October 9, 2007 at 5:17 am
Hi Everybody,
We have a cluster service accout used to create a Windows cluster and also the service account runs on this account and it's a local admin on the box.
I installed sql server cluster and all the sql service accounts use a different account after installing sql i removed built in admins and now i am testing failover sql server is not coming up and saying login failed for 'cluster service account' and i am not sure why it's using that account.
Please let me know if the cluster service account should have acces to sql server ...if so why.
Thanks in Advance.
Chinn
October 9, 2007 at 5:56 am
you have to be careful removing builtin admins ona cluster - there's some KB articles about this try KB 263712
[font="Comic Sans MS"]The GrumpyOldDBA[/font]
www.grumpyolddba.co.uk
http://sqlblogcasts.com/blogs/grumpyolddba/
October 9, 2007 at 8:53 am
If you remove builtin admin, it won't work. Cluster is one of the beast that won't function well. I would say that it is one of the exception that is different then regular install.
sopheap
October 9, 2007 at 9:08 am
I have removed the builtin account on my clusters and it works. The cluster account must be made sysadmin as is the account the runs SQL and SQL Agent
Francis
October 9, 2007 at 9:17 am
Thanks for the input guys...
That's what i did ..i added both cluster service account and the service account that runs sql server as sysadmin in sql server...
Thanks.
October 10, 2007 at 6:37 pm
fhanlon (10/9/2007)
I have removed the builtin account on my clusters and it works. The cluster account must be made sysadmin as is the account the runs SQL and SQL Agent
The Microsoft guidance on this has changed. The cluster account must be able to login but it doesn't need to be a member of the sysadmin fixed server role:
How to impede Windows NT administrators from administering a clustered instance of SQL Server (SQL Server 7.0 and 2000)[/url]
Before Installing Failover Clustering (SQL Server 2005) - See section Configure Microsoft Cluster Service.
K. Brian Kelley
@kbriankelley
October 11, 2007 at 7:05 am
Brian,
Does it mean just add a login with no permissions?
Thanks,
October 17, 2007 at 1:28 pm
I believe so. One way to test is to create a login with no permissions and run SELECT @@SERVERNAME and see if it can execute it. It should be able to do so as any login should be placed in the public role automatically.
K. Brian Kelley
@kbriankelley
October 17, 2007 at 2:14 pm
Thanks Very Much!
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply