SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


AlwaysOn AG failed over changed sql user passwords???


AlwaysOn AG failed over changed sql user passwords???

Author
Message
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3426 Visits: 919
I had a failover occur last night on my AlwaysOn AG, the SQL accounts had to have the passwords re-entered in order to connect to the databases, has anyone else ran into this issue?

1. I checked the SIDS, they match
2. both accounts have sysadmin rights, I know, I don't like it either but the apps will not run without it.
3. Only a few people have access to the SQL servers, right now, they all deny changing the password, Angry

MCSA SQL Server 2012
george sibbald
george sibbald
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24654 Visits: 13698
do you use the transfer logins task to copy them across? that randomises the passwords.

---------------------------------------------------------------------
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3426 Visits: 919
When they were created about a month ago, I used sp_help_revlogin. I scripted out the users on the old server, created on the primary node, used sp_help_revlogin to get the creation script with the SID, created on the secondary node. This happened twice when the Availability Group failed over to the secondary node. The application could not login. I had to update the password on the SQL users.

MCSA SQL Server 2012
Perry Whittle
Perry Whittle
SSC Guru
SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)

Group: General Forum Members
Points: 54097 Visits: 17681
lkennedy76 (7/30/2014)
When they were created about a month ago, I used sp_help_revlogin. I scripted out the users on the old server, created on the primary node, used sp_help_revlogin to get the creation script with the SID, created on the secondary node. This happened twice when the Availability Group failed over to the secondary node. The application could not login. I had to update the password on the SQL users.

What sql version os the old server?
The encryption has changed in sql server 2012.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3426 Visits: 919
Hey Perry,

We went from SQL08R2 P-V one node cluster, I know, I know, before me, to SQL 2012 AlwaysOn.

MCSA SQL Server 2012
Perry Whittle
Perry Whittle
SSC Guru
SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)SSC Guru (54K reputation)

Group: General Forum Members
Points: 54097 Visits: 17681
If you ran sp_help_religion on a 2008 instance and moved to 2012 the passwords would be lost due to the changes in encryption.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3426 Visits: 919
Hey Perry,

SO I can create the users and it will work until a failover? Also I only used sp_help_revlogin on node one to create user on node two. I scripted out the user on SQL 08R2 and re-created the user on node one for SQL 2012.

MCSA SQL Server 2012
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3426 Visits: 919
Any other ideas?

MCSA SQL Server 2012
HanShi
HanShi
SSCrazy Eights
SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)

Group: General Forum Members
Points: 8634 Visits: 3718
This is the script I use to genereate the CREATE LOGIN code:
select
sp.name
, sp.type_desc
, 'CREATE LOGIN [' + sp.name + '] '
+ case when sp.type in ('U', 'G')
then 'FROM WINDOWS '
else ''
end
+ 'WITH '
+ case when sl.password_hash IS NOT NULL
then 'PASSWORD = ' + convert(nvarchar(max), password_hash, 1) + ' HASHED, '
else ''
end
+ 'DEFAULT_DATABASE = [' + ISNULL(sp.default_database_name, 'master') + '] '
+ ISNULL(', DEFAULT_LANGUAGE = [' + sp.default_language_name + '] ', '')
+ CASE WHEN sp.type_desc = 'SQL_LOGIN'
THEN ', CHECK_EXPIRATION = ' + case is_expiration_checked when 0 then 'OFF, ' else 'ON, ' END
+ 'CHECK_POLICY = ' + case is_policy_checked when 0 then 'OFF, ' else 'ON, ' END
+ 'SID = ' + convert(nvarchar(max), sp.sid, 1)
ELSE ''
END
+ case when sp.is_disabled = 'TRUE'
then ';ALTER LOGIN [' + sp.name + '] DISABLE'
else ''
end
as create_stmt
from master.sys.server_principals sp -- get all logins from [server_principals]
left outer join master.sys.sql_logins sl -- and get some additional information from [sql_logins]
on sp.principal_id = sl.principal_id
and sp.type = sl.type



** Don't mistake the ‘stupidity of the crowd’ for the ‘wisdom of the group’! **
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search