Post reply

xp_logoninfo #nt invalid object error code 0x6ba

  • January 7, 2016 at 3:23 am

    #323852

    Good morning, I'm running xp_logoninfo to retrieve group members

    exec master..xp_logininfo @acctname='dddd\gggggg',@option=members;

    or

    exec master..xp_logininfo 'dddd\gggggg',members;

    On our 2008/2012 servers it fails for groups, on our old 2003 with SQL2005 it works fine.

    The error is :-

    Msg 15404, Level 16, State 4, Procedure xp_logininfo, Line 43

    Could not obtain information about Windows NT group/user 'dddd\ggggg', error code 0x6ba.

    Having run a profile trace its saying #nt is an invalid object and looking at the SP it creates this to load the members into.

    I can copy the create #nt statement and run it and it works for me.

    We have tried changing the SQLServer user to the same as the server that works, it still fails.

    I have a gut feeling its the hardening they use here, but I've looked through the code and can't see anything that would appear to cause it.

    anyone seen anything similar?

    Or understand the permissions required

    Many thanks.

  • January 7, 2016 at 5:43 am

    #1850148

    i think you are right about hardening/permissions being the issue.

    When i run xp_logininfo against non-existing domain\group

    or exisitngdomain\fakegroup, i get blank results, no error.

    That makes me think it's permissions

    exec master..xp_logininfo @acctname='dddd\gggggg',@option=members;

    exec master..xp_logininfo @acctname='BigBangTheory\gggggg',@option=members;

    this stack overflow post with that error is relevant:

    http://stackoverflow.com/questions/1234570/could-not-obtain-information-about-windows-nt-group-user

    26

    down vote

    accepted

    Active Directory is refusing access to your SQL Agent. The Agent should be running under an account that is recognized by STAR domain controller.

    shareimprove this answer

    edited Mar 24 '14 at 20:20

    atticae

    4,78733387

    answered Aug 5 '09 at 17:30

    Remus Rusanu

    190k24228364

    @Remus Rusanu:The agent is running under a local machine account as MyWorkstation\SqlServerAccount – Raj More Aug 5 '09 at 17:58

    8

    @raj: Actually since is the SQL Server itself that is connecting to the AD, you need to change the account under which SQL is running. It has to be an account AD will authenticate, like a domain account or the NETWORK SERVICE account(provided the machine is joined to the domain). SSMS or EM can have an option to change the service account. – Remus Rusanu Aug 5 '09 at 19:09

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply