYSTEM\modellog.ldf for file number 2. OS error: 5(Access is denied.).

     

    Tried permissions for mssql and sqlagent and its provided with full control everywhere wherever required on all folders.

    Tried to grant permissions on Registry key

    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Microsoft SQL Server\<InstanceName>\SQLServerAgent"

    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\<InstanceName>\SQLServerAgent"

    But unable to locate SQLSERVERAgent on Regedit even after logging in as admin.

    used find option, no luck.

    How can I start the services?

    Same permissions worked on other servers.

    When I add MSA account or NT SERVICE\MSSQL and agent on local group admins, its working but I dont want to user those accounts as local admins

    Also, I added MSSQL and SQL Agent w on below places

    1. Adjust memory Quotas for process
    2. Bypass traverse checking
    3. Lock pages in memory
    4. log on as a service
    5. perform volume maintenance tasks
    6. replace a process level token

    Please help..

  • October 3, 2024 at 10:51 pm

    #4465094

    main question is HOW did you change the service account.

    If not through Configuration Manager, with a elevated account (Local admin, and maybe Domain admin depending on policies) then you are missing all the background stuff the CM does.

     

    the MSA also needs to be associated with the current server in order to be usable locally - this needs to be done as a Domain Admin. see https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/managed-service-accounts-understanding-implementing-best/ba-p/397009

     

  • October 4, 2024 at 3:50 pm

    #4465342

    Checked with Windows team and they confimed that everything is good with the MSA config, read write permissions.

    Not sure where I am going wrong. I tried to add MSA in place of SVC from SQL COnfig Manager

     

    This is the only error I am seeing now when I try to start the service

     

     

    Attachments:
    You must be logged in to view attached files.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply