July 30, 2014 at 8:49 am
I had a failover occur last night on my AlwaysOn AG, the SQL accounts had to have the passwords re-entered in order to connect to the databases, has anyone else ran into this issue?
1. I checked the SIDS, they match
2. both accounts have sysadmin rights, I know, I don't like it either but the apps will not run without it.
3. Only a few people have access to the SQL servers, right now, they all deny changing the password, :angry:
MCSE SQL Server 2012\2014\2016
July 30, 2014 at 12:57 pm
do you use the transfer logins task to copy them across? that randomises the passwords.
---------------------------------------------------------------------
July 30, 2014 at 1:11 pm
When they were created about a month ago, I used sp_help_revlogin. I scripted out the users on the old server, created on the primary node, used sp_help_revlogin to get the creation script with the SID, created on the secondary node. This happened twice when the Availability Group failed over to the secondary node. The application could not login. I had to update the password on the SQL users.
MCSE SQL Server 2012\2014\2016
July 30, 2014 at 1:32 pm
lkennedy76 (7/30/2014)
When they were created about a month ago, I used sp_help_revlogin. I scripted out the users on the old server, created on the primary node, used sp_help_revlogin to get the creation script with the SID, created on the secondary node. This happened twice when the Availability Group failed over to the secondary node. The application could not login. I had to update the password on the SQL users.
What sql version os the old server?
The encryption has changed in sql server 2012.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
July 30, 2014 at 1:37 pm
Hey Perry,
We went from SQL08R2 P-V one node cluster, I know, I know, before me, to SQL 2012 AlwaysOn.
MCSE SQL Server 2012\2014\2016
July 30, 2014 at 1:52 pm
If you ran sp_help_religion on a 2008 instance and moved to 2012 the passwords would be lost due to the changes in encryption.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
July 30, 2014 at 2:02 pm
Hey Perry,
SO I can create the users and it will work until a failover? Also I only used sp_help_revlogin on node one to create user on node two. I scripted out the user on SQL 08R2 and re-created the user on node one for SQL 2012.
MCSE SQL Server 2012\2014\2016
August 1, 2014 at 7:27 am
Any other ideas?
MCSE SQL Server 2012\2014\2016
August 1, 2014 at 7:35 am
This is the script I use to genereate the CREATE LOGIN code:
select
sp.name
, sp.type_desc
, 'CREATE LOGIN [' + sp.name + '] '
+ case when sp.type in ('U', 'G')
then 'FROM WINDOWS '
else ''
end
+ 'WITH '
+ case when sl.password_hash IS NOT NULL
then 'PASSWORD = ' + convert(nvarchar(max), password_hash, 1) + ' HASHED, '
else ''
end
+ 'DEFAULT_DATABASE = [' + ISNULL(sp.default_database_name, 'master') + '] '
+ ISNULL(', DEFAULT_LANGUAGE = [' + sp.default_language_name + '] ', '')
+ CASE WHEN sp.type_desc = 'SQL_LOGIN'
THEN ', CHECK_EXPIRATION = ' + case is_expiration_checked when 0 then 'OFF, ' else 'ON, ' END
+ 'CHECK_POLICY = ' + case is_policy_checked when 0 then 'OFF, ' else 'ON, ' END
+ 'SID = ' + convert(nvarchar(max), sp.sid, 1)
ELSE ''
END
+ case when sp.is_disabled = 'TRUE'
then ';ALTER LOGIN [' + sp.name + '] DISABLE'
else ''
end
as create_stmt
from master.sys.server_principals sp-- get all logins from [server_principals]
left outer join master.sys.sql_logins sl-- and get some additional information from [sql_logins]
on sp.principal_id = sl.principal_id
and sp.type = sl.type
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply