locked
the server threw an exception [0x80010105] RRS feed

  • Question

  • Hi guys,

     

       I setup a SQL Server failover cluster using a domain user  Domain User A (the domain user was added to local administrator groups of every node that are in the cluster)

       I have created a new domain user B without adding it to the local administrator  group of each node and have created SQL Server login for this account and assign sysadmin right to this account

       I have set access control list on those folders that this account needs to access by following the instructions on the web page "Setting up Windows Service Accounts"  http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.90%29.aspx

    but when I set the service accounts (SQL Server and SQl Server Agent) to the new domain user B using the sql server configuration manager. I encountered this error "the server threw an exception [0x80010105]"

    when I added the new domain users to the local administrator group of every node, I will not encounter this error.

    any one has any idea why the domain user B needs to be added to the local administrator group because i have setup the minimum permissions that the new domain account B needs to have?

     

    does any one know any other permission that i need to assign to domain user B so that I do not need add them to the local administrator group of every node

     

    thank you


    Tuesday, June 14, 2011 5:53 AM

All replies

  • You cannot vote on your own post
    0

    Hi guys,

     

       I setup a SQL Server failover cluster using a domain user  Domain User A (the domain user was added to local administrator groups of every node that are in the cluster)

       Now I need to change the service account to an account with least privileges so I have created a new domain user B without adding it to the local administrator  group of each node and have created SQL Server login for this account and assign sysadmin right to this account

       I have also set access control list on those folders that this account needs to access by following the instructions on the web page "Setting up Windows Service Accounts"  http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.90%29.aspx

    but when I set the service accounts (SQL Server and SQl Server Agent) to the new domain user B using the sql server configuration manager. I encountered this error "the server threw an exception [0x80010105]"

    when I added the new domain users to the local administrator group of every node, I will not encounter this error.

     

     does any one know any other permission that i need to assign to domain user B so that I do not need add them to the local administrator group of every node because i need to assign service accounts to an account with the least privileges

     

    thank you

    • Merged by KJian_ Tuesday, June 21, 2011 9:03 AM
    Tuesday, June 14, 2011 6:03 AM
  • Add that mew login to sql server and make it  sysadmin server role, then try change an account again

     


    Best Regards, Uri Dimant SQL Server MVP http://dimantdatabasesolutions.blogspot.com/ http://sqlblog.com/blogs/uri_dimant/
    • Marked as answer by shinobigoh Tuesday, June 14, 2011 7:32 AM
    • Unmarked as answer by shinobigoh Tuesday, June 14, 2011 7:32 AM
    Tuesday, June 14, 2011 6:38 AM
  • Hi,

     

      I have already assigned sysadmin right to that account but error still occurred

    Tuesday, June 14, 2011 7:33 AM
  • Hi,

     

     

      In term of Os, what privileges do I need to assign to the new domain user except those privileges that I have already assigned

      (Log on as a service (SeServiceLogonRight)

    Act as part of the operating system (SeTcbPrivilege) (only on Windows 2000)

    Log on as a batch job (SeBatchLogonRight)

    Replace a process-level token (SeAssignPrimaryTokenPrivilege)

    Bypass traverse checking (SeChangeNotifyPrivilege)

    Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)

    Permission to start SQL Server Active Directory Helper

    Permission to start SQL Writer

    )

     

    thank you

    Tuesday, June 14, 2011 7:36 AM
  • Hi ,

     

        I added the new domain user to the local administrator group and start the service successfully

     

       after starting the services sucessfully, I remove the domain user from  the local administrator and restart the services and the sql server cannot start

     

         I found an error in the sql server error log

         Error: 17053, Severity: 16, State: 1.
         UpdateUptimeRegKey: Operating system error 5(access is denied) encounter

         any idea on how to solve this

    thank you

    Tuesday, June 14, 2011 8:09 AM
  • See this KBA http://support.microsoft.com/kb/283811 that talks about permissions that are required for the accounts to act as service account. Hope this helps.
    Satya SKJ, SQL Server MVP www.sqlserver-qa.net [knowledge sharing network]
    Get knowledge sharing network feeds by Email
    Tuesday, June 14, 2011 9:05 AM
  • Hi,

     

       I have assigned full control to all the folders that contains the word "SQL" and it still do not work

     

    thank you


    Tuesday, June 14, 2011 9:26 AM
  • Just to ask what version of SQL is used here.. fyi SQLCAT paper extract here:

    Service SIDs instead of Domain Groups on Windows Server 2008

    A pain point for many DBAs was the introduced requirement in SQL Server 2005 Failover Clustering for using domain groups for SQL Server services. These domain groups were used to manage the permissions of the SQL Server service accounts; however they required that each domain group already contained the service accounts as members prior to install. Changing the domain group for a clustered service, although possible, was not a trivial procedure (see KB 915846, “Best practices that you can use to set up domain groups and solutions to problems that may occur when you set up a domain group when you install a SQL Server 2005 failover cluster”).

    If you are creating a new SQL Server 2008 failover cluster on Windows Server 2008, you can now bypass the use of domain groups by designating Service SIDs during the install. Service SID functionality was introduced in Windows Vista and Windows Server 2008, and allows the provisioning of ACLs to server resources and permissions directly to a Windows service. On the "Cluster Security Policy" dialog during install of a SQL Server failover cluster, you still have the option to use domain groups, however selecting "Use service SIDS" is the recommended choice for SQL Server 2008 on Windows Server 2008 and allows you to bypass provisioning of domain groups and associated service account membership additions prior to installation.


    Satya SKJ, SQL Server MVP www.sqlserver-qa.net [knowledge sharing network]
    Get knowledge sharing network feeds by Email
    Tuesday, June 14, 2011 12:08 PM
  • I am using sql server 2005
    Tuesday, June 14, 2011 2:39 PM
  • domain user A is the original service account for SQL Server and SQL Server Agent

    but domain user A was added to the local administrator group of every node so It has local administrative rights


    I need to use a service account with minimum privileges so I have created a new domain user B without adding it to the local administrator groups. I have assigned the appropriate access control list for the new domain user B based on the information from this web page "Setting up Windows Service Accounts" http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.90%29.aspx.

    I have also created a SQL server login for that new domain user and have assigned sysadmin role to this login

    but when I tried to change the service account (SQL Server and SQL Server Agent) to the new domain user using the configuration manager, this error occurred (the server threw an exception [0x80010105] ).

     

    any one has any idea on solving this?

    Tuesday, June 14, 2011 3:43 PM
  • domain user A is the original service account for SQL Server and SQL Server Agent

    but domain user A was added to the local administrator group of every node so It has local administrative rights


    I need to use a service account with minimum privileges so I have created a new domain user B without adding it to the local administrator groups. I have assigned the appropriate access control list for the new domain user B based on the information from this web page "Setting up Windows Service Accounts" http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.90%29.aspx.

    I have also created a SQL server login for that new domain user and have assigned sysadmin role to this login

    but when I tried to change the service account (SQL Server and SQL Server Agent) to the new domain user using the configuration manager, this error occurred (the server threw an exception [0x80010105] ).

     

    any one has any idea on solving this?
    Tuesday, June 14, 2011 3:43 PM
  • the following permissions I did not assign to the domain user because I could not find them in the local security policy (user rights)
    Permission to start SQL Server Active Directory Helper
    Permission to start SQL Writer

    does any one know how do I assign these permissions or find them on each node?
    Tuesday, June 14, 2011 5:09 PM