January 5, 2009 at 1:12 pm
I know this maybe not a right place to ask this question. but somebody maybe came accoss this error before. please help me.
One new windows user added to domaim controller. very brand new. not rename from old user/account. From Domain server, I Can see this user. I can schedule a meeting with this user.
when I added this user to SQL server 2000, I can select from dropdown list , but when I click ok, it saids, "the login 'domainname\username' does not exist. error 15401". same thing happened when I used sp_grantlogin.
the following way I have tried:
1. SELECT name FROM sysxlogins WHERE sid = SUSER_SID('domainname\username')
no record returned.
2. database is case insensitive.
3. add registry key to set LaslookupCacheMaxSize=0 in SQL server 2000 server, in my computer, in user computer.
no working.
please advise me what I should do.
Thanks
January 5, 2009 at 2:07 pm
Could you retrieve the SID from AD and then see if there is a matching SID within sysxlogins, just as a confirmation of it not existing?
January 5, 2009 at 2:19 pm
Thanks for your reply.
I have permision to logon to AD server. But I don't know how to retrieve SID for this user.
Another thing I just noticed is that error in SQL server event log. "The Group Policy client-side extension Folder Redirection was passed flags (0) and returned a failure status code of (53). "
I guess maybe it is related to error 15401.
January 6, 2009 at 6:10 am
I'm not sure that the client-side redirection is a part of the problem, that is usually related to redirecting folders to other locations (for example putting your "my documents" folder out on a network drive to simplify backup solutions).
Is there anything in the windows or system logs on that server?
As for a way to check the SID. Well this is one heck of a mess, but it will check the SID of an individual user within the sysxlogins table (it could be adjusted for a group).
You'll need to add a linked server to your domain first and set the security
EXEC sp_addlinkedserver 'ADSI', 'Active Directory Services',
'ADSDSOObject', '-your domain-'
GO
exec sp_addlinkedsrvlogin
'adsi',
false,
'-sqlServerUser-',
'-domainName\userName-',
'-domainUserPassword-'
go
Then run the query. This part is not pretty, but it works. The are folks who could snap this together nicely in a second, I am not so good at that 😉
set nocount on
declare @sql varchar(2000)
declare @name varchar(200)
set @name = '-nt account id to check-'
select @sql = ' select
rtrim(samaccountname) as LoginName
, dbo.fn_varbintohexstr(objectSid)as AcctSID from openquery
(ADSI, ''SELECT
samaccountname
,objectSid
FROM
''''LDAP://yourLDAP''''
WHERE
objectCategory=''''Person''''
and samaccountname = ''''' + @name + '*'''''')'
exec(@sql)
--this is the ugly part, you'll need to copy the value returned from the openquery
--and paste it in here
select top 10* from sysxlogins where sid = -paste here-
January 6, 2009 at 10:14 am
I didn't get SID using your query, just return empty recordset. I guess I passed the wrong parameter.
I still try to get result from your query. actually it is the first time I know I can add AD server as SQL server link server. that is amazing. I will read more Docs.
But the good news is the problem got solved. The reason is my SQL server can't access policy folder in AD Server. this error shows up in Event application log. When I type \\DomainName from RUN, it said Path not found. after fixed this, every thing is working.
The error in Event application log:
Event Type:Error
Event Source:Userenv
Event Category:None
Event ID:1000
Date:1/6/2009
Time:10:20:57
User:NT AUTHORITY\SYSTEM
Computer:MYSQLServer
Description:
Windows cannot access the registry information at \\DomainName\sysvol\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User\registry.pol with (53).
January 6, 2009 at 10:18 am
Awesome stuff. Man I hate group policies.
March 26, 2009 at 4:17 pm
I have exactly the same problem.
How dou you solve it?
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply