共用方式為

WMI Provider Error: Access is denied. [0x80070005] from SQL Server Computer Manager

  • 發行項

 

When you attempt to change the Login Account for the SQL services [SQL Server, SQL Agent, Full Text, Analysis Services] from the SQL Server Computer Manager tool, you may encounter the following error message:

"WMI Provider Error"

"Access is denied. [0x80070005]"

 

This post is applicable for SQL Services installed as failover instances on Windows Clusters.

If this is the only operation [changing service startup account] that gives you this error and you can perform all other operations from Computer Manager, then verify the following:

 

- When you setup SQL Server, you provided a domain group for cluster services

- You need to make sure one of the following is true:

o The Windows user account under which you are running the SQL Server Computer Manager has appropriate permission in the Active Directory to add the new service startup account to the domain group for cluster

o The new service startup account is already added to the appropriate domain group for cluster. You can specify different domain groups for SQL Server, SQL Agent, Full Text, and Analysis Services. Make sure to add the appropriate service startup account to the correct domain group.

 

Basically this message is telling you that the SQL Computer Management WMI provider [sqlmgmprovider.dll] attempted to add the new service startup account to the domain group for cluster and it failed with this error.

 

You will notice the recommended steps for changing service startup accounts in a failover cluster are documented in the Knowledge Base article:

915846 Best practices that you can use to set up domain groups and solutions to problems that may occur when you set up a domain group when you install a SQL Server 2005 failover cluster

How to change the service account for a clustered service

To change the service account for a clustered service of SQL Server 2005, follow these steps:

1.

Add the new service account to the domain group of the clustered service.

2.

On one of the cluster nodes, use SQL Server Configuration Manager to change the service account to the new account.

You can actually see what is happening if you turn on the verbose WMI logs:

START >> ADMINISTRATIVE TOOLS >> COMPUTER MANAGEMENT >> SERVICES AND APPLICATIONS >> WMI CONTROL >> PROPERTIES >> LOGGING >> VERBOSE

      Change the Log max size to 1 MB

      Note down the location of the log files

      Save the changes and restart winmgmt service

The framework logs will show the following entries of interest:

 

GetNamespaceConnection: rootMicrosoftSqlServerComputerManagement 12/26/2008 11:33:53.883 thread:2684

CreateInstanceEnumAsync: SqlService - Succeeded 12/26/2008 11:33:53.883 thread:2684

CWbemProviderGlue::Release, count is (approx) 6 12/26/2008 11:33:53.883 thread:2684

CWbemProviderGlue::AddRef, count is (approx) 7 12/26/2008 11:33:56.352 thread:2684

GetObjectAsync: SqlService.ServiceName="SQLAgent$SQLINST03",SQLServiceType=2 12/26/2008 11:33:56.352 thread:2684

Impersonation running as: SURESHKADCsureshka 12/26/2008 11:33:56.352 thread:2684

GetObjectAsync: SqlService.ServiceName="SQLAgent$SQLINST03",SQLServiceType=2 - Succeeded 12/26/2008 11:33:57.180 thread:2684

CWbemProviderGlue::Release, count is (approx) 6 12/26/2008 11:33:57.180 thread:2684

CWbemProviderGlue::AddRef, count is (approx) 7 12/26/2008 11:34:16.461 thread:2684

GetObjectAsync: SqlService.ServiceName="SQLAgent$SQLINST03",SQLServiceType=2 12/26/2008 11:34:16.461 thread:2684

Impersonation running as: SURESHKADCsureshka 12/26/2008 11:34:16.461 thread:2684

Recognized __GET_EXT_KEYS_ONLY 12/26/2008 11:34:16.461 thread:2684

GetObjectAsync: SqlService.ServiceName="SQLAgent$SQLINST03",SQLServiceType=2 - Succeeded 12/26/2008 11:34:17.305 thread:2684

CWbemProviderGlue::Release, count is (approx) 6 12/26/2008 11:34:17.305 thread:2684

CWbemProviderGlue::AddRef, count is (approx) 7 12/26/2008 11:34:17.305 thread:2684

ExecMethodAsync: SqlService.ServiceName="SQLAgent$SQLINST03",SQLServiceType=2.SetServiceAccount 12/26/2008 11:34:17.305 thread:2684

Impersonation running as: SURESHKADCsureshka 12/26/2008 11:34:17.305 thread:2684

ExecMethodAsync: SqlService.ServiceName="SQLAgent$SQLINST03",SQLServiceType=2.SetServiceAccount - FAILED (80070005) 12/26/2008 11:34:18.352 thread:2684

CWbemProviderGlue::Release, count is (approx) 6 12/26/2008 11:34:18.352 thread:2684

 

Here you will be able to notice

- What is the Windows user credentials under which the operation is being performed

- What specific WMI call failed

- What was the return code

 

After this you can debug the SetServiceAccount method in the provider and find out the exact step where it fails. This requires the use of Windows Debugger and symbols for the provider.

 

This whole concept applies to the setup process also and is well documented in the Books Online topic: Domain Groups for Clustered Services.

The domain groups should have the appropriate service accounts added to them. If the service accounts are not members of the appropriate domain groups at the time Setup is run, Setup will attempt to add them. In this case, the account under which Setup is running must have adequate privileges to add accounts to the domain groups. If SQL Server Setup is run under an account that does not have permission to add users to the domain groups, the users must already be members of the appropriate group.

 

You can refer to the following article for more information about how the SQL Computer Manager interacts with WMI.

941823 Some or all SQL Server 2005 services are not listed in SQL Server Configuration Manager, or you receive a "No SQL Server 2005 components were found" error message when you perform operations in SQL Server 2005 Surface Area Configuration

 

Thanks

Suresh B. Kandoth

SQL Server Escalation Services

Comments

  • Anonymous
    January 04, 2009
    PingBack from http://www.codedstyle.com/wmi-provider-error-access-is-denied-0x80070005-from-sql-server-computer-manager/

  • Anonymous
    January 12, 2009
    I get this error on a standalone server.  There is no domain administrator, because there is no domain.  Also, there is no "Logging" tab under the WMI properties. Could someone help?

  • Anonymous
    January 12, 2009
    BTW, I am setting up SQL Server 2008 on Windows Server 2008.

  • Anonymous
    January 13, 2009
    Have turned on WMI logging in registry, but the log is not much help.

  • Anonymous
    January 15, 2009
    The comment has been removed

  • Anonymous
    February 20, 2010
    I am using SQL 2008 on a local machine. From the SQL Server 2008 BOL, I am using the following  (Copy/pasted from the BOL):

CREATE DATABASE Archive ON PRIMARY ( NAME = Arch1,    FILENAME = 'c:dataarchdat1.mdf'), FILEGROUP FileStreamGroup1 CONTAINS FILESTREAM( NAME = Arch3,    FILENAME = 'c:datafilestream1') LOG ON  ( NAME = Archlog1,    FILENAME = 'c:dataarchlog1.ldf') GO

Im logged in as Admin. C:Data exists and all users have full control on this folder. I am getting the error: Unable to open the physical file "c:datafilestream1". Operating system error -2147024891: "0x80070005(Access is denied.)". What can be problems?

  • Anonymous
    February 08, 2014
    May need to verify agains the case (ie upper or lower or mixed) of the login name used. Then match it on the login account name. Then it should allow for the password change.