Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

SQL Agent cannot start Expand / Collapse
Author
Message
Posted Wednesday, October 3, 2012 9:13 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: 2 days ago @ 5:52 AM
Points: 369, Visits: 1,215
After clean install of SQL Server 2012 RTM Developer edition, SQL Agent fails to start with "access denied" error.
The default user setup has set is "NT SERVICE\SQLSERVERAGENT".
When I change the agent user to LOCALSYSTEM, it can start without problems.

I checked windows permission in local security policy for "NT SERVICE\SQLSERVERAGENT", and they are ok. Also, that account is sysadmin in sql. Obviously, some permission is not set correctly by installer, but I don't know what else to check.


_____________________________________________________
Microsoft Certified Master: SQL Server 2008
XDetails Addin - for SQL Developers
blog.sqlxdetails.com - Transaction log myths
Post #1367772
Posted Wednesday, October 3, 2012 9:16 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 13,872, Visits: 9,596
Is the computer part of an AD network that might deny permissions, even if they're okay locally? I think that can be done.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1367778
Posted Thursday, October 4, 2012 2:49 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: 2 days ago @ 5:52 AM
Points: 369, Visits: 1,215
Thanks. Computer is on a domain, but none of the required privileges is denied from AD.
I also checked folder permission, as stated in doc here: http://msdn.microsoft.com/en-us/library/ms143504%28v=SQL.110%29.aspx

And found that this permissions were missing (for some reason, they were NOT set by the installer):

Instid\MSSQL\Log - Delete
110\com - Read, Execute
110\shared - Read, Execute
110\shared\Errordumps - Read, Write
ServerName\EventLog - Full control - CANNOT FIND THAT FOLDER - DOES NOT EXISTS?

Where that "EventLog" map should be ?


_____________________________________________________
Microsoft Certified Master: SQL Server 2008
XDetails Addin - for SQL Developers
blog.sqlxdetails.com - Transaction log myths
Post #1368238
Posted Thursday, October 4, 2012 3:19 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 6:19 AM
Points: 5,216, Visits: 5,109
NT SERVICE\SQLSERVERAGENT is the virtual group which the account running the SQL Agent Service is granted access to so that you dont have to mess with SQL permissions.

From what I remember you cannot set a service to run as this virtual account.

What account is running the service?




Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger

Post #1368251
Posted Thursday, October 4, 2012 5:49 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: 2 days ago @ 5:52 AM
Points: 369, Visits: 1,215
After the initial setup, virtual account "NT SERVICE\SQLSERVERAGENT" was set to run sql agent service, as default.
But, under that account sql agent would not start (access denied).
After I changed to "LOCALSYSTEM", sql agent service started successfully.
If I try to change back to "NT SERVICE\SQLSERVERAGENT" I get "Access denied" as soon as I click on "Apply" button in the service "Log On" dialog.
Even though I got "access denied" the account indeed was changed from "LOCALSYSTEM" to "NT SERVICE\SQLSERVERAGENT",
but cannot start (Access denied).

Just for the test, i tried to give "Full control" on all drive letters to "NT SERVICE\SQLSERVERAGENT",
and still got "Access denied" from the sql agent service.
Although I could not give full control to Program Files, Program Files (x86), and Windows - "Access denied".
I am logged-in windows with my domain account which has local admin rights.

I even tried with SUBINACL:


C:\Program Files (x86)\Windows Resource Kits\Tools>Subinacl /service eventlog /grant=SQLSERVERAGENT=S
eventlog : new ace for nt service\sqlserveragent
eventlog : 1 change(s)


Elapsed Time: 00 00:00:00
Done: 1, Modified 1, Failed 0, Syntax errors 0
Last Done : eventlog

C:\Program Files (x86)\Windows Resource Kits\Tools>


But still cannot start agent service. Note "1, Failed" in the suinacl output.

Do you know where the map "ServerName\EventLog" should be, or is on your server?
Maybe that would help, because it seems I don't have that folder at all (Win7 64bit).


_____________________________________________________
Microsoft Certified Master: SQL Server 2008
XDetails Addin - for SQL Developers
blog.sqlxdetails.com - Transaction log myths
Post #1368321
Posted Thursday, October 4, 2012 5:57 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 6:19 AM
Points: 5,216, Visits: 5,109
Please attach a screen shot of how you are managing to assign nt service\sqlserveragent to run the service within SQL config manager or services.msc as I cannot replicate it.



Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger

Post #1368325
Posted Thursday, October 4, 2012 7:32 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: 2 days ago @ 5:52 AM
Points: 369, Visits: 1,215
Click "Browse", and type a user. Change location to local host, then "Check names":



Click OK. Leave blank password:



If I click "OK" or "Apply", I receive "Access denied" immediately.
Service account is changed, but service cannot start.


_____________________________________________________
Microsoft Certified Master: SQL Server 2008
XDetails Addin - for SQL Developers
blog.sqlxdetails.com - Transaction log myths
Post #1368396
Posted Thursday, October 4, 2012 7:35 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 6:19 AM
Points: 5,216, Visits: 5,109
Yes that is the problem, NT SERVICE\SQLSERVERAGENT your referencing is not an account is a virtual group, you need to specify an account not a group to run a service.

What ever account you specify in the service gets added to that group.




Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger

Post #1368400
Posted Friday, October 5, 2012 1:18 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: 2 days ago @ 5:52 AM
Points: 369, Visits: 1,215
Virtual account NT Service\SQLSERVERAGENT is the default account installer sets for sql agent, out of the box.
There is no reason that this account should not work.
For example, NT Service\MSSQLSERVER is default virtual account for sql engine and it is happily running under it,
as you can see on this screenshot:



Agent cannot start, and does not even generate SQLAGENT.OUT file.
That account has appropriate permission on the SQLAGENT.OUT file and the LOG map.
Could it be something with AD ?


_____________________________________________________
Microsoft Certified Master: SQL Server 2008
XDetails Addin - for SQL Developers
blog.sqlxdetails.com - Transaction log myths
Post #1368849
Posted Tuesday, February 26, 2013 9:10 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, October 23, 2013 2:43 AM
Points: 1, Visits: 19
All,

I have the same problem. Can anyone help ?

Angus
Post #1424318
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse