|
|
|
Valued Member
 
Group: General Forum Members
Last Login: Monday, September 21, 2009 9:59 PM
Points: 56,
Visits: 131
|
|
SQL 2005, Windows 2008 clustered
when I run xp_logininfo I get the list of all the accounts.
when I run xp_logininfo 'domain\agentaccount'
I get Could not obtain information about Windows NT group / user error code 0x5
I also find in the server security log that the SQL service account has failed to login.
SQL and the agent are both running fine.
xp_logininfo sql service account
works fine.
The source of the problem was a db_mail which has a query attached. Works fine for my windows account and others but not for the agent.
|
|
|
|
|
SSCertifiable
Group: General Forum Members
Last Login: Yesterday @ 2:46 PM
Points: 7,642,
Visits: 4,157
|
|
Is the agent account part of the domain, or is it a local account on the server?
- GSquared
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
|
|
|
|
|
Valued Member
Group: General Forum Members
Last Login: Monday, September 21, 2009 9:59 PM
Points: 56,
Visits: 131
|
|
The agent is part of the domain (it is a clustered instance).
The agent gains access via the domain group SQL_Agent.
Note that my account (which works fine) is a member of the DBA domain group (almost identical to the above group).
I have tried putting the agent into the DBA group with no success.
|
|
|
|
|
Forum Newbie
Group: General Forum Members
Last Login: Wednesday, November 04, 2009 3:21 PM
Points: 3,
Visits: 35
|
|
Simon - were you ever able to resolve this? I'm encountering the same problem and would love to know the solution, if there is one.
Thank you.
- Ken
|
|
|
|
|
Valued Member
Group: General Forum Members
Last Login: Monday, September 21, 2009 9:59 PM
Points: 56,
Visits: 131
|
|
Yes we did.
I don't remember how :) Give me a few hours to chase up the details.
I remember it ended up being a PSS fix which was nice to have them help.
Oh I remembered the PSS persons name and found the steps she recommended:
I suggest that you try to implement the below changes in AD:
1. Add the SQL service account (SVCNS02IS0V001SQL) into the Windows Authorization Access group
To add the SQL service account into the Windows Authorization Access group, do as follows:
- Open ADUC (Active Directory Users and Computers) console on a domain controller which hosts the user account - SVCNS02IS0V001AGT.
- Go to the Builtin container. Find Windows Authorization Access Group
- Open its properties. Under the Members tab, add the SQL service account into the list.
- Apply the changes.
- Restart the SQL service to re-logon the SQL service account.
- Check if the issue persists.
2. Also, confirm if the SVCNS02IS0V001SQL service account has at least Read permission on the user account object (SVCNS02IS0V001AGT) for this attribute:
Read tokenGroupsGlobalAndUniversal
|
|
|
|
|
Forum Newbie
Group: General Forum Members
Last Login: Wednesday, November 04, 2009 3:21 PM
Points: 3,
Visits: 35
|
|
Awesome. Thanks so much, Simon. Really appreciate the information and the quick response. I'll get my my AD admin and give it a try...
Thanks again...
- Ken
|
|
|
|
|
Forum Newbie
Group: General Forum Members
Last Login: Thursday, August 20, 2009 9:03 PM
Points: 3,
Visits: 28
|
|
|
|
|
