SQL Server Performance

Cluster - SQL Service account

Discussion in 'SQL Server Clustering' started by icata, Apr 1, 2004.

  1. icata New Member

    Hi,

    I am using SQL Server 2k SP3a on Win 2k Advance Server. Cluster with 2 nodes.
    I am updating the SQL Server service account via the EM, everything works fine with the new service account, I can move the group from one node to the other both ways, no problem, but after a while when I try to do it again the SQL Server services are failing with an error something like "Account doesn't have enough permissions on the server". Any idea?
  2. icata New Member

    The account that I am using to start the SQL Server services is admin on both nodes.
  3. satya Moderator

    Ensure to set Full Control for the startup account for the MSSQLServer service and the SQLServerAgent service on the registry and NTFS Permissions on the Disk.

    It must be granted the following policies:
    -Act as part of the operating system.
    -Logon as a service.
    -Replace a process-level token.

    The service account for the Cluster service must have the right to log in to SQL Server. If you accept the default, the account [NT AuthoritySystem] must have login rights to SQL Server so that the SQL Server resource DLL can run the isAlive query against SQL Server.

    If the service account for SQL Server is not an administrator in a cluster, the administrative shares cannot be deleted on any nodes of the cluster. The administrative shares must be available in a cluster for SQL Server to function.

    KBAhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;254321 for information about Cluster Do's and Dont's.

    HTH

    Satya SKJ
    Moderator
    http://www.SQL-Server-Performance.Com/forum
    This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
  4. icata New Member

    I check the cluster account. Is admin on the nodes and via the Admin login account in SQL Server has access to SQL Server, plus if I reset the SQL Server services account with the same account, same password it is working for a while.
  5. satya Moderator

    Any issues on the network or information from event log?

    Satya SKJ
    Moderator
    http://www.SQL-Server-Performance.Com/forum
    This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
  6. icata New Member

    Nothing that I can releate to this. In the Security I got this

    Logon Failure:
    Reason:The user has not been granted the requested
    logon type at this machine
    User Name:[user]
    Domain:[domain]
    Logon Type:5
    Logon Process:SCMgr
    Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name:[workstation]

    but that just confirm the fact.
  7. satya Moderator

    Ah... security policy:

    Check the Local security policy on the server:
    From Start --> Controlpanel->Administrative tools->Local security policy
    You need to fint the keys in there under localpolicies->user rights assignment "access this computer from the network" and "log on locally"
    ->set them to allow a specified account

    Satya SKJ
    Moderator
    http://www.SQL-Server-Performance.Com/forum
    This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
  8. icata New Member

    I doubt that is the permissions the "access this computer from the network" has assigned permissions for everybody plus Admins and the other one has permissions assign for Admins and the service account is part of the Admins
  9. Argyle New Member

    Verify that the account has "logon as service" rights a well. Also verify that you've typed in the accounts in the format "DOMAINmyaccount" and not "yaccount@domain.com"
  10. icata New Member

    It seems that it is the AD Group Policy that is overwriting the Local security policy.
    Thank you very much guys.
  11. satya Moderator

    Then try to include the above policy steps on the AD group policy to take affect.

    Satya SKJ
    Moderator
    http://www.SQL-Server-Performance.Com/forum
    This posting is provided “AS IS” with no rights for the sake of knowledge sharing.

Share This Page