June 21, 2012 at 9:56 am
Ok thanks John,
Will ensure to put it on the checklist for post-build config changes.:-)
Adam Zacks-------------------------------------------Be Nice, Or Leave
June 22, 2012 at 10:50 am
Hi ,
It is not required to have any access for the cluster service account to have an access in SQL.
Thanks
Srikanth Reddy Kundur
June 22, 2012 at 4:25 pm
Hi,
It is not a mandate to add the cluster server service account to the sql server.
Srikanth Reddy Kundur
June 23, 2012 at 10:17 pm
ksrikanth77 (6/22/2012)
Hi,It is not a mandate to add the cluster server service account to the sql server.
Srikanth Reddy Kundur
our sql server stopped working for some reason when i was on long leave (we have removed it) but in cluster log they fond it has no access as reason for cluster failing , do you have any document to prove it.
as mentioned in one of above comment there is always a connection from passive server to active server with query as select @@servername
Regards
Durai Nagarajan
June 24, 2012 at 11:39 pm
I mean we need not add anything post installation, this is taken care automatically. Please find the below link.
http://technet.microsoft.com/en-us/library/ff182359(v=WS.10).aspx
Note
There is a change in the way the Cluster service runs in Windows Server 2008 and Windows Server 2008 R2, as compared to Windows Server 2003. In Windows Server 2008 and Windows Server 2008 R2, there is no Cluster service account. Instead, the Cluster service automatically runs in a special context that provides the specific permissions and privileges that are necessary for the service (similar to the local system context, but with reduced privileges).
Regards
Srikanth Reddy Kundur
June 25, 2012 at 12:45 am
durai nagarajan (6/21/2012)[hrIn our environment we have two domain users one for SQL services and another for cluster.
i am planning to revoke the access and configure the same with SQL services user. i am not expert in clustering environment so want to know what permission does the cluster services user in SQL server , so that i can proceed with my changes.
This is a windows 2003 cluster, correct?
For security best practices the cluster service account and the SQL server service accounts should be different logins. The cluster login needs public access to the SQL server instance to perform the IsAlive checks
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
June 25, 2012 at 1:35 am
ksrikanth77 (6/24/2012)
I mean we need not add anything post installation, this is taken care automatically. Please find the below link.http://technet.microsoft.com/en-us/library/ff182359(v=WS.10).aspx
Note
There is a change in the way the Cluster service runs in Windows Server 2008 and Windows Server 2008 R2, as compared to Windows Server 2003. In Windows Server 2008 and Windows Server 2008 R2, there is no Cluster service account. Instead, the Cluster service automatically runs in a special context that provides the specific permissions and privileges that are necessary for the service (similar to the local system context, but with reduced privileges).
All true as far as it goes, but this is a SQL Server 2005 forum. You need to add the cluster account if you remove BUILTIN\Administrators.
John
June 25, 2012 at 1:59 am
Perry Whittle (6/25/2012)
durai nagarajan (6/21/2012)[hrIn our environment we have two domain users one for SQL services and another for cluster.
i am planning to revoke the access and configure the same with SQL services user. i am not expert in clustering environment so want to know what permission does the cluster services user in SQL server , so that i can proceed with my changes.
This is a windows 2003 cluster, correct?
For security best practices the cluster service account and the SQL server service accounts should be different logins. The cluster login needs public access to the SQL server instance to perform the IsAlive checks
yes we have 2003 cluster and thanks for your input, will maintain the same.
Regards
Durai Nagarajan
June 25, 2012 at 2:42 am
As Jon has rightly pointed out before impeding the built in admins group you must add the cluster service account and the SQL server service account as logins
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 9 posts - 16 through 23 (of 23 total)
You must be logged in to reply to this topic. Login to reply