Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

AlwaysOn AG failed over changed sql user passwords??? Expand / Collapse
Author
Message
Posted Wednesday, July 30, 2014 8:49 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, September 18, 2014 10:25 AM
Points: 301, Visits: 595
I had a failover occur last night on my AlwaysOn AG, the SQL accounts had to have the passwords re-entered in order to connect to the databases, has anyone else ran into this issue?

1. I checked the SIDS, they match
2. both accounts have sysadmin rights, I know, I don't like it either but the apps will not run without it.
3. Only a few people have access to the SQL servers, right now, they all deny changing the password,


MCSA SQL Server 2012
Post #1597783
Posted Wednesday, July 30, 2014 12:57 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 11:37 AM
Points: 5,879, Visits: 13,009
do you use the transfer logins task to copy them across? that randomises the passwords.

---------------------------------------------------------------------

Post #1597915
Posted Wednesday, July 30, 2014 1:11 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, September 18, 2014 10:25 AM
Points: 301, Visits: 595
When they were created about a month ago, I used sp_help_revlogin. I scripted out the users on the old server, created on the primary node, used sp_help_revlogin to get the creation script with the SID, created on the secondary node. This happened twice when the Availability Group failed over to the secondary node. The application could not login. I had to update the password on the SQL users.

MCSA SQL Server 2012
Post #1597923
Posted Wednesday, July 30, 2014 1:32 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 10:00 AM
Points: 6,488, Visits: 13,963
lkennedy76 (7/30/2014)
When they were created about a month ago, I used sp_help_revlogin. I scripted out the users on the old server, created on the primary node, used sp_help_revlogin to get the creation script with the SID, created on the secondary node. This happened twice when the Availability Group failed over to the secondary node. The application could not login. I had to update the password on the SQL users.

What sql version os the old server?
The encryption has changed in sql server 2012.


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1597932
Posted Wednesday, July 30, 2014 1:37 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, September 18, 2014 10:25 AM
Points: 301, Visits: 595
Hey Perry,

We went from SQL08R2 P-V one node cluster, I know, I know, before me, to SQL 2012 AlwaysOn.


MCSA SQL Server 2012
Post #1597934
Posted Wednesday, July 30, 2014 1:52 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 10:00 AM
Points: 6,488, Visits: 13,963
If you ran sp_help_religion on a 2008 instance and moved to 2012 the passwords would be lost due to the changes in encryption.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1597945
Posted Wednesday, July 30, 2014 2:02 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, September 18, 2014 10:25 AM
Points: 301, Visits: 595
Hey Perry,

SO I can create the users and it will work until a failover? Also I only used sp_help_revlogin on node one to create user on node two. I scripted out the user on SQL 08R2 and re-created the user on node one for SQL 2012.


MCSA SQL Server 2012
Post #1597957
Posted Friday, August 1, 2014 7:27 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, September 18, 2014 10:25 AM
Points: 301, Visits: 595
Any other ideas?

MCSA SQL Server 2012
Post #1598680
Posted Friday, August 1, 2014 7:35 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 4:44 AM
Points: 2,397, Visits: 2,935
This is the script I use to genereate the CREATE LOGIN code:
select
sp.name
, sp.type_desc
, 'CREATE LOGIN [' + sp.name + '] '
+ case when sp.type in ('U', 'G')
then 'FROM WINDOWS '
else ''
end
+ 'WITH '
+ case when sl.password_hash IS NOT NULL
then 'PASSWORD = ' + convert(nvarchar(max), password_hash, 1) + ' HASHED, '
else ''
end
+ 'DEFAULT_DATABASE = [' + ISNULL(sp.default_database_name, 'master') + '] '
+ ISNULL(', DEFAULT_LANGUAGE = [' + sp.default_language_name + '] ', '')
+ CASE WHEN sp.type_desc = 'SQL_LOGIN'
THEN ', CHECK_EXPIRATION = ' + case is_expiration_checked when 0 then 'OFF, ' else 'ON, ' END
+ 'CHECK_POLICY = ' + case is_policy_checked when 0 then 'OFF, ' else 'ON, ' END
+ 'SID = ' + convert(nvarchar(max), sp.sid, 1)
ELSE ''
END
+ case when sp.is_disabled = 'TRUE'
then ';ALTER LOGIN [' + sp.name + '] DISABLE'
else ''
end
as create_stmt
from master.sys.server_principals sp -- get all logins from [server_principals]
left outer join master.sys.sql_logins sl -- and get some additional information from [sql_logins]
on sp.principal_id = sl.principal_id
and sp.type = sl.type



** Don't mistake the ‘stupidity of the crowd’ for the ‘wisdom of the group’! **
Post #1598686
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse