locked
Two different service accounts on Acrive and Passive cluster node in sqlserver 2008 R2? RRS feed

  • Question

  • Is there any problem,if we start sqlserver services with different services accounts in Active and Passive cluster node.

    Thanks,

    Ron.

    Tuesday, December 4, 2012 4:37 AM

Answers

  • Ron,

    This depends. If you're talking about different instances of SQL Server installed then there won't be an issue assuming the same account is used for the same isntance on each node. If you're talking about using a different account for a single instance on two different nodes, then yes there would be a problem. SQL Server would probably not start or at least give errors around decrypting the service master key which is encrypted at the windows level by both the service account and the computer object, since these would both be different it would not be able to decrypt the SMK. This doesn't take into account other permissions needed by the service account, etc. So to recap, one account per instance is fine but multiple accounts per instance is not.

    -Sean


    Sean Gallardy | Blog | Twitter

    • Proposed as answer by Shulei Chen Wednesday, December 5, 2012 5:54 AM
    • Marked as answer by Allen Li - MSFT Tuesday, December 11, 2012 2:04 AM
    Tuesday, December 4, 2012 12:55 PM
    Answerer

All replies

  • no problem, but make sure these accounts have access and same rights like cluster account.

    Tuesday, December 4, 2012 5:56 AM
  • Ron,

    This depends. If you're talking about different instances of SQL Server installed then there won't be an issue assuming the same account is used for the same isntance on each node. If you're talking about using a different account for a single instance on two different nodes, then yes there would be a problem. SQL Server would probably not start or at least give errors around decrypting the service master key which is encrypted at the windows level by both the service account and the computer object, since these would both be different it would not be able to decrypt the SMK. This doesn't take into account other permissions needed by the service account, etc. So to recap, one account per instance is fine but multiple accounts per instance is not.

    -Sean


    Sean Gallardy | Blog | Twitter

    • Proposed as answer by Shulei Chen Wednesday, December 5, 2012 5:54 AM
    • Marked as answer by Allen Li - MSFT Tuesday, December 11, 2012 2:04 AM
    Tuesday, December 4, 2012 12:55 PM
    Answerer
  • Yes, agree with Sean. Also you may face lot of issues while applying service pack or some CU's
    Tuesday, December 4, 2012 1:06 PM