event ID 17052 when setting Separate service account(non-admin) for SQLServer/Agent

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Nobu Hirashima (nobu.hirashima_at_cs.pfu.co.jp)
Date: 04/01/04 

Date: Thu, 1 Apr 2004 09:35:11 +0900

Hello,

OS:Windows2000Server/SP4, Workgroup(standalone)
DB:SQLServer2000 SP3

I'm trying to secure my server by changing SQLServer/Agent
service account to non-admin users.
I managed to make the change, but after I restart these
services error events 17052 and 322 pop up endlessly on the
Application log.

(I'm using localized OS, I translated the message but the
text may not exactly match what you see)
--------------------------

event type: error
event source: MSSQLSERVER
event category: (2)
event ID: 17052
description: Insufficient operating system rights to read
status events for SQLServerAgent

--------------------------

event type: error
event source: SQLSERVERAGENT
event category: Alert Engine
event ID: 322
decription: The data portion of event 17052 from MSSQLSERVER is invalid.

--------------------------

Here's what I did:

After clean install of SQLServer2000 + SP3 + KB815495 patch,
I created two generic local user accounts(SQLServer, SQLAgent)
from the "Manage this computer" tool, and assigned them
via Enterprise Manager.
I also checked KB 283811
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811&sd=tech
All the permissions and ACLs meet the requirements listed on this document.

I'm doing this since I needed SQLMail for both services, and
thought I had to use separate users/Mail profiles to avoid
 any trouble.

I found these workarounds, but not too preferable.
     1. Put SQLServer account into Administrators group.
     2. Run both SQLServer/SQLAgent on same account.

So SQLServer service account needs more privilege.
The problem is what exactly is necessary.

I've been stuck with this for about 2 full days.
Any help is greatly appreciated.

Thanks,

nobu.hirashima@pfu.fujitsu.com

Relevant Pages