May 6, 2008 at 4:59 am
For various reasons, I need to change the login that SQL Agent and SQL Server uses to run under. Changed SQL Agent first and it works fine, i.e. SQL itself is running under the old account, Agent under the new account.
When I go to change SQL itself, SQL fails to remain running. VIA is disabled on this server, so that should not be the issue, which is the only thing I could find using Google that would cause this problem.
Below is the entire log of this server attempting to start up using the new login, it seems to me that the login itself works as the server starts up, but then encounters problems and shuts down.
THanks for any help.
2008-05-06 05:24:05.48 Server Microsoft SQL Server 2005 - 9.00.3042.00 (Intel X86)
Feb 9 2007 22:47:07
Copyright (c) 1988-2005 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
2008-05-06 05:24:05.48 Server (c) 2005 Microsoft Corporation.
2008-05-06 05:24:05.48 Server All rights reserved.
2008-05-06 05:24:05.48 Server Server process ID is 2240.
2008-05-06 05:24:05.48 Server Authentication mode is MIXED.
2008-05-06 05:24:05.48 Server Logging SQL Server messages in file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'.
2008-05-06 05:24:05.48 Server This instance of SQL Server last reported using a process ID of 732 at 5/6/2008 5:21:34 AM (local) 5/6/2008 10:21:34 AM (UTC). This is an informational message only; no user action is required.
2008-05-06 05:24:05.48 Server Registry startup parameters:
2008-05-06 05:24:05.48 Server -d C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf
2008-05-06 05:24:05.48 Server -e C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG
2008-05-06 05:24:05.48 Server -l C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf
2008-05-06 05:24:05.49 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2008-05-06 05:24:05.49 Server Detected 4 CPUs. This is an informational message; no user action is required.
2008-05-06 05:24:05.54 Server Set AWE Enabled to 1 in the configuration parameters to allow use of more memory.
2008-05-06 05:24:05.79 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.
2008-05-06 05:24:05.79 Server Multinode configuration: node 0: CPU mask: 0x0000000a Active CPU mask: 0x0000000a. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
2008-05-06 05:24:05.79 Server Multinode configuration: node 1: CPU mask: 0x00000005 Active CPU mask: 0x00000005. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
2008-05-06 05:24:05.79 Server Attempting to initialize Microsoft Distributed Transaction Coordinator (MS DTC). This is an informational message only. No user action is required.
2008-05-06 05:24:06.81 Server Attempting to recover in-doubt distributed transactions involving Microsoft Distributed Transaction Coordinator (MS DTC). This is an informational message only. No user action is required.
2008-05-06 05:24:06.81 Server Database mirroring has been enabled on this instance of SQL Server.
2008-05-06 05:24:06.81 spid7s Starting up database 'master'.
2008-05-06 05:24:06.96 spid7s SQL Trace ID 1 was started by login "sa".
2008-05-06 05:24:06.98 spid7s Starting up database 'mssqlsystemresource'.
2008-05-06 05:24:06.98 spid7s The resource database build version is 9.00.3042. This is an informational message only. No user action is required.
2008-05-06 05:24:07.03 spid7s Error: 15466, Severity: 16, State: 1.
2008-05-06 05:24:07.03 spid7s An error occurred during decryption.
2008-05-06 05:24:07.04 spid10s Starting up database 'model'.
2008-05-06 05:24:07.04 spid7s Server name is 'DES-SQL2'. This is an informational message only. No user action is required.
2008-05-06 05:24:07.06 Server Error: 17190, Severity: 16, State: 1.
2008-05-06 05:24:07.06 Server FallBack certificate initialization failed with error code: 1.
2008-05-06 05:24:07.06 Server Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
2008-05-06 05:24:07.06 Server Error: 17182, Severity: 16, State: 1.
2008-05-06 05:24:07.06 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.
2008-05-06 05:24:07.06 Server Error: 17182, Severity: 16, State: 1.
2008-05-06 05:24:07.06 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1.
2008-05-06 05:24:07.06 Server Error: 17826, Severity: 18, State: 3.
2008-05-06 05:24:07.06 Server Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
2008-05-06 05:24:07.06 Server Error: 17120, Severity: 16, State: 1.
2008-05-06 05:24:07.06 Server SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
May 6, 2008 at 5:39 am
Seems like you didn't change the account through Configuration Manager.
When you install SQL2005 a service master key (SMK) for encryption is created. This key is then used to encrypt certificates and any other encryption keys. Because the SMK is somehow linked to the service account, changing this account can make the key invalid and can't open the certificates anymore.
When you change your service account through Configuration Manager SQL 2005 will take care of creating a new SMK, but changing the account through the Services mmc doesn't.
You may also wanna read in BOL about encryption and here[/url]
[font="Verdana"]Markus Bohse[/font]
May 6, 2008 at 6:39 am
I've tried it both ways, first using the configuration manager, then from Services, same problem either way.
One thing I did notice after original post. Whenever SQL tries to start using the new login, or if I try to login to the desktop using that login, it creates a new profile.... So in C:\Documents and Settings I have a series like this:
NewLoginName
NewLoginName.001
NewLoginName.002
etc.
Forwarded this to our networking team since I am sure both are symptopms of the same thing. The thing that really confuses me is that SQL Agent starts just fine.
May 6, 2008 at 9:59 am
Got it figured out!
Not enough space for the profile for the new account was the cause. I looked at the space and saw 400 mb available, didn't think space for the profile would be an issue....
May 6, 2008 at 12:20 pm
400 mb for a new profile seems more than enough space. Espescially for a new service account.
I would check the profile of the default user if it contains lots of temp files and other garbage.
[font="Verdana"]Markus Bohse[/font]
May 20, 2008 at 8:47 am
If your network uses roaming profiles, you could easily exceed 400M in one profile. I had problems with this at a previous employer, some people would take forever to log on to the network when they were using someone else's computer, the reason was the copying of lots of info across the network to establish the profile.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
May 20, 2008 at 10:02 am
Yeah we use roaming profiles. ONe would think they would exclude service accounts from that, but could note get my network people to say anything else than that roaming profiles is how they do things...
May 20, 2008 at 10:08 am
Roaming profiles aren't bad if your user base is static, i.e. they stay at one computer most of the time, which is pretty much the norm for most sites. The problem, as I understand it, is that it copies your "My Documents" to wherever you log in. So lots of disk space gets gobbled up with little control over it.
Myself, I don't store anything in My Computer, so it would actually prove beneficial to me. All of my work goes on a private network share, and file downloads go into a different directory on my local drive.
I'm pretty sure that it can be turned on and off on a selective basis, so your net admins should be able to turn it off for your service accounts. Then again, I haven't been a network admin for a few years and was never very knowledgeable about Active Directory, so I could easily be wrong.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
October 20, 2008 at 3:15 am
I am having a similar problem but my error is a little bit different:
Error: 17190, Severity: 16, State: 1
Fallback certificate initialization failed with error code: 1
Warning: Encryption is not available, could not find a valid certificate to load.
I have uninstalled and reinstalled SQL Server 2005 several times and it will work for a day and then give this error message in the logs.
October 20, 2008 at 4:53 am
MarkusB (5/6/2008)
400 mb for a new profile seems more than enough space. Espescially for a new service account.I would check the profile of the default user if it contains lots of temp files and other garbage.
I would agree. Check both the default user profile AND the profile of the service account. 400 MB, if it's just in the profile of the service account, woudl seem to indicate that account is being used for more than just running SQL Server. Roaming profiles or not, that seems too large.
K. Brian Kelley
@kbriankelley
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply