none
Logreader error related to an incorrect domain account but we don't use that account

    Question

  • Recently we encounter some errors on the log reader agent job for all our publishers in our push replication setup.  All publisher dbs are coming from the same db in the publishing server.    Our distribution db is on its own physical box.  We are using SQL 2008 r2.  The first error is related to “The process could not execute 'sp_replcmds' .  The second one is "Could not obtain information about Windows NT group/user 'domain\xxxxxx', error code 0x5”.    The strange thing about the second error is that we don't use that account to set up the replication.  I am using a totally different account for it.  Just in case, I checked all log reader security set up for the publisher dbs and it is using the sql job agent account by impresonation and not using the said domain account in the error.  Another interesting about this problem is that the problem would self-correct meaning after a few hours of giving out the errors, the log reader would function again and distributing the commands to the distrbution db.    

    I need to find out why the replication is giving out an error on a domain account that we don't use.    A little bit of background info here.  We did move all our servers to a different location and set up a new domain for everything.  However, all replication setup started from scratch so there is no chance I would use the said account to set up my replication.    the only thing that is coming from the old location (or old domain) is the databases.    We did a backup and restore to bring the databases to the new location but we don't restore the original publisher settings during the restore.

    Is it possible that somehow there is some old replication setting related to the said domain account somewhere in our current replication setup somewhere?  Is there a command I can use to search for this domain account in our replication setup?  Any ideas or thoughts are very much appreciated.

    od


    Ocean Deep

    Tuesday, July 16, 2013 5:25 PM

All replies

  • Hi,

    Check whether the publisher db is having a db owner.


    Thanks & Regards RAJUKIRAN L Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers.

    Thursday, July 18, 2013 3:06 PM
  • Thanks for the reply.

    If I understand you correctly, you want me to check if the user account that starts the log reader agent (the account that would connect to the publisher db)  is the db owner of the publisher db.   Since we are using the job agent account to impersonate, the domian account that we use to start the job agent is set up to be the db owner of the publsher db.

    Wing


    Ocean Deep

    Friday, July 19, 2013 1:42 PM
  • Script out the publication to see if the account is given granted publication access. Look for references to it in sp_grant_publication_access statements.

    Also ensure that the job is now running under this user account or that that user account is not the log reader agent job owner.

    Finally check to see that there are not command line arguments for the job to be run under that account or as the job owner.


    looking for a book on SQL Server 2008 Administration? http://www.amazon.com/Microsoft-Server-2008-Management-Administration/dp/067233044X looking for a book on SQL Server 2008 Full-Text Search? http://www.amazon.com/Pro-Full-Text-Search-Server-2008/dp/1430215941

    Friday, July 19, 2013 3:24 PM
  • Hilary,

    Thanks for the reply.  I checked all the things you mentioned.  Here is what I found.

    - the said domain account in the error doesn't show up in any of the sp_grant_publication_access statements

    - From the log reader Job properties,  the log reader agent job owner is 'distrbutor admin'.  The log reader agent job is run under 'SQL server Agent service account'.

    - For the command line arguments for the job, I assume you want me to check all the job steps in the log reader agent job for the published db.  There is no the said domain account in the error shows up as an argument at all.

    To help me understand these two errors I mentioned in my original post, are they related to the log reader having authentication problem connecting to the publisher db or the log reader having authentication issue running the job?

    appreciate very much about your assistance.

    OD


    Ocean Deep

    Monday, July 22, 2013 5:12 PM
  • I am not exactly sure where the error is occurring. Is this account disabled/deleted on the AD? You might want to re-enable it.

    looking for a book on SQL Server 2008 Administration? http://www.amazon.com/Microsoft-Server-2008-Management-Administration/dp/067233044X looking for a book on SQL Server 2008 Full-Text Search? http://www.amazon.com/Pro-Full-Text-Search-Server-2008/dp/1430215941

    Monday, July 22, 2013 9:16 PM
  • Yes, the account shown in the error has been deleted from the AD.  We decommissioned all old servers and old AD domains and have all new servers in a new physical location.  We also create a new domain in AD for this move so we won't be using this old account at all.    This account used to be the one that starts all SQL services including replication in our old location.  After the move, I configured replication on the new servers from scratch using a totally new domain account from the new domain.   is it possible that the distribution db is still containing some entries reference to this old AD account?    I don't see how but if there are some tables in the distrbution db I should look at, please advice.

    OD


    Ocean Deep

    Thursday, July 25, 2013 5:42 PM