May 2, 2012 at 11:57 am
I have two domain accounts used as SQL service accounts, Domain\dev and Domain\prod. When I execute sp_Send_DBMail with the @query parameter as Domain\prod, I receive the following error, but I don't receive the error under the Domain\dev account. The accounts have the same local and domain privileges.
Error: Could not obtain information about Windows NT group/user 'Domain\User', error code 0x5.
Through researching this issue, I have tried adding the prod user to the following groups with no success, Windows Authorization Access Group, Pre-Windows 2000 Compatible Access, and the Local Admins group. The issue seems to point towards a problem with executing the SP, xp_logininfo 'Domain\User'. I confirmed I get a very similar error when I run this command as Domain\prod. Once again, if the service is running under Domain\dev, the SP executes successfully.
I also made a copy of the dev user to test with, but the copied user heeds the same errors as prod.
I am not sure what is causing the user to need this access, as this user is running our production environment with no problems (except for this one).
All suggestions or comments are welcome.
May 2, 2012 at 12:12 pm
You said Domain\dev and Domain\prod, is everything in one domain? In other words, it's not actually DomainA\dev and DomainB\prod?
K. Brian Kelley
@kbriankelley
May 2, 2012 at 12:26 pm
The two service accounts are on the same domain. The user I am signed in as is on another domain, but this user is a sysadmin.
Note: If I sign in as sa, sp_send_dbmail works fine, even with the service is running under the prod user. I assume this is because it does not do a domain authentication check, but that is a guess.
May 2, 2012 at 12:34 pm
So there are two domains.
The domain your user account is in is obviously trusted by the domain where the service accounts reside. However, is the reverse set up? If not, it's a known issue.
How to troubleshoot a SQL Server 8198 error
K. Brian Kelley
@kbriankelley
May 2, 2012 at 2:07 pm
It is a one way trust. I have read this article. This does not explain why the dev account works.
May 8, 2012 at 10:36 am
I figured it out. There is a legacy dev user on the untrusted domain with the same un and pw. I created the prod user on the untrusted domain with the same un and pw, and everything works. The one thing I am troubled with is the fact that the query only fails if I attach a query. Below is the query that fails. If I remove the @query parameter, the SP works. The query I tested with is just "Select 1". What is causing the SP to try to contact the other domain when this is run in a job owned by the sa user?
EXEC msdb.dbo.sp_Send_DBMail
@profile_name = 'Mail' ,
@recipients = 'email@address.com' ,
@subject = 'Test' ,
@query = 'Select 1' ,
@body = 'Test'
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply