September 2, 2015 at 4:57 am
Hi all,
...so I have a SQL 208 R2 database server that has its services running under NT AUTHORITY\LOCALSERVICE Account. We now wish to have some automated jobs that need to access other parts of the network not on this server. So we have set up a Domain Account. However when we change the Account for the SLQ Server Agent in Configuration manager, when the service attempts to restart under the new Domain account we receive the error
"The request failed or the service did not respond in a timely fashion. Consult the event log or other applicable error logs for details"
So after consulting the event logs, SQL agent out log, and Error logs there are no obvious error messages and the only entry relating to the agent in the event log is an information message saying that SQL Server agent has entered a stopped state.
If I attempt to start the agent via SSMS or the Services.msc then I get the message that the service started and then stopped
After extensive googling security permissions seemed to be the likely culprit. But as per https://msdn.microsoft.com/en-us/library/ms191543.aspx, I have made sure the account has all of the following
- Logon as a service
- Bypass travers checking
- Replace a process-level-token
- Adjust memory quotas for a process
- log on using the batch logon type
(I have done this by making the domain account a member of the SQLServerSQLAgentUser$(SQLInstance) group - which has these rights - have confirmed this using secpol)
However, if I make the domain account a member of the local Administrator Group the Agent starts successfully
What other permissions should I be looking at so that I don't have to make this account a local admin on the server
Thanks
September 2, 2015 at 5:14 am
Please will you post the contents of the SQLAGENT.OUT file, if there is one? If there isn't one, that's probably your problem - the SQL Server Agent account doesn't have access to create it in the specified location.
John
September 2, 2015 at 7:17 am
Perfect thanks jon, set full permissions for the account to the \MSSQL\Log folder and the service started successfully
Thanks
Simon
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply