August 15, 2003 at 2:16 pm
In our clustered sql server environment. I tried to lock out the ClusterAdmin from sysadmin and now the sql server will not start. The error in the sql server error log is this:
Login failed for user 'OSCORP\ClusterAdmin'.
Can someone help!
Thanks,
KP
August 15, 2003 at 2:32 pm
This is a known no-no because the SQL Server will attempt to startup in a pending state and eventually fail as you've seen. The cluster account must be a sysadmin. This article discusses what you can and cannot do:
http://www.sqlservercentral.com/columnists/bkelley/sqlserversecuritysecurityadmins.asp
Now, to your issue at hand. This might require a call to Microsoft PSS. But if you have another Windows account (domain level) you know has sysadmin rights (perhaps your own), there may be a work around. I've not tried this, so discuss with your cluster administrators first and assess the risk.
1) Make sure the domain account that has sysadmin access is an administrator on all the nodes. Other permissions might be required as well. See the KB article I'm citing at the end.
2) Change the cluster service to run under that domain account.
3) Restart the cluster and see if you can restart SQL Server.
4) Add the OLD cluster account back in SQL Server and make it sysadmin. This is required.
5) Reset the cluster account back to what it was.
6) Restart everything and verify SQL Server comes up.
Be aware of the following (you'll want to read this before performing any of the steps):
http://support.microsoft.com/default.aspx?scid=kb;en-us;269229
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
August 15, 2003 at 6:52 pm
Thanks, I will give this a try. I enjoyed your article and your advise was perfect. I will let you know how I make out.
Great forum!
Kphelps
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply