April 24, 2013 at 5:35 am
Hi,
Log shipping (backup job) failed after we change SQL service account in our production database and DR database server.
Earlier its was working fine with existing account name (Account name having domain admin rights) but current a/c name doesn't have domain admin rights its normal domain account.
Is it having any chances to failed log shipping process?
Pls advice on this...
thanks.
Pradeep
April 24, 2013 at 5:49 am
pradeep.mohan (4/24/2013)
Hi,Log shipping (backup job) failed after we change SQL service account in our production database and DR database server.
Earlier its was working fine with existing account name (Account name having domain admin rights) but current a/c name doesn't have domain admin rights its normal domain account.
Is it having any chances to failed log shipping process?
Pls advice on this...
thanks.
Looks like your new domain account doesn't have write privileges to the location of the TLOG backups. Speak to your AD admin should be able to sort it out for you.
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]
Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn
April 29, 2013 at 7:24 am
Does the new Service account is added in the Local administrator group on both the servers (Primary and seconday)?
April 29, 2013 at 7:34 am
what error do you get?
---------------------------------------------------------------------
April 30, 2013 at 12:43 am
yes new account has been added to local administrator group.
Pradeep
May 1, 2013 at 7:40 am
Did you change the password of the SQL Server service to?
May 1, 2013 at 11:08 pm
Yes, i changed the password also.
Pradeep
May 2, 2013 at 8:54 am
pradeep.mohan (5/1/2013)
Yes, i changed the password also.
did you bounce SQL Server after you changed the password?
Make sure you changed the password in all places as far as MSSQL Server and SQL Agent as well as if you used it for the Log SHipping stuff.
May 2, 2013 at 10:49 pm
Yes i restart the SQL server and i changed both SQL Server Service and agent as well
Pradeep
May 6, 2013 at 7:45 am
Please find the error log
The job failed. The Job was invoked by Schedule 2864 (DefaultCopyJobSchedule). The last step to run was step 1 (Log shipping copy job step.)
Executed as user: XXXX\sqljobs. The step failed.
Pradeep
October 21, 2013 at 11:44 pm
Was there any resolution to this issue? I am experiencing a very similar issue at the moment...
October 30, 2013 at 5:59 am
muthyala_51 (4/29/2013)
Does the new Service account is added in the Local administrator group on both the servers (Primary and seconday)?
This is not required - The account just needs to be able to read\write from the location of the logs, both primary and secondary. Do not add service accounts to local admin groups.
October 31, 2013 at 8:18 am
SQLSteve (10/30/2013)
muthyala_51 (4/29/2013)
Does the new Service account is added in the Local administrator group on both the servers (Primary and seconday)?This is not required - The account just needs to be able to read\write from the location of the logs, both primary and secondary. Do not add service accounts to local admin groups.
Can you explain in detail why a service account doesn't need to be added in admin group ? Pros n Cons.
October 31, 2013 at 8:52 am
When setting up your service accounts you want to follow the principle of least privilege. Basically this means that you only want to grant the necessary rights to your service accounts to do it's job and nothing more. I have never come across a reason that I needed my service account to be a domain admin or a local admin. I simply grant the necessary permissions to the account and that is all.
The reason for this is security, plain and simply. If you service account gets hacked you want to limit your potential damage by limiting the hackers surface area. Domain admin and/or local admin is a pretty big surface area.
Now a couple of people have asked if the new account has read/write access to the location of the Tlog backups. Does it? Start there. Also, any changes you make to your service account needs to be done through SQL Server Configuration Manager not by going directly to the service itself.
November 1, 2013 at 3:45 am
Keith Tate (10/31/2013)
When setting up your service accounts you want to follow the principle of least privilege. Basically this means that you only want to grant the necessary rights to your service accounts to do it's job and nothing more. I have never come across a reason that I needed my service account to be a domain admin or a local admin. I simply grant the necessary permissions to the account and that is all.The reason for this is security, plain and simply. If you service account gets hacked you want to limit your potential damage by limiting the hackers surface area. Domain admin and/or local admin is a pretty big surface area.
Now a couple of people have asked if the new account has read/write access to the location of the Tlog backups. Does it? Start there. Also, any changes you make to your service account needs to be done through SQL Server Configuration Manager not by going directly to the service itself.
+1
Viewing 15 posts - 1 through 14 (of 14 total)
You must be logged in to reply to this topic. Login to reply