I am have a SQL 2000 SP4 Windows 2003 server setup in my dmz. This server
was setup to use 2 separate local accounts as recommended by MS best
practices. I also have a similar configuration on my LAO that uses 2 domain
accounts. None of the accounts are local admins. The domain SQL server
works perfectly. The DMZ SQL server will not run with 2 accounts - I get
the famous errors, 22022, 15401, and 17052. I have found many articles on
users with the same problem and that to fix the error the accounts must be
local admins or just use one account. I have gotten around the problem by
just using one account but can anyone explain why it works in the domain
with 2 accounts but not in a workgroup'
Thanks for any insight.Hi Bad,
Welcome.
From your description, one of the SQL Server which is setup to use two
accounts not work in your environment. Also if changed to single acount, it
works. For the two accounts, I'm not quite sure which two account setting
is SQL Server are the ones you mentioned. Are they the SQLServer db
service's running account or sql agent's account? If convenient, would you
please attach a screenshot of the two account configuration so that we can
get a clear view?
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)|||One account starts the MS SSQL service and one account is used for the SQL
agent.
"Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message
news:6mOZgPxJGHA.3680@.TK2MSFTNGXA02.phx.gbl...
> Hi Bad,
> Welcome.
> From your description, one of the SQL Server which is setup to use two
> accounts not work in your environment. Also if changed to single acount,
> it
> works. For the two accounts, I'm not quite sure which two account setting
> is SQL Server are the ones you mentioned. Are they the SQLServer db
> service's running account or sql agent's account? If convenient, would
> you
> please attach a screenshot of the two account configuration so that we can
> get a clear view?
> Regards,
> Steven Cheng
> Microsoft Online Support
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>|||Hi Bad,
Thanks for your followup.
I've also checked the error code you posted and it seems those error code
are specific to the SQL Mail which runs in the SQL Agent service.
Therefore, I think the problem here should be the account of the SQL Agent
service is not quite sufficient for performing all the tasks. And when you
change it to use the same account as the SQLServer database service's
account , it works (which pretend to indicate that we should configure them
to the same account), however, actually different accounts with sufficient
permission should also work.
Anyway, I think we may perform some further test on the SQL Agent's
security setting. For the problem SQL Agent account, I suggest you try
adding it into SQLServer's security logins and grant it SA role and restart
the SQL agent service to see whether it helps.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
No comments:
Post a Comment