Utility Control Point enrollment fails SQL Server 2008 R2 enterprise - sql-server

I have created a Utility Control Point on one instance of SQL Server 2008 R2 Enterprise. I have 2 other SQL Server instances that are already pushing data to a management warehouse database on the UCP server (separate database). I would like to enroll those 2 servers that are already part of an MDW to the UCP, however when I go through the enrollment process it validates successfully, but during the enrollment's final stage it throws an error during the enrolling the instance step:
An exception occurred while executing a Transact-SQL statement or batch. Could not obtain information about Windows NT group/user 'domain\user', error code 0x5. (Microsoft SQL Server, Error: 15404)
The 'domain\user' that it lists in the error message is the AD domain service account on the target server to be enrolled. All 3 of these servers are on the same domain, the SQL Server Agent Service accounts are different for each server. When going through the enrollment set up I have connected to the instance with a domain account and the sa account and tried different service accounts none of which seem to work.
Does anyone have any ideas?

Related

Setting Up Multi-Server Administration---SQL Server Account

I am trying to set up Multi Server Administration so that I can easily update multiple instances of the same database across our network with ease. Where I am getting lost is how to set up the SQL SERVER AGENT service on the target machines.
Right now the SQL SERVER AGENT services on the machines are set to log on as NTSERVICE\SQL SERVER AGENT.
My SQL Server Agent process is set to log in as LocalSystem
My overall goal here is to figure out why I can't set any target servers from my machine, as I always run into the following error:
TITLE: Microsoft.SqlServer.Smo
------------------------------
MSX enlist failed for JobServer 'MYPC'.
For help, click: https://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=15.0.18206.0+((SSMS_Rel).191029-2112)&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=MSX+enlist+JobServer&LinkId=20476
------------------------------
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
The enlist operation failed (reason: SQLServerAgent Error: Unable to connect to MSX 'MYPC'.) (Microsoft SQL Server, Error: 22026)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&ProdVer=14.00.2027&EvtSrc=MSSQLServer&EvtID=22026&LinkId=20476
------------------------------
BUTTONS:
OK
------------------------------
When looking at the log on my machine I see the following error when trying to enlist the target machine:
Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
I'm not clear on the service accounts you have configured. At one point you state that it uses NTSERVICE\SQL SERVER AGENT but then you state "set to log in as LocalSystem "
From the Docs page , When the SQL Server Agent service is run under the Local System account, master server-target server operations are supported only if both the master server and the target server reside on the same computer.
You mention that this is across a network, therefore you should be using Domain Accounts for your SQL Agent service
LocalSystem has far too many permissions to be a secure choice - especially with a MultiServer configuration where a single server compromise may open all your servers. Whenever a local or virtual account is used then the network communications occur as the Computer Domain Account - e.g. if my server was named s1 in the MyDomain then the computer account would be MyDomain\S1$
I recommend that you configure SQL Agent to use a dedicated domain account, following the guide for permissions here. Additionally, to use multiserver job processing, the SQL Server Agent service account must be a member of the msdb database role TargetServersRole on the master server. The Master Server Wizard automatically adds the service account to this role as part of the enlistment process.

Merge from 2 different servers: SQL Server Agent Job - Authentication Error

I have a SQL statement that merges 2 databases together, from 2 different servers (SQL Server 2012 for both).
The two servers are linked, so when executing the statement in a query window from Management Studio with the SA account it works perfectly.
However, I need to automatize this. I created a Job in the SQL Server Agent, and I keep getting an authentication error. This is because the user that is executing the SQL Server Agent service doesn't have the SA rights on both servers.
This is the error:
The OLE DB provider 'providerName' for the connection server
'serverName' reported an error. Authentication failed.
I tried setting a superadmin user from the Active Directory with all rights on both servers to execute the SQL Server Agent, but I still get the error.
Is there any way to fix this?
Thanks
You can store your linked server credentials with your linked server definition (forbid my picture editing skills ;-)):
Alternatively - and much more preferabele from security point of view - setup same account on both servers (you can then limit the account privileges as you need) and use the third option ('Be made using the login's current security context')

Query works via linked server in SSMS Query window ,but fails through SQL server agent job

We have 2 SQL Servers in each of our environments. Server A is our Data Warehouse SQL Server and Server B is our OLTP server. We have the following environments PROD, STAGE, SIT, DEV. We have configured a linked sever on Server A in each environment to read, write and Exec a stored procedure on Server B. A SQL job was created on Server A to do a simple select statement from Server B to test the connection. The service account that will be running all of the jobs was configured as the job owner and "Run as User". In Prod, STAGE and SIT the test job is working. In DEV the test job is failing with the message "Access to the Remote Server is Denied because the current security context is not trusted"
I have logged in to server A as the service account and run the exact select command to server B in a query window and the command successfully returns results.
I tried a SQL job on Server A in DEV that calls an SSIS package. It uses the same service account as the test job via a proxy & credential. The SSIS package is calling a stored procedure on Server B. When I run this job it succeeds and executes a stored procedure on Server B that writes data to server B.
I validated that the Service account has administrator privileges set the same across all environments.
I validated that the Linked server has the same configuration across all environments.
I have tried to set up the Linked Server to link the service account on Server A to a SQL account on Server B
I have tried to set up the Linked Server to "Be made using the login's current security context" on Server B
I have tried changing the SQL job to run as an operating system CmdExec. SQLCMD -E -Q "select * from [Server].[Database].[Schema].table" using the same proxy and credential as the job that is working. This resulted in the following error
"A network-related or instance-specific effor has occured while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections."
I validated that the servers can ping each other.
I ran SQLCMD -L via the command line to validate that the servers are both present.
I enabled the Named Pipes protocol on both servers A and B in the configuration manager.
I tried running the test job under my credentials as an SA and got the same
"Access to the Remote Server is Denied because the current security context is not trusted" message.
I tried copying and pasting the SQL from the test job into a query window on Server A using my credentials and was able to run the query successfully.
I tried recreating the SQL job.
I tried restarting the SQL Services.
The only appreciable difference I can think of between this environment and the others is that Server A is a named instance and Server B is a default instance.
Also of note, the SQL Browser service on Server B is being run by a local account instead of a service account. SQL Browser on Server A is being run by a service account.

Error 18456 while connecting error while trying to connect to SQL Server

I am completely new to databases.. I am doing a small application which needs to connect to a SQL Server database.
My SQL Server is installed on the company server
I am trying to login to SQL Server from my local system
Steps I have tried so far:
Since I have admin credentials to the company server I have logged in and included myself (SQL Server authentication) under security -> logins
So now when I try to connect from my local computer it is giving me "Login failed for user (Microsoft SQL Server error 18456)".
Can any one please help me with this?
Goal: I want to connect to companies server from my local machine.

Link Server between 2 servers doesn't work but works on all other servers

A little background on what has been going on. I have been in the process of upgrading our sql server from 2008 R2 to 2012. The way I have been doing this is by taking the server to upgrade, lets call it Server A. Then taking a server a new server, lets call it Server C.
Moving all databases from Server A to Server C.
Renaming Server C to Server A and Server A to Server C.
Completely blowing away the Server C (old Server A).
Installing windows 2012, and SQL Server 2012 on Server.
Rename both servers to their original name.
The network team actually installed Windows server, got it on the network, etc. I only installed SQL Server 2012. I have done this with 8 servers and have had no problems from them so far. Both servers are running SQL Server 11.0.3373 windows version 6.2 build(9200). I also am sysadmin on all sql servers, but not a domain admin.
The issue
I am trying to create a link server from Server A to Server B. I can create the link server without an error, but i get an error when i use it in a query.
More relevant information
The firewall is turned off on Server B on all these tests.
I am able to ping Server A from Server B and vice versa.
I did a tracert and it comes up with the correct server and ip address( from both servers)
When I create the link server with *Other data source*
“Microsoft OLE DB Provider for SQL Server” or “SQL Server native Client 11.0”
I am able to query the master database when I query a user created database I get this error:
Msg 7314, Level 16, State 1, Line 1
The OLE DB provider "SQLNCLI11" for linked server "SERVER_B" does not contain the table ""UserDB"."dbo"."Table1"". The table either does not exist or the current user does not have permissions on that table.
SSMS
When I RDP into the Server A, run SSMS, try to connect to Server B I get this error:
"A transport-level error has occurred when receiving results from the server (Provider TCP Provider, error: 0- The specified network name is no longer available.) (Microsoft SQL Server Error: 64)"
RDP
When I try to RDP into Server B from Server A. I get an error that says "This computer can't connect to the remote computer. I also had a domain admin try and gets the same error.
Server B to A errors
I tried going the other way with it.
I RDP into Server B. In SSMS I try to connect to Server A. Below is the error i get.
A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 - The semaphore timeout period has expired.) (.Net SqlClient Data Provider)
Any help would be appreciated.

Resources