June 14, 2011 at 8:54 am
Hi guys,
I setup a SQL Server failover cluster using a domain user Domain User A as the service accounts for all services (the domain user was added to local administrator groups of every node that are in the cluster)
I have created a new domain user B without adding it to the local administrator group of each node and have created SQL Server login for this account and assign sysadmin right to this account
I have set access control list on those folders that this account needs to access by following the instructions on the web page "Setting up Windows Service Accounts" http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.90%29.aspx
but when I set the service accounts (SQL Server and SQl Server Agent) to the new domain user B using the sql server configuration manager. I encountered this error "the server threw an exception [0x80010105]"
when I added the new domain users to the local administrator group of every node, I will not encounter this error.
any one has any idea why the domain user B needs to be added to the local administrator group because i have setup the minimum permissions that the new domain account B needs to have?
does any one know any other permission that i need to assign to domain user B so that I do not need add them to the local administrator group of every node
thank you
June 14, 2011 at 8:56 am
I have also created a login to sql server to that new domain user and make it sysadmin server role but it still threw the exception
June 14, 2011 at 9:13 am
I'm a little confused by your post. Is Login B supposed to be the service account login? Or is it Login A. Because you say you set up Login A as the service account, then you're saying you followed service account instructions for Login B.
What is Login B to be used for?
June 14, 2011 at 9:41 am
domain user A is the original service account for SQL Server and SQL Server Agent
but domain user A was added to the local administrator group of every node so It has local administrative rights
I need to use a service account with minimum privileges so I have created a new domain user B without adding it to the local administrator groups. I have assigned the appropriate access control list for the new domain user B based on the information from this web page "Setting up Windows Service Accounts" http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.90%29.aspx.
I have also create a SQL server login for that new domain user and have assigned sysadmin role to this login
but when I tried to change the service account (SQL Server and SQL Server Agent) to the new domain user using the configuration manager, this error occurred (the server threw an exception [0x80010105] ).
June 14, 2011 at 10:37 am
Which configuration manager are you using to change the logins? SQL Server or something on the cluster?
Did you look at the NT Rights part of that page and make sure Login B has all those Windows & Domain rights?
You verified the "reviewing Windows permissions" part of that page too? (I only see the comment about the ACLs, is why I ask).
June 14, 2011 at 10:38 am
FYI: Google your error message. A lot of posts came up with the same error.
June 14, 2011 at 10:55 am
Brandie Tarvin (6/14/2011)
Which configuration manager are you using to change the logins? SQL Server or something on the cluster?Did you look at the NT Rights part of that page and make sure Login B has all those Windows & Domain rights?
You verified the "reviewing Windows permissions" part of that page too? (I only see the comment about the ACLs, is why I ask).
yes i looked at the NT rights part of that page and has made sure Login B has all those Windows & Domain rights
June 14, 2011 at 10:57 am
I have looked at the NT rights part of that page and has made sure Login B has all those Windows & Domain rights
but I still get the error message when I tried to change the service accounts
June 14, 2011 at 11:00 am
Google your error message. There are several potential solutions out there. Check the very first link that comes up.
June 14, 2011 at 11:01 am
the following permissions I did not assign to the domain user because I could not find them in the local security policy (user rights)
Permission to start SQL Server Active Directory Helper
Permission to start SQL Writer
Any one has the idea on how to assign these permissions or find them?
June 14, 2011 at 12:20 pm
All,
The OP has crossposted on MSDN forums and received an answer:
shinobigoh, did that response help you?
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply