Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Sql Server 2005 Clustering Expand / Collapse
Author
Message
Posted Tuesday, October 09, 2007 5:17 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, April 11, 2014 7:29 AM
Points: 127, Visits: 515
Hi Everybody,

We have a cluster service accout used to create a Windows cluster and also the service account runs on this account and it's a local admin on the box.

I installed sql server cluster and all the sql service accounts use a different account after installing sql i removed built in admins and now i am testing failover sql server is not coming up and saying login failed for 'cluster service account' and i am not sure why it's using that account.

Please let me know if the cluster service account should have acces to sql server ...if so why.

Thanks in Advance.
Chinn



Post #408390
Posted Tuesday, October 09, 2007 5:56 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Wednesday, April 16, 2014 1:08 AM
Points: 2,674, Visits: 695
you have to be careful removing builtin admins ona cluster - there's some KB articles about this try KB 263712

The GrumpyOldDBA
www.grumpyolddba.co.uk
http://sqlblogcasts.com/blogs/grumpyolddba/
Post #408401
Posted Tuesday, October 09, 2007 8:53 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, January 23, 2013 9:22 AM
Points: 1,062, Visits: 355
If you remove builtin admin, it won't work. Cluster is one of the beast that won't function well. I would say that it is one of the exception that is different then regular install.


sopheap



Post #408525
Posted Tuesday, October 09, 2007 9:08 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Thursday, April 17, 2014 10:19 AM
Points: 2,165, Visits: 1,918
I have removed the builtin account on my clusters and it works. The cluster account must be made sysadmin as is the account the runs SQL and SQL Agent



Francis
Post #408534
Posted Tuesday, October 09, 2007 9:17 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, April 11, 2014 7:29 AM
Points: 127, Visits: 515
Thanks for the input guys...
That's what i did ..i added both cluster service account and the service account that runs sql server as sysadmin in sql server...

Thanks.



Post #408539
Posted Wednesday, October 10, 2007 6:36 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: 2 days ago @ 7:41 AM
Points: 6,621, Visits: 1,852
fhanlon (10/9/2007)
I have removed the builtin account on my clusters and it works. The cluster account must be made sysadmin as is the account the runs SQL and SQL Agent


The Microsoft guidance on this has changed. The cluster account must be able to login but it doesn't need to be a member of the sysadmin fixed server role:

How to impede Windows NT administrators from administering a clustered instance of SQL Server (SQL Server 7.0 and 2000)

Before Installing Failover Clustering (SQL Server 2005) - See section Configure Microsoft Cluster Service.


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #409315
Posted Thursday, October 11, 2007 7:05 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, April 11, 2014 7:29 AM
Points: 127, Visits: 515
Brian,

Does it mean just add a login with no permissions?

Thanks,



Post #409503
Posted Wednesday, October 17, 2007 1:28 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: 2 days ago @ 7:41 AM
Points: 6,621, Visits: 1,852
I believe so. One way to test is to create a login with no permissions and run SELECT @@SERVERNAME and see if it can execute it. It should be able to do so as any login should be placed in the public role automatically.


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #411898
Posted Wednesday, October 17, 2007 2:14 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, April 11, 2014 7:29 AM
Points: 127, Visits: 515
Thanks Very Much!


Post #411920
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse