March 31, 2005 at 9:31 pm
Having issues with sp_grantlogin when trying to add a domain user or group account. Getting a 15401 error.
I have tried all the MSKB articles.
Services are running as a domain admin account and the server (win 2000) is a member of the domain. I can search AD from the server and some domain user accounts do actually get added, just not the ones i want of course.
I know it is not a case sensitive issue as i have added some accounts using incorrect case.
Have many other servers running SQL 2000 which i can add the users and group accounts to without error.
Any Help? Cheers!
March 31, 2005 at 9:41 pm
A couple of things to look at that I've seen cause issues such as these:
Time on the SQL Server is within 5 minutes of the time on all DCs?
SQL Server able to find DCs properly using DNS/WINS?
K. Brian Kelley
@kbriankelley
March 31, 2005 at 9:46 pm
time is sycronised between all servers and DNS resolution to all domain controllers is working
March 31, 2005 at 9:59 pm
Is there anything different in AD between the groups you are able to add and the ones you aren't? Different OUs, different permissions on the object, etc.? Any audit failure errors in the security event log on the DCs related to the SQL Server service account?
K. Brian Kelley
@kbriankelley
March 31, 2005 at 10:20 pm
No the users have the same properties and permissions. There are users in the same OU and in different OU's it does not make a difference.
No no audit failures for SQL service account.
The only thing i can think of doing is disjoining the server from the domain, deleting its computer account and rejoining to the domain again.
March 31, 2005 at 10:26 pm
Sounds highly unusual. Same thing occur say if you try and add the user or group to the Users group for the local server (say through Computer Management, not in SQL Server)?
K. Brian Kelley
@kbriankelley
March 31, 2005 at 10:41 pm
Adding a domain user/group to a local SAM group works. But as i checked the group after adding, it reports only the SID for the AD Users/Groups with the ghost head thingy
March 31, 2005 at 11:09 pm
Yup. Try removing and readding from the domain. Perhaps the computer account is corrupt (though you should see this in the DC event logs). Any case, make sure you know the local administrator login and password before you move it to a workgroup.
K. Brian Kelley
@kbriankelley
April 7, 2005 at 2:35 am
Just to let you know,
I disjoined from domain, deleted computer account, rejoined to domain and this fixed the problem
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply