Post reply

xpsql.cpp: Error 87 from GetProxyAccount on line 6

  • March 5, 2003 at 2:51 pm

    #101398

    Hi,

    We are getting the error:

    -2147467259

    Microsoft OLE DB Provider for SQL Server

    xpsql.cpp: Error 87 from GetProxyAccount on line 604

    when attempting to execute (from an ASP page) a stored procedure which uses xp_cmdshell to write out a text file to a folder on the web server.

    We are running SQL Server 2000 on a Windows 2000 Server machine. The MSSQLSERVER service is started using a domain account which is a member of sysadmin and has administrator privileges. The MSSQLSERVERAGENT service has the checkbox "only users with sysadmin privileges can execute cmdexec and activescripting job stops" checked.

    When I change the ASP page to point to my database - SQL Server 2000 PE installed and running on a Win 2000 machine, the procedure executes successfully. On my development machine, the MSSQLSERVER service is set to 'system account' and the MSSQLSERVERAGENT is set to my login name/domain (by unchecking the checkbox referrred to above and clicking on Reset Proxy Account).

    I am not sure why the error is occurring but when I suggested to the network admins to create a proxy account they indicated that there are security concerns associated with a proxy account.

    Any insight/suggestions would be appreciated!

  • March 10, 2003 at 12:00 pm

    This was removed by the editor as SPAM

  • March 14, 2003 at 4:14 pm

    #451158

    Regarding:

    xpsql.cpp: Error 87 from GetProxyAccount on line 604

    This error seems to have been introduced with MSSQL 2000 SP 3.

    I was able to work around the problem with the following articles.

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=ecP8eNUyCHA.1120%40TK2MSFTNGP11

    -- From the above link. This allows proxy accounts to work. Can set from EM but interface requires setup of proxy account.

    EXECUTE master.dbo.xp_instance_regwrite N'HKEY_LOCAL_MACHINE',

    N'SOFTWARE\Microsoft\MSSQLServer\SQLServerAgent',

    N'SysAdminOnly',

    N'REG_DWORD',

    0

    -- Checks proxy sql admin setting. Can also verify from EM

    declare @sysadmin_only int

    EXECUTE master.dbo.xp_instance_regread N'HKEY_LOCAL_MACHINE',

    N'SOFTWARE\Microsoft\MSSQLServer\SQLServerAgent',

    N'SysAdminOnly',

    @sysadmin_only OUTPUT

    select @sysadmin_only

    -- Could have also used sp_get_sqlagent_properties & sp_set_sqlagent_properties

    http://cert.uni-stuttgart.de/archive/usenet/microsoft.public.sqlserver.security/2003/01/msg00596.html

    --From the above link. This sets the proxy account globally in EM. It’s too broad for our application.

  • March 17, 2003 at 7:15 am

    #451203

    Thanks for the links to the articles and taking the time to reply. I'll pass the info onto our network admins and post back our next steps. You mention your application not using a proxy account globally - How did you narrow the proxy account soley for your application?

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply