locked
Service account for principal, mirror for mirroring setup RRS feed

  • Question

  • During the mirror setup for principal and mirror 2008R2 (without witness) in Server Management studio, it requires to enter the Service Accounts for both principal and mirror. What are these service accounts ?
    • Moved by Tom Phillips Tuesday, August 23, 2011 1:45 PM Database Mirror question (From:SQL Server Database Engine)
    Tuesday, August 23, 2011 7:58 AM

Answers

  • Hi,

    When using Windows Authentication, if the server instances use different accounts, specify the service accounts for SQL Server. These service accounts must all be domain accounts (in the same or trusted domains).

    If all the server instances use the same domain account or use certificate-based authentication, leave the fields blank. Simply click Finish, and the wizard automatically configures the accounts based on the account of the current wizard.

     

    Important noteImportant

    If the database mirroring endpoints of the server instances are configured to use certificates, you must leave the service account fields empty.

    Principal

    Specify the service account of the principal server instance. Enter the domain name in upper case:

    DOMAINNAME\username

    Mirror

    Specify the service account of the mirror server instance. Enter the domain name in upper case:

    DOMAINNAME\username

     

    Please check out the below link for configuring database mirroring using SSMS:

    http://msdn.microsoft.com/en-us/library/ms188712.aspx

     



    Regards, Vishal Srivastava
    • Proposed as answer by Peja Tao Thursday, August 25, 2011 5:14 AM
    • Marked as answer by Peja Tao Thursday, September 1, 2011 2:04 AM
    Tuesday, August 23, 2011 8:18 AM
  • Types of startup  SQL server accounts:

    Local User Account: This user account is created in your server where SQL Server is installed, this account does not have access to network resources.

    Local Service Account: This is a builtin windows account that is available for configuring services in windows. This account has permissions as same as accounts that are in the users group, thus it has limited access to the resources in the server. This account is not supported for SQL SERVER and AGENT services.

    Local System Account: This is a builtin windows account that is available for configuring services in windows. This is a highly privileged account that has access to all resources in the server with administrator rights.

    Network Service Account: This is a builtin windows account that is available for configuring services in windows. This has permissions to access resources in the network under the computer account.

    Domain Account: This account is a part of your domain that has access to network resources for which it is intended to have permission for. It is always advised to run SQL Server and related services under a domain account with minimum privilege need to run SQL Server and its related services.

    Where can you see the Local System, Local Service and Network Service accounts? These are windows in-built accounts that are part of the operating system and assigned to the users, you cannot use the account to login to the system, these accounts are meant to be used for securing and authentication mechanism.

    A service account is a user account that is created explicitly to provide a security context for services running on Microsoft® Windows® Server 2003.  Administrators can manage service accounts individually to determine the level of access for each application pool in a distributed environment.

    Use Active Directory Users and Computers to create service accounts in the Active Directory® directory service. Use Computer Management to create local service accounts on a local computer.


     


    http://uk.linkedin.com/in/ramjaddu
    • Proposed as answer by Peja Tao Thursday, August 25, 2011 5:14 AM
    • Marked as answer by Peja Tao Thursday, September 1, 2011 2:04 AM
    Tuesday, August 23, 2011 6:53 PM

All replies

  • Hi,

    When using Windows Authentication, if the server instances use different accounts, specify the service accounts for SQL Server. These service accounts must all be domain accounts (in the same or trusted domains).

    If all the server instances use the same domain account or use certificate-based authentication, leave the fields blank. Simply click Finish, and the wizard automatically configures the accounts based on the account of the current wizard.

     

    Important noteImportant

    If the database mirroring endpoints of the server instances are configured to use certificates, you must leave the service account fields empty.

    Principal

    Specify the service account of the principal server instance. Enter the domain name in upper case:

    DOMAINNAME\username

    Mirror

    Specify the service account of the mirror server instance. Enter the domain name in upper case:

    DOMAINNAME\username

     

    Please check out the below link for configuring database mirroring using SSMS:

    http://msdn.microsoft.com/en-us/library/ms188712.aspx

     



    Regards, Vishal Srivastava
    • Proposed as answer by Peja Tao Thursday, August 25, 2011 5:14 AM
    • Marked as answer by Peja Tao Thursday, September 1, 2011 2:04 AM
    Tuesday, August 23, 2011 8:18 AM
  • Types of startup  SQL server accounts:

    Local User Account: This user account is created in your server where SQL Server is installed, this account does not have access to network resources.

    Local Service Account: This is a builtin windows account that is available for configuring services in windows. This account has permissions as same as accounts that are in the users group, thus it has limited access to the resources in the server. This account is not supported for SQL SERVER and AGENT services.

    Local System Account: This is a builtin windows account that is available for configuring services in windows. This is a highly privileged account that has access to all resources in the server with administrator rights.

    Network Service Account: This is a builtin windows account that is available for configuring services in windows. This has permissions to access resources in the network under the computer account.

    Domain Account: This account is a part of your domain that has access to network resources for which it is intended to have permission for. It is always advised to run SQL Server and related services under a domain account with minimum privilege need to run SQL Server and its related services.

    Where can you see the Local System, Local Service and Network Service accounts? These are windows in-built accounts that are part of the operating system and assigned to the users, you cannot use the account to login to the system, these accounts are meant to be used for securing and authentication mechanism.

    A service account is a user account that is created explicitly to provide a security context for services running on Microsoft® Windows® Server 2003.  Administrators can manage service accounts individually to determine the level of access for each application pool in a distributed environment.

    Use Active Directory Users and Computers to create service accounts in the Active Directory® directory service. Use Computer Management to create local service accounts on a local computer.


     


    http://uk.linkedin.com/in/ramjaddu
    • Proposed as answer by Peja Tao Thursday, August 25, 2011 5:14 AM
    • Marked as answer by Peja Tao Thursday, September 1, 2011 2:04 AM
    Tuesday, August 23, 2011 6:53 PM
  • There are a few Services Accounts when intall MS SQL Server.

    In Configuration Manager it shows a Service Account for SQL Server (Database Engine), others for Analysis Services, Reporting services and Agent.

    Is it correct that we must use a Service Account for SQL Server (Database Engine) ?

    Thursday, August 25, 2011 7:34 AM
  • I would suggest you to create separate service account for each service - ie sql server, analysis server, integration service, reporting service, sql browser and SQL Agent should have individual service accounts( full textlog can use sql service account most cases)



    http://uk.linkedin.com/in/ramjaddu
    Thursday, August 25, 2011 1:41 PM