June 13, 2012 at 8:58 am
Hello,
we have a cluster server and it is running on a domain login clusteradmin do we have to give access to sql server to have the cluster services running properly, if yes what are the permissions.
thanks is advance.
Regards
Durai Nagarajan
June 15, 2012 at 5:04 am
experts advice pls..
Regards
Durai Nagarajan
June 15, 2012 at 5:07 am
you should have one clusteradmin group first.
this group will be the parent for your "sql admin group" and "sql service account"
----------
Ashish
June 15, 2012 at 5:26 am
in my organization sql service and cluster services are running on different domain users, do you mean to say both of them belong to same cluster group.
and cluster user should be sysadmin is this correct?
Regards
Durai Nagarajan
June 18, 2012 at 2:01 am
advice pls?
Regards
Durai Nagarajan
June 20, 2012 at 4:04 am
Clusteradmin account should have public access on SQL Server
Dinesh
June 20, 2012 at 5:06 am
Thanks dinesh.
Regards
Durai Nagarajan
June 21, 2012 at 8:06 am
Dinesh-277232 (6/20/2012)
Clusteradmin account should have public access on SQL Server
Our ClusterAdmin account doesnt have any access to SQL. The services are set with our domain credentials for the SQL service account..... Why would you need anything else?
Adam Zacks-------------------------------------------Be Nice, Or Leave
June 21, 2012 at 8:20 am
Schadenfreude-Mei (6/21/2012)
Dinesh-277232 (6/20/2012)
Clusteradmin account should have public access on SQL ServerOur ClusterAdmin account doesnt have any access to SQL. The services are set with our domain credentials for the SQL service account..... Why would you need anything else?
In our environment we have two domain users one for SQL services and another for cluster.
i am planning to revoke the access and configure the same with SQL services user. i am not expert in clustering environment so want to know what permission does the cluster services user in SQL server , so that i can proceed with my changes.
Regards
Durai Nagarajan
June 21, 2012 at 8:25 am
durai nagarajan (6/21/2012)
Schadenfreude-Mei (6/21/2012)
Dinesh-277232 (6/20/2012)
Clusteradmin account should have public access on SQL ServerOur ClusterAdmin account doesnt have any access to SQL. The services are set with our domain credentials for the SQL service account..... Why would you need anything else?
In our environment we have two domain users one for SQL services and another for cluster.
i am planning to revoke the access and configure the same with SQL services user. i am not expert in clustering environment so want to know what permission does the cluster services user in SQL server , so that i can proceed with my changes.
Ours doesnt have any at all!
Adam Zacks-------------------------------------------Be Nice, Or Leave
June 21, 2012 at 8:29 am
Schadenfreude-Mei (6/21/2012)
Our ClusterAdmin account doesnt have any access to SQL. The services are set with our domain credentials for the SQL service account..... Why would you need anything else?
So that the cluster can periodically connect to SQL Server and verify that it's still alive. You just need to create a login in your SQL Server instance for the cluster account - you do not need to assign any permissions or database access.
John
June 21, 2012 at 8:36 am
John Mitchell-245523 (6/21/2012)
Schadenfreude-Mei (6/21/2012)
Our ClusterAdmin account doesnt have any access to SQL. The services are set with our domain credentials for the SQL service account..... Why would you need anything else?So that the cluster can periodically connect to SQL Server and verify that it's still alive. You just need to create a login in your SQL Server instance for the cluster account - you do not need to assign any permissions or database access.
John
Hey John,
Thats interesting cause the cluster account DOM\sys_cluster doesnt have any login in SQL. HOWEVER! We havent yet managed to diable BUILTIN\Admin and DOM\sys_cluster is a local admin.
So i guess thats why it works (this i did not know). Good to know cause we will shortly be going 2k8r2.
Thanks John.
Adam Zacks-------------------------------------------Be Nice, Or Leave
June 21, 2012 at 9:16 am
Happy to help, Adam. I've done a bit more digging, and, by default, the "Is Alive" check runs every 60 seconds when the cluster service connects to SQL Server and runs SELECT @@ SERVERNAME. However I'm mystified - I can't find any evidence on any of my clusters that the cluster service is logging on to SQL Server!
John
June 21, 2012 at 9:20 am
John Mitchell-245523 (6/21/2012)
Happy to help, Adam. I've done a bit more digging, and, by default, the "Is Alive" check runs every 60 seconds when the cluster service connects to SQL Server and runs
Does the 2k8r2 cluster install do that stuff for you, or does the account have to be created after install.
I only ask cause a colleage reckons its done for you (like the MS SQL specific groups).
We've never installed 2k8 cluster before 😉
Adam Zacks-------------------------------------------Be Nice, Or Leave
June 21, 2012 at 9:25 am
Adam
In 2005, you had to create the account yourself if you didn't want it using BUILTIN\Administrators. I think the security is a bit more sophisticated in 2008, so I'm not sure exactly how it handles it. You'll want to check after installing that the cluster service has some way of connecting, for your own peace of mind.
John
Viewing 15 posts - 1 through 15 (of 23 total)
You must be logged in to reply to this topic. Login to reply