hi,
for security reason, I changed the "BUILTIN\Administrators" Server Access
from "Permit" to "Deny".
but the SQLSERVERAGENT was failed to start. got this error as follow(even I
chagne the service logon account to another window("power user" group's)
user).
Any ideas?
Thanks...
Error:
Event Type: Error
Event Source: SQLSERVERAGENT
Event Category: Service Control
Event ID: 103
Date: 08/03/2004
Time: 12:51:02 PM
User: N/A
Computer: LL_SERVER
Description:
SQLServerAgent could not be started (reason: Unable to connect to server
'(local)'; SQLServerAgent cannot start).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.The windows account that Agent uses need to be able to login to SQL Server.
You removed the Administrators account from SQL Server, and couldn't login,
which indicates that the service account for Agent is Administrator (or some
other Windows account which is member of the Administrators group). So far
no surprise.
The windows group Power Users are not added as logins to SQL Server by the
installation program. Make sure that the service account for Agent has a
login in SQL Server and that login has sysadmin permissions in SQL Server.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
"js" <js@.someone@.hotmail.com> wrote in message
news:ewdgfaTBEHA.3284@.TK2MSFTNGP09.phx.gbl...
> hi,
> for security reason, I changed the "BUILTIN\Administrators" Server Access
> from "Permit" to "Deny".
> but the SQLSERVERAGENT was failed to start. got this error as follow(even
I
> chagne the service logon account to another window("power user" group's)
> user).
> Any ideas?
> Thanks...
> Error:
> Event Type: Error
> Event Source: SQLSERVERAGENT
> Event Category: Service Control
> Event ID: 103
> Date: 08/03/2004
> Time: 12:51:02 PM
> User: N/A
> Computer: LL_SERVER
> Description:
> SQLServerAgent could not be started (reason: Unable to connect to server
> '(local)'; SQLServerAgent cannot start).
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>|||Thanks Tibor.
I defined a user "BackupUser" as Power Users group. and add SQL sysadmin
permission to it. In order to test, I need to relogin to window as
"BackupUser".
I'm able to to login to SQL.
But when I try to start the SQL Agent service. still got an error:
Service msg box:
Could not start the SQLSERVERAGENT service on Local Computer.
Error5: Access is denied.
How to fix this one?
Another question is: If I don't login to windows(interact mode), the sql
jobs are able to run?
Thanks again.
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:%23lAmNuTBEHA.1548@.TK2MSFTNGP12.phx.gbl...
> The windows account that Agent uses need to be able to login to SQL
Server.
> You removed the Administrators account from SQL Server, and couldn't
login,
> which indicates that the service account for Agent is Administrator (or
some
> other Windows account which is member of the Administrators group). So far
> no surprise.
> The windows group Power Users are not added as logins to SQL Server by the
> installation program. Make sure that the service account for Agent has a
> login in SQL Server and that login has sysadmin permissions in SQL Server.
>|||What error messages do you have in the SQL Server Agent errorlog? Perhaps it
is quite simply a matter of Agent doesn't have permissions on the registry
keys or directories/files that it needs.
No, you don't have to be logged in interactively in order for your Agent
jobs to run.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
"js" <js@.hotmail.com> wrote in message
news:eBBqWMUBEHA.2440@.TK2MSFTNGP12.phx.gbl...
> Thanks Tibor.
> I defined a user "BackupUser" as Power Users group. and add SQL sysadmin
> permission to it. In order to test, I need to relogin to window as
> "BackupUser".
> I'm able to to login to SQL.
> But when I try to start the SQL Agent service. still got an error:
> Service msg box:
> Could not start the SQLSERVERAGENT service on Local Computer.
> Error5: Access is denied.
> How to fix this one?
> Another question is: If I don't login to windows(interact mode), the sql
> jobs are able to run?
> Thanks again.
>
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote
in
> message news:%23lAmNuTBEHA.1548@.TK2MSFTNGP12.phx.gbl...
> Server.
> login,
> some
far
the
Server.
>|||Thanks Tibor.
There is no errorlog. only a messagebox pupup.
Error5: Access is denied.
The user is belong to a Power User group. Still need more permissions for
agent servie to run?
Can I do this instead:
Reable "permit" access to BUILTIN\Administraotrs, So the local system
account won't block.
and deny access for individual admin instead: domain\admin1, domain\admin2.
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:u8qw4XUBEHA.3748@.tk2msftngp13.phx.gbl...
> What error messages do you have in the SQL Server Agent errorlog? Perhaps
it
> is quite simply a matter of Agent doesn't have permissions on the registry
> keys or directories/files that it needs.
> No, you don't have to be logged in interactively in order for your Agent
> jobs to run.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
>
> "js" <js@.hotmail.com> wrote in message
> news:eBBqWMUBEHA.2440@.TK2MSFTNGP12.phx.gbl...
sysadmin
> in
(or
> far
> the
a
> Server.
>|||SQL Agent has an errorlog file, which you for instance can get to from EM,
Management, Right-click Agent.
I suggest you read in Books Online about permissions. Search for "level
token" and you will only get one hot, describing security needed to be in
place for the service accounts.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
"js" <js@.someone@.hotmail.com> wrote in message
news:%23V1beiUBEHA.1380@.TK2MSFTNGP10.phx.gbl...
> Thanks Tibor.
> There is no errorlog. only a messagebox pupup.
> Error5: Access is denied.
> The user is belong to a Power User group. Still need more permissions for
> agent servie to run?
> Can I do this instead:
> Reable "permit" access to BUILTIN\Administraotrs, So the local system
> account won't block.
> and deny access for individual admin instead: domain\admin1,
domain\admin2.
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote
in
> message news:u8qw4XUBEHA.3748@.tk2msftngp13.phx.gbl...
Perhaps
> it
registry
> sysadmin
sql
wrote
> (or
So
by
has
> a
>|||Thanks Tibor.
I try to start the service from EM, got this:
Service Control Failure:
An error 1053 - (The service did not respond to the start or control request
in a timely
fashion) occured while performing this service operation on the
SQLServerAgent serve.
I already followed by the steps in "Setting up Windows Services Accounts"
for adding the foler, registry permission.
what I'm missing?
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:%236uNvkUBEHA.3928@.TK2MSFTNGP11.phx.gbl...
> SQL Agent has an errorlog file, which you for instance can get to from EM,
> Management, Right-click Agent.
> I suggest you read in Books Online about permissions. Search for "level
> token" and you will only get one hot, describing security needed to be in
> place for the service accounts.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
>
> "js" <js@.someone@.hotmail.com> wrote in message
> news:%23V1beiUBEHA.1380@.TK2MSFTNGP10.phx.gbl...
for
> domain\admin2.
> in
> Perhaps
> registry
Agent
> sql
> wrote
SQL
couldn't
Administrator
group).
> So
Server
> by
> has
>|||Still, I need to know the error from Agent, in the Agent error file (you
didn't follow the direction I gave). You can also find the file in:
C:\Program Files\Microsoft SQL Server\MSSQL$FRESH\LOG
And the file name is SQLAGENT.OUT
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
"js" <js@.someone@.hotmail.com> wrote in message
news:%23Qg4WuUBEHA.3348@.TK2MSFTNGP11.phx.gbl...
> Thanks Tibor.
> I try to start the service from EM, got this:
> Service Control Failure:
> An error 1053 - (The service did not respond to the start or control
request
> in a timely
> fashion) occured while performing this service operation on the
> SQLServerAgent serve.
> I already followed by the steps in "Setting up Windows Services Accounts"
> for adding the foler, registry permission.
> what I'm missing?
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote
in
> message news:%236uNvkUBEHA.3928@.TK2MSFTNGP11.phx.gbl...
EM,
in
> for
wrote
> Agent
the
> SQL
> couldn't
> Administrator
> group).
> Server
Agent
SQL
>|||Thanks Tibor.
There is SQLAGENT.OUT file in my SQL LOG folder.
There are some ERRORLOG.x and SQLAGENT.x files( x is a number)
if I specify the wrong account password for the Agent service. then I got
the error:
An error 1069 - (The service did not start due to a logon failure) occured
while performing this service
operation on the SQLServerAgent service.
If I specify it correctly, after waiting for a while(hourglass on EM) and
then got another error:
An error 1053 - ( The service did not respond to the start or control
request in a timely fashion) occured while performing this service operation
on the SQLServerAgent servcie.
again, no SQLAGENT.OUT file under that SQL log folder.
what is next?
"Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote in
message news:OMd$BzUBEHA.2600@.TK2MSFTNGP12.phx.gbl...
> Still, I need to know the error from Agent, in the Agent error file (you
> didn't follow the direction I gave). You can also find the file in:
> C:\Program Files\Microsoft SQL Server\MSSQL$FRESH\LOG
> And the file name is SQLAGENT.OUT
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
>
> "js" <js@.someone@.hotmail.com> wrote in message
> news:%23Qg4WuUBEHA.3348@.TK2MSFTNGP11.phx.gbl...
> request
Accounts"
> in
> EM,
"level
> in
permissions
system
> wrote
as
error:
> the
<tibor_please.no.email_karaszi@.hotmail.nomail.com>
to
> Agent
> SQL
>|||Sorry.
There is no SQLAGENT.OUT file in my SQL LOG folder.
"js" <js@.someone@.hotmail.com> wrote in message
news:uay0hiVBEHA.3548@.TK2MSFTNGP10.phx.gbl...
> Thanks Tibor.
> There is SQLAGENT.OUT file in my SQL LOG folder.
> There are some ERRORLOG.x and SQLAGENT.x files( x is a number)
> if I specify the wrong account password for the Agent service. then I got
> the error:
> An error 1069 - (The service did not start due to a logon failure) occured
> while performing this service
> operation on the SQLServerAgent service.
> If I specify it correctly, after waiting for a while(hourglass on EM) and
> then got another error:
> An error 1053 - ( The service did not respond to the start or control
> request in a timely fashion) occured while performing this service
operation
> on the SQLServerAgent servcie.
> again, no SQLAGENT.OUT file under that SQL log folder.
> what is next?
>
>
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@.hotmail.nomail.com> wrote
in
> message news:OMd$BzUBEHA.2600@.TK2MSFTNGP12.phx.gbl...
> Accounts"
wrote
from
> "level
be
> permissions
> system
errorlog?
the
your
SQL
window
> as
> error:
mode),
> <tibor_please.no.email_karaszi@.hotmail.nomail.com>
> to
in
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment