Results 1 to 13 of 13
  1. #1
    Join Date
    Jan 2004
    Posts
    27

    Exclamation Unanswered: Lost access to my SQL SERVER !!!

    Hello,
    I have changed the account in which the Sql Server process run and not I cannot log into the server with any other user account (even if they are System Admin, DBO and Domain admin...) than the one which run the SQL process.

    What can I do to gain back access (with the user accounts) ?

  2. #2
    Join Date
    Feb 2004
    Location
    PAKISTAN
    Posts
    106
    R the users which u can't login through SQL Server accounts? If yes then make sure SQL is set to mixed-mode. If u've changed the service to Local System Account from a domain user account; SQL no longer will have Network Resources access.
    What type of former user u've been using for sql service account and what type of service account user is the latter.

  3. #3
    Join Date
    Jan 2004
    Posts
    27
    Hello,
    I have changed the service account from "localsystem" to an "admin" domain account.

    My server is in mixed mode (I can log on it using a login/pass sql account but I can't log using a NT domain account other than the service account).

    Thank

    Felix Pageau


    Originally posted by TALAT
    R the users which u can't login through SQL Server accounts? If yes then make sure SQL is set to mixed-mode. If u've changed the service to Local System Account from a domain user account; SQL no longer will have Network Resources access.
    What type of former user u've been using for sql service account and what type of service account user is the latter.

  4. #4
    Join Date
    Feb 2004
    Location
    PAKISTAN
    Posts
    106
    Have u checked that the Domain-Users group is added into the logins and have appropriate db-access into its default DB.

  5. #5
    Join Date
    Jan 2004
    Posts
    27
    Yes it is added in the login list. It is System administrator and DBO of every database of the server.


    Originally posted by TALAT
    Have u checked that the Domain-Users group is added into the logins and have appropriate db-access into its default DB.

  6. #6
    Join Date
    Feb 2004
    Location
    PAKISTAN
    Posts
    106
    Plz post the exact error message u get while logging into any domain-user group.

  7. #7
    Join Date
    Jan 2004
    Posts
    27
    Hello the error message in Enterprise Manager is :


    A connection could not be established to (LOCAL).
    Reason: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection..
    Please verify SQL Server is running and check your SQL Server registration properties (by right-clicking on the (LOCAL) node) and try again.


    The error message with the query analyzer:
    Unable to connect to server DEV-SVR-1:
    Server: Msg 18452, Level 16, State 1
    [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection


    I have tried to log directly on the server. The same error is also raised when I'm trying to log on any other computer in the domain.


    Thank

  8. #8
    Join Date
    Feb 2004
    Location
    PAKISTAN
    Posts
    106
    Ok, i also had the same problem when i was running 2 different domains without trust-relationship. Sql account can login but the domain user doesn't. If u've this setup; setup impersonation for ur domain users. If u've a single domain then make sure the Domain-Controller is online and users r being authenticated.
    Also try logging into the db server locally through a domain user and connect to SQL and don't use LOCAL against the servername, use the correct Instance name instead. U can find the exact sql-instance name by logging into query-analyzer through an SQL user and executing:
    SELECT SERVERPROPERTY('servername')

  9. #9
    Join Date
    Jan 2004
    Posts
    27
    Hello,
    My 2 servers (because I have another SQL Server on the domain controller server using the same account and every domain user can log on this one) are in the same domain. The domains users are trusted for delegation (I have check this in the admin tools/Active directory user and computer). But I can't still log on the SQL Server.

    By the way, my domain controller is a win2k server and the SQL Server that the domain user can't log into is a Windows 2003 Server. Is it possible that it is "security property" of win2003 ?

    Thank

  10. #10
    Join Date
    Feb 2004
    Location
    PAKISTAN
    Posts
    106
    If ur win2003 is the member of domain and domain-users can log in to the operating system, u must be able to connect to sql then. What about LOCAL? why r using it instead of the actual servername.

  11. #11
    Join Date
    Jan 2004
    Posts
    27
    Yes the user can log onto the server. I am now using the servername but I'm still unable to log into SQL in any other account else than the service account.

    Do you have any other clues ?

    Thank a lot

    Felix Pageau

  12. #12
    Join Date
    Apr 2004
    Location
    Kansas City, MO
    Posts
    734
    Originally posted by grouf
    Yes the user can log onto the server. I am now using the servername but I'm still unable to log into SQL in any other account else than the service account.

    Do you have any other clues ?

    Thank a lot

    Felix Pageau
    And you are running SQL Server under a domain admin account? Have you made sure the services are set up that way? Also, the account you are using can log into any other machine in the domain or not?
    MeanOldDBA
    derrickleggett@hotmail.com
    When life gives you a lemon, fire the DBA.

  13. #13
    Join Date
    Jan 2004
    Posts
    27
    Originally posted by derrickleggett
    And you are running SQL Server under a domain admin account? Have you made sure the services are set up that way? Also, the account you are using can log into any other machine in the domain or not?
    SQL is running in a domain admin account. Domain admin can log on every computer and server in the domain (I know it is bad to do so, but when it will work, I will lower the permission of the service account).

    I don't really understand what mean "Have you made sure the services are set up that way? ". But I have check that the services (MSSQLSERVER, SQLSERVERAGENT and MSSQLServerADHelper) are running in the service account.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •