none
Add service account as a login for my database

    Question

  • Hello,

    I am expering difficulties to add my "local system" account as a valid login for my SQL (localDB)\v11.0 development server.

    This is my development environment where I am creating a windows service that will run in a "local account". As this server will have access to the database using integrated security, I believe I have to grant access to this account to the database.

    The problem happens when I go into Management Console and ask to add a new login name (Windows Authentication).

    I tried to use NT AUTHORITY\NETWORK SERVICE .\LocalSystem and many other, but the user is not found.

    I am running windows 8.1 pt-BR and would like to find what how can I do that?

    Regards,

    Igor.


    .NET Software developer for industrial internet and automation system.

    Friday, March 28, 2014 12:26 AM

Answers

  • Hi lgor Kondrasovas,

    According to your description, you could not create a Login for “NT AUTHORITY\NETWORK SERVICE “in SQL Server Management Studio by using GUI or command line. The error 15401 may occurs due to some potential causes.

    1. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.

    2. You try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.

    3.  the login is in a different domain than the SQL Server.

    4. Your name resolution mechanism (such as, WINS, DNS, HOSTS or LMHOSTS) is not configured correctly and so on.

    There is troubleshooting error 15401, you can review the following blog.
    http://support.microsoft.com/kb/324321/en-us

    Regards,
    Sofiya Li

    If you have any feedback on our support, please click here.


    Sofiya Li
    TechNet Community Support


    Monday, March 31, 2014 4:12 AM
    Moderator

All replies

  • I tried to use NT AUTHORITY\NETWORK SERVICE .\LocalSystem and many other, but the user is not found.

    Hello Igor,

    The just search for it; click on "Search.." => "Advanced" => "Find now" and select "Network Service".


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Friday, March 28, 2014 8:30 AM
    Moderator
  • Hello,

    Sorry, but your suggestion did no work. After selecting "Serviço Local" (my os is pt-BR) and try to finish the new login creation, sql server return an error:

    "Windows NT user or group 'mypc\SERVIÇO LOCAL' not found. Check the name again. Microsoft SQL Server Error: 15401

    The strange thing is that I selected the user from a list and how come this user cannot be found?

    Any thoughts?

    Igor.


    .NET Software developer for industrial internet and automation system.

    Friday, March 28, 2014 11:31 AM
  • For me it's working. Can you add the account using T-SQL?

    CREATE LOGIN [NT AUTHORITY\NETWORK SERVICE] FROM WINDOWS


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Friday, March 28, 2014 11:35 AM
    Moderator
  • I get the following message:

    Msg 15401, Level 16, State 1, Line 1
    Windows NT user or group 'NT AUTHORITY\NETWORK SERVICE' not found. Check the name again.

    In case my OS is localized to pt-BR, should I use localized names? It seems this is not working either.

    Any toughts? Is there any difference while using Windows 8.1

    Igor.


    .NET Software developer for industrial internet and automation system.

    Friday, March 28, 2014 1:02 PM
  • Hi lgor Kondrasovas,

    According to your description, you could not create a Login for “NT AUTHORITY\NETWORK SERVICE “in SQL Server Management Studio by using GUI or command line. The error 15401 may occurs due to some potential causes.

    1. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.

    2. You try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.

    3.  the login is in a different domain than the SQL Server.

    4. Your name resolution mechanism (such as, WINS, DNS, HOSTS or LMHOSTS) is not configured correctly and so on.

    There is troubleshooting error 15401, you can review the following blog.
    http://support.microsoft.com/kb/324321/en-us

    Regards,
    Sofiya Li

    If you have any feedback on our support, please click here.


    Sofiya Li
    TechNet Community Support


    Monday, March 31, 2014 4:12 AM
    Moderator
  • Hello Sofiya,

    Thank you for the reply,

    Just as a side note, I am trying to add "Local System" as a user in my database instead of Network Service.

    My dev enviroment is very simple. I am not under a domain and did not make any special user configuration or policy. I simply have a Windows 8.1 PC with Visual Studio 2013, localDB and Management Studio 2012.

    It means that cause 1 is unlikely to be. Besides, I am selecting the user from a list of available users in my PC instead of typing it manually.

    Regarding Case 2, no record is returned when I execute: SELECT name FROM syslogins WHERE sid = SUSER_SID ('VOSTRO5470\SERVIÇO LOCAL')

    I think Cause 3 and 4 are note the case, since there are no domains set and everything is locally installed.

    Do you think it might be related to the fact I am logged into the PC with a Windows ID?

    Regards,

    Igor.


    .NET Software developer for industrial internet and automation system.

    Monday, March 31, 2014 2:39 PM
  • Have a look at How to troubleshoot error 15401.

    sqldevelop.wordpress.com

    Friday, April 04, 2014 8:03 PM
    Moderator
  • In my opinion, after Reading the refered article, I think my case is "Local Account" topic. There it says I must refer to article Q322988.

    I looked for this article: http://support.microsoft.com/kb/322988

    And it seems the solution is to update the operating system. But I think this is not my case, since the article refers to Windows NT :-)

    As a workaround, I am using SQL authentication so I can move on...

    Any other thoughts?

    Igor.


    .NET Software developer for industrial internet and automation system.

    Saturday, April 05, 2014 2:16 PM
  • Hi Igor,

    The LocalSystem account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. Hence you can not create as a user in the SQL Server.

    To know in detail about local system account http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx

    It is also important that you understand the below account saperately,

    LocalService Account (Can be added in SQL Server as a user)
    NetworkService Account(Can be added in SQL Server as a user)
    LocalSystem Account(Can not)

    Regards, RSingh

    Saturday, April 12, 2014 4:55 AM
    Moderator
  • Hello RSingh,

    Thank you for the reply back!

    So, in my case where I have a Windows Service that must connect to a SQL Server using integrated security. What should I do?

    Regards,

    Igor.


    .NET Software developer for industrial internet and automation system.

    Sunday, April 13, 2014 10:59 AM
  • When you say Window Service, is it managed service account ? They are sort of domain account created and managed by domain controler. For example Domain\accountName

    If it is domain account then you simply need to add the user "domainName\AccountName" in the SQL Server.

    CREATE LOGIN [<domainName>\<login_name>] FROM WINDOWS;

    http://msdn.microsoft.com/en-us/library/ms143504.aspx

    http://technet.microsoft.com/en-us/library/ms189751.aspx


    Regards, RSingh

    Sunday, April 13, 2014 11:48 AM
    Moderator
  • What I mean is that the software I am developing will be installed in windows as a windows service not an application. Developed in Visual Studio using the windows service template and installed with installutil.exe

    This service will have to access a SQL Server database using windows integrated authentication and not sql server authentication.

    As the Windows Service runs as local system by default, I was trying to grant this account permission to access  the database.

    Igor.


    .NET Software developer for industrial internet and automation system.

    Sunday, April 13, 2014 12:41 PM
  • can you post us the Screenshot by doing the steps as explained by Olaf Helper?

    We need to see what are the account names shown on your machine.


    Sunday, April 13, 2014 1:26 PM
  • Did you try adding "NT AUTHORITY\LOCAL SERVICE" or "LOCAL SERVICE" user in the SQL Server ?

    http://msdn.microsoft.com/en-us/library/ms143504.aspx

    I believe that the system where you have installed window services is in the domain network i.e while adding a new user in SSMS, you need to select the location(entire directory) as the Window Service System and then search/add the local service account of the system and not the SQL Server Local Service account.


    Regards, RSingh

    Sunday, April 13, 2014 2:36 PM
    Moderator