June 15, 2010 at 11:12 am
1. The account domain\service is member of administrator group on the machine.
2. Added domain\service to sql server as sysadmin
3. Added domain\service to database
3.Created credential with domain\service
4. Created proxy using credential. Now when I run the job with this proxy I get the error, "the user is not allowed to log on to machine".
I am able to run the job if I use my account in credential. Not much help available on internet, but seems this should be common problem
June 15, 2010 at 1:23 pm
I'm going to go out on a limb and say that you have usernames/passwords in a connection string? If so then the package can ONLY run successfully as you. Due to how the credential data is encrypted.
Items 2-4 should not be necessary. As I read your post the domain\user is part of the Administrators group on the machine, this is what SQL and SQL Agent use to login? If so then by default they will have sysadmin rights in SQL, in SQL 2008 they wouldn't automagically have those rights but in 2005 they do. Because of this any SQL Agent job running as "sa" will run as the domain\user and have GOD rights on the server.
You have a couple options (there are actually several but I am only going to cover a couple). Use trusted security, enter connection information overrides in the SQL Agent Job, or use package configs.
These would be my suggestions.
CEWII
June 17, 2010 at 2:19 pm
Thanks for the reply. The error occured, because the service account was not added in active directory.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply