Re: Site Maintenence tasks

From: Evan [MSFT] (esc_at_online.microsoft.com)
Date: 06/03/04

  • Next message: Jaye: "Re: Site Maintenence tasks"
    Date: Thu, 3 Jun 2004 13:01:30 -0700
    
    

    Ok, here's a summary and probably cause. I got this from dev after looking
    at the log...

     "NT AUTHORITY\SYSTEM" is a local account (part of the os) that belongs to
    Administrators group. You can't see it using User and Computers app, but it'
    s there. By default, sql has a login for builtin\administrators (its name
    for the os Administrators group) which has the sql role of System
    Administrators and has access to all databases. Customers sometimes remove
    builtin\administrators from the System Administrators role due to security
    concerns. If they do, dbmon won't be able to access sql since it uses that
    account to do so. A symptom of this is the site maintenance tasks won't
    appear in the ui since they are installed by the SMS_SQL_MONITOR service,
    which no longer has access to sql (dbmon.log is its log).

    Solution:
    If you removed builtin\administrators from the sql role of System
    Administrators, either:
    a) add it back, or
    b) create a sql login for "NT AUTHORITY\SYSTEM" on the sql server, give it
    the role of System Administrators, and specify that it can access the sms
    database.

    -- 
    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Jaye" <jaye.roberts@specializedloanservicing.com> wrote in message
    news:OFYIuONSEHA.2000@TK2MSFTNGP11.phx.gbl...
    > Here is my smsdbmon.log.
    >
    > "Evan [MSFT]" <esc@online.microsoft.com> wrote in message
    > news:u34b9vLSEHA.3432@TK2MSFTNGP11.phx.gbl...
    > > Please attach the log to your reply and we'll take a look at it.
    > > -- 
    > > This posting is provided "AS IS" with no warranties, and confers no
    > > rights.
    > > "Jaye" <jaye.roberts@specializedloanservicing.com> wrote in message
    > > news:%23VO%23gKASEHA.808@tk2msftngp13.phx.gbl...
    > >> I found the log, it was on an unexpected drive.  Anyway, most of it
    looks
    > > ok
    > >> to me but scattered here and there are failed logins...
    > >>
    > >> *** [28000][18456][Microsoft][ODBC SQL Server Driver][SQL Server]Login
    > >> failed for user 'NT AUTHORITY\SYSTEM'.
    > >>
    > >> Since I have my SQL server and Site server on separate boxes, which NT
    > >> AUTHORITY\SYSTEM is that refering to when it is attempting a login?  My
    > > Site
    > >> server computer account is already an administrator on the SQL server
    and
    > > an
    > >> SA in SQL.
    > >>
    > >> ~Jaye
    > >>
    > >> "Evan [MSFT]" <esc@online.microsoft.com> wrote in message
    > >> news:ubrOZb$REHA.2876@TK2MSFTNGP09.phx.gbl...
    > >> > Enable logging for that component as follows. In admin ui, under
    Tools
    > >> > \
    > >> > SMS
    > >> > Service Manager,. right click and choose All Tasks \ "start sms
    service
    > >> > manager". Under Servers node, choose your remote sql server and
    > > highlight
    > >> > SMS_SQL_MONITOR_XXX. Right click the item in the right pane and
    choose
    > >> > "Logging". Check "logging enabled" and click ok. Then restart sql
    > > monitor
    > >> > service so it reads and uses the logging setting. Then see if any
    > >> > errors
    > >> > are
    > >> > listed in smsdbmon.log, and do you see the statements referred to in
    > >> > Eric's
    > >> > previous mail.
    > >> >
    > >> > -- 
    > >> > This posting is provided "AS IS" with no warranties, and confers no
    > >> > rights.
    > >> > "Tony Linville" <anonymous@discussions.microsoft.com> wrote in
    message
    > >> > news:CFCC1281-7E15-4952-84A8-FDFDAE0D9A0F@microsoft.com...
    > >> >> I am having the exact thing happening on my server.  I have no task
    > >> >> listed
    > >> > and I do not have the smsdbmon.log file either.  I have my SQL on a
    > >> > different server also.  I looked on the SQL server and my SMS server
    > >> > for
    > >> > the
    > >> > log file.  I also stop and restarted the service on the sql server
    but
    > >> > nothing happened.  So any help would be great!
    > >> >> Thanks Tony Linville
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
    >
    

  • Next message: Jaye: "Re: Site Maintenence tasks"

    Relevant Pages

    • Re: SQL account rights
      ... Please advice what is the best, suitable rights rather than domain admin ... Warren Brunk - MCITP - SQL 2005, ... Add it as a login to the SQL Server ... files, or backups, make sure that the service account has Full ...
      (microsoft.public.sqlserver.security)
    • Re: User authentication
      ... There are 2 SQL Server 2005 ... 1 SQL Server 2000 installed on another server ... Windows account instead to run backup jobs. ...
      (microsoft.public.sqlserver.clients)
    • Re: SQL 2000 Server gets hacked
      ... Thank you Beth. ... > placed a strong password on the 'sa' account?) ... Your SQl Service itself shouldn't be running as a ... (SQL Agent requires more, but not SQL Server). ...
      (microsoft.public.sqlserver.security)
    • Re: SQL 2000 Server gets hacked
      ... Thank you Beth. ... > placed a strong password on the 'sa' account?) ... Your SQl Service itself shouldn't be running as a ... (SQL Agent requires more, but not SQL Server). ...
      (microsoft.public.sqlserver.security)
    • Re: Microsoft Search service cannot be administered under the present user error SP3
      ... - Have not modified Administrator account, but i ran the SQL script anyway. ... SQL account is not a local administrator. ... > has this server ever been upgrade from SQL Server 7.0 or is this SQL ...
      (microsoft.public.sqlserver.fulltext)