Really would appreciate some advice on this problem. I have a cluster, CORPUSGA and a stand alone server CORPUSAPP22. CORPUSAPP22 has a linked server set up to CORPUSGA using 'sa' as the security context. Within a stored procedure I am running a SELECT to CORPUSGA.msdb.dbo.sysjobs.
When this is run from Query Analyzer it is fine and runs under the 'dbo' security context, but when is is run under xp_sendmail that uses the SQL Agent's security context (a domain account called
IntServiceGA) it fails with this message:
ODBC error 7410 (42000) Remote access not allowed for Windows NT user activated by SETUSER.
For the following command:
exec master.dbo.xp_sendmail
@.recipients = 'stelzner_eve@.emc.com;dabas_ravi@.emc.com;bergin_gi llian@.emc.com;lynch_eoin@.e
mc.com;sherman_ nancy@.emc.com',
@.message = @.email,
@.query = @.query_text,
@.no_header = 'true',
@.width=80,
@.subject = 'Job Failed on CORPUSGA ',
@.attach_results = 'true',
@.set_user = 'dbo'
Where @.query_text is something like "select * from CORPUSGA.msdb.dbo.sysjobs"
The IntServiceGA account is identical on both servers and is in the local administrators group on both servers and is in the system administrators role within SQL Server, has access to the database and sysjobs has granted permissions to IntServiceGA (SELECT, INSERT,UPDATE,DELETE).
When I run profiler against this, it tries to execute under IntServiceGA (an Windows authentication account) and then tries to SETUSER to sa . This is what it objects to the switching. I have tried to set up the IntServiceGA as the security context for the linked server too and this does not work, same error.
Any help would be great,
Thanks,
EveWhy do you need @.set_user if SQLAgent service account is already in sysadmin server role?|||I have another stored procedure that uses this and it works with the
@.set_user on this one. However, whether I leave it in or take out the
@.set_user parameter it still fails. Any ideas?
Thanks,
Eve|||Try to run your xp_sendmail after doing SETUSER 'DOMAIN_NAME\IntServiceGA' and see what you get.|||no go, using the SETUSER prior to the xp_sendmail still netted the
same results? Do you know what generates this message- NT or SQL?|||It's NT. It just proved that your SQLAgent account is lacking some rights. Was mail profile setup using SQLAgent service account?|||Yes, the profile was set up on both servers from the
corp\IntServiceGA account that is a local admin on
the both servers. Are there additional policies that need
to be put on for this account that are not in the default?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment