登录
 
主页技术资源库学习下载支持社区论坛
IT 专业人士的资源 >
The SQL Server service account does not have permission to access Active Directory Domain Services.

Answered The SQL Server service account does not have permission to access Active Directory Domain Services.

  • 2008年12月10日 20:32
     
     
    登录进行投票
    0

     

    We've been running VMM 2008 without any issues for weeks. Starting a few days ago, we started to get the following error when trying to launch the administrator console:

     

    The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).

     

    Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS.For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.

     

    ID: 2607

     

    We have the VMM service running under a domain account. After doing some digging, it turns out that at about the same time this stopped working, another completely unrelated user account was added in the domain. Ever since then, we receive the error above, and the follow error is getting logged in Event Viewer --> Custom Views --> Administrative Events:

     

    Log Name:      Windows PowerShell
    Source:        PowerShell
    Date:          12/4/2008 6:01:35 PM
    Event ID:      103
    Task Category: Engine Health
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      vmm.virtual
    Description:
    Settings: Error loading the extended type data file:
    Microsoft.SystemCenter.VirtualMachineManager, C:\Program Files\Microsoft System Center Virtual Machine Manager 2008\bin\virtualmachinemanager.types.ps1xml : File skipped because of validation exception: "AuthorizationManager check failed.".
     

    Details:
     ExceptionClass=RuntimeException
     ErrorCategory=NotSpecified
     ErrorId=ErrorsUpdatingTypes
     ErrorMessage=Error loading the extended type data file:
    Microsoft.SystemCenter.VirtualMachineManager, C:\Program Files\Microsoft System Center Virtual Machine Manager 2008\bin\virtualmachinemanager.types.ps1xml : File skipped because of validation exception: "AuthorizationManager check failed.".


     Severity=Warning

     SequenceNumber=231

     HostName=Default MSH Host
     HostVersion=1.0.0.0
     HostId=cbebdc16-fd95-4aa6-97e7-6d2f3983558d
     EngineVersion=
     RunspaceId=
     PipelineId=
     CommandName=
     CommandType=
     ScriptName=
     CommandPath=
     CommandLine=

    AdditionalInfo:
     Name=;Value=
     Name=;Value=
     Name=;Value=
    Event Xml:
    <Event xmlns="    http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="PowerShell" />
        <EventID Qualifiers="0">103</EventID>
        <Level>3</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2008-12-05T00:01:35.000Z" />
        <EventRecordID>17057</EventRecordID>
        <Channel>Windows PowerShell</Channel>
        <Computer>vmm.virtual</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Error loading the extended type data file:
    Microsoft.SystemCenter.VirtualMachineManager, C:\Program Files\Microsoft System Center Virtual Machine Manager 2008\bin\virtualmachinemanager.types.ps1xml : File skipped because of validation exception: "AuthorizationManager check failed.".
    </Data>
        <Data> ExceptionClass=RuntimeException
     ErrorCategory=NotSpecified
     ErrorId=ErrorsUpdatingTypes
     ErrorMessage=Error loading the extended type data file:
    Microsoft.SystemCenter.VirtualMachineManager, C:\Program Files\Microsoft System Center Virtual Machine Manager 2008\bin\virtualmachinemanager.types.ps1xml : File skipped because of validation exception: "AuthorizationManager check failed.".


     Severity=Warning

     SequenceNumber=231

     HostName=Default MSH Host
     HostVersion=1.0.0.0
     HostId=cbebdc16-fd95-4aa6-97e7-6d2f3983558d
     EngineVersion=
     RunspaceId=
     PipelineId=
     CommandName=
     CommandType=
     ScriptName=
     CommandPath=
     CommandLine=

    AdditionalInfo:
     Name=;Value=
     Name=;Value=
     Name=;Value=</Data>
      </EventData>
    </Event>

     

     

    Every time you attempt to launch the administrator console, groups of the errors above get logged.

     

    So, it appears that at the same time this new user account was added to the domain, something else changed on the domain controller at the same time? Any ideas?

     

    A

     

全部回复

  • 2008年12月10日 21:49
     
     已答复
    登录进行投票
    0

    I figured this one out... here's the issue/solution:

     

    When VMM & SQL Express were installed, the dbowner on the SQL databases was set to a domain account rather than to a SQL account. At the same time that I mentioned a *new* user account was created in the domain, there was also one deleted at the same time.... and you guessed it, it was the very same one that was set to dbowner on the databases used by VMM.

     

    A simple dbowner change to sa fixed the issue.

     

    A

     
  • 2009年4月24日 0:44
     
     
    登录进行投票
    0
    alternitive soltuion:

                    I have finally figured this out.

     

                    The VMM service runs under the Local System account, I changed it to use the domain account I logged in with. I also had to change the SQL service account to use the same domain account the VMM service runs under.

     

    Prior to performing the above actions, I modified the certificate in MMC > Certificates to not use the Smart Card option from the users profile. Shown below. To make this modification. Follow these steps.

    1.       Open MMC

    2.       Open > File > Add/Remove Snap-ins

    3.       Select Certificates, and click Add (ensure Current – User is selected)

    4.       Click OK

    5.       Navigate to > Personal > Certificates

    6.       Double click on the user Cert

    7.       Select the Details Tab, > click the Edit Properties

    8.       Select “Enable only the following purposes

    9.       Uncheck Smart Card Logon

     

    After the above actions was performed, I then modified the service account the VMM and SQL service was using to use a domain account, and things started working.

    Richard Dixon MSFT Sr Systems Engineer
     
  • 2012年7月13日 13:43
     
     
    登录进行投票
    0

    Thanks all of you for the information. We were facing the same issue, and were getting following error while launching SCVMM client

    The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).

    Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com.com/fwlink/?LinkId=121054.

    Following solution helped us: 

    Change virtual machine manager's database's DBO login to sa.

    No need to change the VMM service and SQL service to run under domain account. The services can continue to run under Local System account.