SQL Server Performance

Cluster service account permissions

Discussion in 'SQL Server Clustering' started by jsciii, Apr 2, 2007.

  1. jsciii New Member

    I am working on removing the BUILTINADMINISTRATORS account from our instances. I had read that the cluster service account required public access to the server in order to do an ISALIVE check. Since the cluster service account has not been directly added to the instance I assumed it is deriving permssions via the builtin account which it is in the local admin group on both nodes.

    I performed a test where I removed the builtin account from an instance. Since the cluster service account is not part of the instance I expected the cluster to failover to the other node when the ISALIVE check failed. I then expected it to fail back and forth as the check failed.

    It didn't do anything. The instance stayed on the primary node and nothing changed.

    Does the cluster service account need access to the instance?

    Thanks
  2. MohammedU New Member

    How to impede Windows NT administrators from administering a clustered instance of SQL Server
    http://support.microsoft.com/kb/263712


    MohammedU.
    Moderator
    SQL-Server-Performance.com

    All postings are provided “AS IS” with no warranties for accuracy.
  3. satya Moderator

    IF builtinadministrators removed then ensure to have CLuster service & SQL services has relevant admin privileges on the server.

    Satya SKJ
    Microsoft SQL Server MVP
    Writer, Contributing Editor & Moderator
    http://www.SQL-Server-Performance.Com
    This posting is provided AS IS with no rights for the sake of knowledge sharing. The greatest discovery of my generation is that a human being can alter his life by altering his attitudes of mind.
  4. Anil New Member

    Hi,

    We faced siminilar issue recently. Without knowing the fact that cluster admin account need to be added to SQL Server, we have deleted builtinadministartor group. SQL Services failed to come online while failing over to other node.

    We have added cluster admin account to SQL Server instance and granted sa role, thus issue resolved.

    REgards,
    Anil Kumar

Share This Page