none
MSSQL$MICROSOFT##WID after installing DC missing RRS feed

  • Question

  • Hi,



    I got the task to install a new bunch of Server2012 R2 servers to replace our currently running win 2003 systems. Everything seemed fine until I promoted one of the new servers to DC. Now there a several services not starting. Everything seems to be linked to the server "internal windows database". This service can not start because "MSSQL$MICROSOFT##WID" can not log on. I found the solution with adding "NT Service/All Services" to the "Logon as a service" security role, but this does not solve the problem. I dont know this exactly but I think the "MSSQL$MICROSOFT##WID" does not exist at all in my domain. It should be visible in the "active directory users and computers", right?



    The old DC is a Win Server 2003 SBS - Server. Is it possible that the "MSSQL$MICROSOFT##WID" has not been added to the domain as the new server has been promoted to dc?



    Certainly I could start the "internal windows database" as a local service, but I do not know what this would bring with it.



    Hope you can help me.

    Thanks

    Florian

    Oh additional info:

    kaspersky server can not log on because the user can not log on

    svchost throws errors because it can not access several files.

    I think there are several users or privileges missing HELP please


    • Edited by Foggie200 Wednesday, January 8, 2014 8:49 AM
    Wednesday, January 8, 2014 8:45 AM

Answers

  • Ok, I found the solution. 

    Everything I did was absolutely correct but something was missing.

    By declaring the new server as domain controller, it was shiftet in another directory in the active driectory structure. There was an additional local policy that overruled the default domain policy. As soon as I changed it there everything worked fine...

    • Marked as answer by Foggie200 Wednesday, January 8, 2014 12:18 PM
    Wednesday, January 8, 2014 12:17 PM

All replies

  • Hi,

    This is a known issue in Server 2012/Server 2012 R2 when installing services relying on WID.

    I've been running in to this issue earlier where my resolution was to uninstall/reinstall the service that relied on WID after domain controller promotion.

    Also, verify that your policy is configured as below...

    Please see kb http://support.microsoft.com/kb/2832204

    To fix this, in short:

    1. In Group Policy Management, edit Default Domain controllers policy
      Open Policies, Windows settings, security settings, local policy, user rights assignment
       Edit "log on as a service", add user or Group
      Add "IIS_WPG, NETWORK, NETWORK SERVICE, SERVICE
    2. Run 'gpupdate /force' in an elevated command prompt on the domain controller
    3. Try to install/start the WID relying service again

    Also see the following thread for more information on the same issue:

    http://qa.social.technet.microsoft.com/Forums/windowsserver/en-US/ae88de7d-f69f-4cb1-877f-379151d01899/can-not-install-windows-internal-database-wid-windows-server-2012?forum=winserver8gen

    Hope this helps you out!

    /Johan


    Microsoft Certified Trainer
    MCSE: Desktop, Server, Private Cloud, Messaging
    Blog: http://365lab.net

    • Proposed as answer by Crazell Friday, April 4, 2014 2:04 AM
    Wednesday, January 8, 2014 8:53 AM
  • Hi,

    thanks for your answer. So I have set the "log on as a service" parameters and run the "gpupdate /force". then I uninstalled the WID. 

    The problem is, I can't reinstall. Everytime I try it, it says, "can not be completet, because server need to be restarted". After restart I try to install again and the same error appears.

    I dont really know what to do next...

    Wednesday, January 8, 2014 10:45 AM
  • Ok, I found the solution. 

    Everything I did was absolutely correct but something was missing.

    By declaring the new server as domain controller, it was shiftet in another directory in the active driectory structure. There was an additional local policy that overruled the default domain policy. As soon as I changed it there everything worked fine...

    • Marked as answer by Foggie200 Wednesday, January 8, 2014 12:18 PM
    Wednesday, January 8, 2014 12:17 PM
  • Hi Foggie200,

    I’m glad to hear the issue has been solved. And thanks for sharing in the forum. This solution will help others who face the same scenario resolve the problem quickly. Your time and efforts are highly appreciated.

    Best regards,

    Justin Gu
    Thursday, January 9, 2014 1:30 AM
    Moderator
  • You are like the bazilionth person to post that "OH I FOUND THE FIX!  All is well, thnxbye!".  Please, for the love of all things, POST THE FRIGGIN DETAILS OF THE FIX!  You are not the only person experiencing this and I would love to fix mine as well. 
    Tuesday, November 25, 2014 10:59 PM
  • Hi John, I am sure you already spent hours of trying to solve your problem but actually I have written my fix. If I remember correctly it was a problem with declaring the rights for users in gpo who are allowed to log in as a service and who are not. My problem had occurred because windows shifted my server automatically from the folder in the active directory where it originally had been (the folder with the correct rights declaration in gpo) to an other folder called "domain controllers". The new folder had its own group policies which overruled the actually correct ones. After adjusting this, everything worked. Please do not ask me, what I did. It was a long time ago. I see two possibilities. The first, I just moved the computer back to its original folder, the second: I altered the gp in the domain controller folder. I hope I could help you Regards Florian
    Tuesday, November 25, 2014 11:11 PM
  • Hi Johan,

    I've the same solution as you posted but it did not work in my case. My Default Domain Policy set those user right policies as Not Defined. We set it on Local Policy. However, the "Add user or Group" option under "Log on as service" Properties is greyed out. Also, Network Service, NT Service\ALL SERVICES are already in the list. Look like I need to add IIS_WPG and NETWORK groups. Does anyone know how to enable "Add User or Group'?

    Thursday, October 1, 2015 2:59 PM