locked
Service Accounts RRS feed

  • Question

  • I changed the service accounts that the SQL services were running under.  Now i am not able to connect my local install of SSMS to the server ... any ideas?
    Friday, August 12, 2011 2:55 PM

Answers

  • I cant remember the error message :(  

    Always include the error message when something fails. The error message may be Greek to you, but it tell other people a lot more.

    "After some research, I find that we may need to create an SPN.  When you run under localsystem, the SPN is created automatically, but if you run under a domain account you have to configure the account to allow the SPN to be created."


    That may be the case. Since we don't have the error message, it's difficult to tell.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by retracementMVP Sunday, August 14, 2011 6:27 PM
    • Marked as answer by Peja Tao Monday, August 15, 2011 6:44 AM
    Friday, August 12, 2011 9:13 PM
  • windows authentication

    I cant remember the error message :(   they changed it back to use the local system account this morning

    my coworker suggested--

    "After some research, I find that we may need to create an SPN.  When you run under localsystem, the SPN is created automatically, but if you run under a domain account you have to configure the account to allow the SPN to be created."



    This is definitely the problem - and your error was probably 'Cannot Generate SSPI Context'.  What you need to do to fix this is remove the SPN record that is created for the local system account.  If you don't need Kerberos authentication, that is all you need to do.  If you need Kerberos authentication, then create the SPN records for the service account on the host name and FQDN.
    Jeff Williams
    • Proposed as answer by retracementMVP Sunday, August 14, 2011 6:27 PM
    • Marked as answer by Peja Tao Monday, August 15, 2011 6:44 AM
    Saturday, August 13, 2011 8:22 AM

All replies

  • Hi,

    After changing service accounts ,you need to restart SQL services to reflect that change.what is the status of services after this restart ?

    Plaese use configuration manager to perform service account change and service restart .

    verify that all SQL services are running or not

    if not running then recheck the passwords of service accounts once .


    Sivaprasad.L Together We can Achieve
    Friday, August 12, 2011 3:24 PM
  • Hi,

    After changing service accounts ,you need to restart SQL services to reflect that change.what is the status of services after this restart ?

    Plaese use configuration manager to perform service account change and service restart .

    verify that all SQL services are running or not

    if not running then recheck the passwords of service accounts once .


    Sivaprasad.L Together We can Achieve


    Hallo Siva,

    checking password will not make sence because a change of service account will implement a check for the password. ;)


    Uwe Ricken

    MCITP Database Administrator 2005
    MCITP Database Administrator 2008
    MCITS Microsoft SQL Server 2008, Database Development

    db Berater GmbH
    http://www-db-berater.de
    Friday, August 12, 2011 3:48 PM
  • > I changed the service accounts that the SQL services were running under.  Now i am not able to connect my local install of SSMS to the server ... any ideas?

    So what is the error message?

    How do you connect? Windows authentications or SQL authentication?


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Friday, August 12, 2011 3:58 PM
  • windows authentication

    I cant remember the error message :(   they changed it back to use the local system account this morning

    my coworker suggested--

    "After some research, I find that we may need to create an SPN.  When you run under localsystem, the SPN is created automatically, but if you run under a domain account you have to configure the account to allow the SPN to be created."


    Friday, August 12, 2011 5:53 PM
  • I cant remember the error message :(  

    Always include the error message when something fails. The error message may be Greek to you, but it tell other people a lot more.

    "After some research, I find that we may need to create an SPN.  When you run under localsystem, the SPN is created automatically, but if you run under a domain account you have to configure the account to allow the SPN to be created."


    That may be the case. Since we don't have the error message, it's difficult to tell.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by retracementMVP Sunday, August 14, 2011 6:27 PM
    • Marked as answer by Peja Tao Monday, August 15, 2011 6:44 AM
    Friday, August 12, 2011 9:13 PM
  • windows authentication

    I cant remember the error message :(   they changed it back to use the local system account this morning

    my coworker suggested--

    "After some research, I find that we may need to create an SPN.  When you run under localsystem, the SPN is created automatically, but if you run under a domain account you have to configure the account to allow the SPN to be created."



    This is definitely the problem - and your error was probably 'Cannot Generate SSPI Context'.  What you need to do to fix this is remove the SPN record that is created for the local system account.  If you don't need Kerberos authentication, that is all you need to do.  If you need Kerberos authentication, then create the SPN records for the service account on the host name and FQDN.
    Jeff Williams
    • Proposed as answer by retracementMVP Sunday, August 14, 2011 6:27 PM
    • Marked as answer by Peja Tao Monday, August 15, 2011 6:44 AM
    Saturday, August 13, 2011 8:22 AM
  • Jeff yes yes it was Cannot Generate SSPI Context.  thanks for the info!
    Sunday, August 14, 2011 6:30 PM