i decided to see if i could better secure one of my test servers so
here's what i did.
created two local nt accounts (one for the sqlserver service and one for
agent) that are not local admins.
through enterprise manager i changed the agent and server to run using
the appropriate account.
both the server and agent start, but aren't working properly.
i get the following errors in the sqlagent error log
[LOG] The data portion of event 17052 from MSSQLSERVER is invalid
i get the following error every time i try to start a job
error 22022 :sqlserveragent is not currently running so it cannot be
notified of this action.
the agent is running (i even see the account that runs the agent is
connected to msdb).
i see no errors in the sqlserver log, but i do see the following errors
in the nt application log.
You do not have sufficient operating system permission to open the
sqlserveragent status event.
i checked the user rights for both local nt accounts and they have the
following granted to them
act as part of o/s
bypass traverse checking
lock pages in memory
log on as a batch job
log on as a service
replace a process level token
kb 283811 says they also need the "increase quotas" permission, but that
doesn't sound like the cause of the errors.
i haven't checked all the registry permissions those two accounts need,
but that doesn't sound like the cause of the error either.
any ideas?i forgot to mention this is sql2000 sp3, win2k latest updates.
also, i went back and added both nt accounts to local admin group and
everything is working properly again.
chxxx wrote:
> i decided to see if i could better secure one of my test servers so
> here's what i did.
> created two local nt accounts (one for the sqlserver service and one for
> agent) that are not local admins.
> through enterprise manager i changed the agent and server to run using
> the appropriate account.
> both the server and agent start, but aren't working properly.
> i get the following errors in the sqlagent error log
> [LOG] The data portion of event 17052 from MSSQLSERVER is invalid
> i get the following error every time i try to start a job
> error 22022 :sqlserveragent is not currently running so it cannot be
> notified of this action.
> the agent is running (i even see the account that runs the agent is
> connected to msdb).
> i see no errors in the sqlserver log, but i do see the following errors
> in the nt application log.
> You do not have sufficient operating system permission to open the
> sqlserveragent status event.
> i checked the user rights for both local nt accounts and they have the
> following granted to them
> act as part of o/s
> bypass traverse checking
> lock pages in memory
> log on as a batch job
> log on as a service
> replace a process level token
> kb 283811 says they also need the "increase quotas" permission, but that
> doesn't sound like the cause of the errors.
> i haven't checked all the registry permissions those two accounts need,
> but that doesn't sound like the cause of the error either.
> any ideas?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment