locked
Changing MSSQLSERVER Log On account causes log access denial error RRS feed

  • Question

  • Hi folks.

    I am running SQL Server 2008 R2 on Windows Server 2008 R2.

    I installed SQL Server using my own domain user account, I'm in the local Administrators group, and initally ran all SQL services with Local System accounts.

    Now, I'm asked to run the two services, SQLSERVER and Agent, under a domain account (A requirement for Forefront FIM2012) or service account with domain access (Network Service)

    Our admin created a domain account called SQLADMIN.  When I configure SQLSERVER to log on with that account, I get an error stating that:

    initerrlog: Could not open error log file 'C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log\ERRORLOG'. Operating system error = 5(Access is denied.).

    I presume this means this SQLADMIN account does not have the ability to log?  Anyone know where I can adjust that?

    As a follow up question: Microsoft Forefront requirements specifically state: 

    Before you install the FIM Service, certain tasks should be completed and verified on the server that is running SQL. Ensure that the service accounts used by SQL Server Database and SQL Server Agent are either domain accounts or built-in service accounts (for example, Network Service). You cannot use local computer accounts.

    Its a shame because everything was working swimmingly until I had to change out Local System for the domain account.  I presumed that Local System does not qualify for "either domain accounts or built-in service accounts (for example, Network Service)" so we went for creating the domain account after trying to run things under Network Service failed.  Any other suggestions here?  Is Local System enough in terms of permissions?

    Thanks!

    Thursday, September 27, 2012 8:03 PM

Answers

  • Please see this document on changing the service account:

    http://support.microsoft.com/kb/283811

    If you changed it in Services and not in the SQL Configuration Manager, it will not work properly.

    • Proposed as answer by Rama Udaya Thursday, September 27, 2012 10:05 PM
    • Marked as answer by Maggie Luo Thursday, October 4, 2012 5:38 PM
    Thursday, September 27, 2012 8:58 PM