Udostępnij za pośrednictwem


Unable to start SQL Service with domain account

It was an interesting case - SQL Error log stated:

2008-06-04 17:34:29.66 Server Error: 17053, Severity: 16, State: 1.

2008-06-04 17:34:29.66 Server UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.

.....

2008-06-04 17:34:30.16 spid11s Failed to check for new installation or a renamed server at startup. The logic for this check has failed unexpectedly. Run setup again, or fix the problematic registry key.

2008-06-04 17:34:30.16 spid11s Server name is 'WHJPBS12\CRDNTPD01'. This is an informational message only. No user action is required.

2008-06-04 17:34:30.16 Server Error: 17182, Severity: 16, State: 1.

2008-06-04 17:34:30.16 Server TDSSNIClient initialization failed with error 0x5, status code 0x51.

2008-06-04 17:34:30.16 spid15s Starting up database 'model'.

2008-06-04 17:34:30.16 Server Error: 17182, Severity: 16, State: 1.

2008-06-04 17:34:30.16 Server TDSSNIClient initialization failed with error 0x5, status code 0x1.

2008-06-04 17:34:30.16 Server Error: 17826, Severity: 18, State: 3.

2008-06-04 17:34:30.16 Server Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

2008-06-04 17:34:30.16 Server Error: 17120, Severity: 16, State: 1.

2008-06-04 17:34:30.16 Server SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

SQL Service starts with Local Administrator account.

It also start with Domain Account with sufficient privileges

Having narrowed down to a permission issue, we granted the below privileges:

• Act as Part of the Operating System = SeTcbPrivilege

• Bypass Traverse Checking = SeChangeNotify

• Lock Pages In Memory = SeLockMemory

• Log on as a Batch Job = SeBatchLogonRight

• Log on as a Service = SeServiceLogonRight

• Replace a Process Level Token = SeAssignPrimaryTokenPrivilege

Still it failed. Took Processmon

It was failing with "Access Denied" on the below registry key

HKLM\SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server\CRDNTPD01\MSSQLServer\SuperSocketNetLib\Np

Suggestion

=======

Grant permissions to the below registry keys

HKLM\Software\Microsoft SQL Server

HKLM\Software\MSSQLServer

HKLM\SYSTEM\CurrentConrolSet\Services\<service_name>

HKLM\SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server

Grant permissions on the Folder path and the folder (or in a different location- where the data file and the log files are kept)

c:\Program files\Microsoft SQL Server

Grant the below priveleges

• Act as Part of the Operating System = SeTcbPrivilege

• Bypass Traverse Checking = SeChangeNotify

• Lock Pages In Memory = SeLockMemory

• Log on as a Batch Job = SeBatchLogonRight

• Log on as a Service = SeServiceLogonRight

• Replace a Process Level Token = SeAssignPrimaryTokenPrivilege

This should resolve this issue.