| Author |
Topic |
|
maximx86
Starting Member
4 Posts |
 Posted - 2013-06-21 : 07:03:13
|
| Hi,All my SQL jobs are failing and generate and error:Error = [Microsoft][SQL Server Native Client 10.0][SQL Server]Login failed for user 'ABBEYEXPATS\AES16$'.AES16 is the SQL machine.I can see two other errors as well:Date 21/06/2013 03:00:01Log SQL Server (Archive #2 - 21/06/2013 10:13:00)Source LogonMessageLogin failed for user 'ABBEYEXPATS\AES16$'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 192.168.1.166]Date 21/06/2013 03:00:01Log SQL Server (Archive #2 - 21/06/2013 10:13:00)Source LogonMessageError: 18456, Severity: 14, State: 11.I checked the MSDN website and found that State: 11 means:Login is valid, but server access failed. One possible cause of this error is when the Windows user has access to SQL Server as a member of the local administrators group, but Windows is not providing administrator credentials. To connect, start the connecting program using the Run as administrator option, and then add the Windows user to SQL Server as a specific login.How can I grant access to the computer (AES16) in SQL?RegardsMax |
|
|
bandi
Master Smack Fu Yak Hacker
2242 Posts |
|
|
ahmeds08
Aged Yak Warrior
737 Posts |
Posted - 2013-07-03 : 06:27:40
|
| Its always better to run the jobs through sa account.mohammad.javeed.ahmed@gmail.com |
 |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2013-07-03 : 07:11:34
|
quote:
Originally posted by ahmeds08
Its always better to run the jobs through sa account.mohammad.javeed.ahmed@gmail.com
Nope. Not recommended.Better to create proxy accounts giving it only sufficient permissions (like access to folders etc required by job steps) and use it for running jobs.Using sa account means it will have "unrestricted" permissions which can cause security issues especially when code it uses have some security vulnerabilities.The rule of thumb should be DENY all first and then GRANT only the required permissions. Please keep in mind there can be code inside jobs which may execute outside sql server engine control (like batch files, xp_cmdshell etc)Thats the reason why sa account is disabled by default in the first place as its one of first places which hackers tries to exploit for attacks.------------------------------------------------------------------------------------------------------SQL Server MVPhttp://visakhm.blogspot.com/https://www.facebook.com/VmBlogs |
|
|
|
ahmeds08
Aged Yak Warrior
737 Posts |
Posted - 2013-07-03 : 07:31:50
|
| Visakh,Thanks for your explanation.What i knew was if the domain account has access problems with the AD then the jobs might fail.mohammad.javeed.ahmed@gmail.com |
|
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2013-07-03 : 07:42:32
|
quote:
Originally posted by ahmeds08
Visakh,Thanks for your explanation.What i knew was if the domain account has access problems with the AD then the jobs might fail.mohammad.javeed.ahmed@gmail.com
How can domain account have access problems with AD? As I understand, domain accounts will be created and maintained in AD itself for windows based network so cant think of a possibility for that. Can you shed some light?------------------------------------------------------------------------------------------------------SQL Server MVPhttp://visakhm.blogspot.com/https://www.facebook.com/VmBlogs |
|
|
|
ahmeds08
Aged Yak Warrior
737 Posts |
Posted - 2013-07-03 : 08:17:41
|
| Sometimes due to ip conflicts a domain account could not log in to domain network,this would be one case.other case would be if a domain account has been disabled by admin for some reason?.mohammad.javeed.ahmed@gmail.com |
|
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2013-07-03 : 08:32:46
|
quote:
Originally posted by ahmeds08
Sometimes due to ip conflicts a domain account could not log in to domain network,this would be one case.other case would be if a domain account has been disabled by admin for some reason?.mohammad.javeed.ahmed@gmail.com
both of these are problems outside of sqlserver that need to be addressed by concerned persons (system admins) at the network level. Configuring sql server to use sa account for all jobs is not a remedy for any of them------------------------------------------------------------------------------------------------------SQL Server MVPhttp://visakhm.blogspot.com/https://www.facebook.com/VmBlogs |
|
|
|
ahmeds08
Aged Yak Warrior
737 Posts |
Posted - 2013-07-03 : 08:37:59
|
| Got it...Thanksmohammad.javeed.ahmed@gmail.com |
|
|
|
|
Login failed for user 'domain\computer$'