Wednesday, January 28, 2009

Service Account Changes - Known Issues

When changing service accounts you may encounter the following scenarios.
1. SQL Agent fails to start on SQL2005 Clustered Instance
This was due to an incorrect or missing delegation permission on the account (http://support.microsoft.com/kb/956378). The fix was to set the account in Active Directory to "Trust this user for delegation for any service (Kerberos Only)"
2. SSIS fails to start
Set an SPN for the instance with no port number, this is in addition to the SPN with port specified. For example MYSERVER\SQLXXXX5 (assume it’s using port 45678) should have 2 SPN's set "MSSQLSvc/MYSERVER.rjf.com" & "MSSQLSvc/MYSERVER.rjf.com:45678".
3. Users are unable to connect with "unable to generate SSPI context" error
This is most probably a missing SPN. You can check the SPN's register to a specific account (MyAccount in this case) using this syntax in a CMD prompt "setspn -L MyAccount". The fix is to add appropriate SPN. SPN is in the following pattern "MSSQLSvc/FQDN:Port" so MYSERVER\SQLXXX2 (assume it’s using port 45678) would look like this "MSSQLSvc/MYSERVER.rjf.com:45678".
4. SQL service fails to start with the errors below (Error list A)
The fix we received from MS was to create a local profile for the service account by logging on to the machine as the service account.
Error List A
Event Type: Error
Event Source: MSSQL$SQLXXXX5
Event Category: (2)
Event ID: 17190
Date: 11/15/2008
Time: 12:31:04 PM
User: N/A
Computer: MYSERVER
Description:FallBack certificate initialization failed with error code: 1.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 26 43 00 00 10 00 00 00 &C......
0008: 11 00 00 00 4c 00 45 00 ....M.Y.
0010: 4f 00 50 00 41 00 52 00 S.E.R.V.
0018: 44 00 5c 00 53 00 51 00 E.R.\.S.Q.
0020: 4c 00 50 00 52 00 4f 00 L.X.X.X.
0028: 44 00 35 00 00 00 00 00 X.5.....
0030: 00 00 ..
Event Type: Information
Event Source: MSSQL$SQLXXXX5
Event Category: (2)
Event ID: 26017
Date: 11/15/2008
Time: 12:31:04 PM
User: N/A
Computer: MYSERVER
Description:Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: a1 65 00 00 0a 00 00 00 ¡e......
0008: 11 00 00 00 4c 00 45 00 ....M.Y.
0010: 4f 00 50 00 41 00 52 00 S.E.R.V.
0018: 44 00 5c 00 53 00 51 00 E.R.\.S.Q.
0020: 4c 00 50 00 52 00 4f 00 L.X.X.X.
0028: 44 00 35 00 00 00 00 00 X.5.....
0030: 00 00 ..
Event Type: Error
Event Source: MSSQL$SQLXXXX5
Event Category: (2)
Event ID: 17182
Date: 11/15/2008
Time: 12:31:04 PM
User: N/A
Computer: MYSERVER
Description:TDSSNIClient initialization failed with error 0x80092004, status code 0x80.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1e 43 00 00 10 00 00 00 .C......
0008: 11 00 00 00 4c 00 45 00 ....M.Y.
0010: 4f 00 50 00 41 00 52 00 S.E.R.V.
0018: 44 00 5c 00 53 00 51 00 E.R.\.S.Q.
0020: 4c 00 50 00 52 00 4f 00 L.X.X.X.
0028: 44 00 35 00 00 00 00 00 X.5.....
0030: 00 00 ..
Event Type: Error
Event Source: MSSQL$SQLXXXX5
Event Category: (2)
Event ID: 17182
Date: 11/15/2008
Time: 12:31:04 PM
User: N/A
Computer: MYSERVER
Description:TDSSNIClient initialization failed with error 0x80092004, status code 0x1.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1e 43 00 00 10 00 00 00 .C......
0008: 11 00 00 00 4c 00 45 00 ....M.Y.
0010: 4f 00 50 00 41 00 52 00 S.E.R.V.
0018: 44 00 5c 00 53 00 51 00 E.R.\.S.Q.
0020: 4c 00 50 00 52 00 4f 00 L.X.X.X.
0028: 44 00 35 00 00 00 00 00 X.5.....
0030: 00 00 ..
Event Type: Error
Event Source: MSSQL$SQLXXXX5
Event Category: (2)
Event ID: 17826
Date: 11/15/2008
Time: 12:31:04 PM
User: N/A
Computer: MYSERVER
Description:Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: a2 45 00 00 12 00 00 00 ¢E......
0008: 11 00 00 00 4c 00 45 00 ....M.Y.
0010: 4f 00 50 00 41 00 52 00 S.E.R.V.
0018: 44 00 5c 00 53 00 51 00 E.R.\.S.Q.
0020: 4c 00 50 00 52 00 4f 00 L.X.X.X.
0028: 44 00 35 00 00 00 00 00 X.5.....
0030: 00 00 ..
Event Type: Error
Event Source: MSSQL$SQLXXXX5
Event Category: (2)
Event ID: 17120
Date: 11/15/2008
Time: 12:31:04 PM
User: N/A
Computer: MYSERVER
Description:SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e0 42 00 00 10 00 00 00 àB......
0008: 11 00 00 00 4c 00 45 00 ....M.Y.
0010: 4f 00 50 00 41 00 52 00 S.E.R.V.
0018: 44 00 5c 00 53 00 51 00 E.R.\.S.Q.
0020: 4c 00 50 00 52 00 4f 00 L.X.X.X.
0028: 44 00 35 00 00 00 00 00 X.5.....
0030: 00 00 ..

No comments:

Post a Comment