Permissions in PL/SQL

I have a maintenance package owned by SYSTEM that performs update/delete/insert, etc...on other schemas. It uses dynamic SQL / execute immediate to clean up outdated info, etc... As I update the schemas and add new tables why do I need to give SYSTEM rights on these tables before I can execute the procedures in the package? I can log in as system in SQL*Plus or any other query too and do the exact same operations. I don't understand what the difference is.

Hi,
Roles don't count in stored procedures. If SYSTEM has privileges only through a role, then when you log in as SYSTEM, you can do things directly that you can't do in a stored procedure.
Log in as SYS (or another user with sufficient privileges) and grant the necessary privileges directly to SYSTEM.
For example:
GRANT UPDATE ANY TABLE TO system;Creating you own objects (like procedures or tables) in the SYSTEM schema can cause trouble, e.g., when you migrate to a new database.
You should create a special user (call it MY_SYSTEM, if you like) with SYSTEM-like powers, and use it for this kind of work.

Similar Messages

Permissions to modify SQL Agent Jobs

Permissions
on SQL Server Agent
I would
like to assign the permission to user ,who can edit all SQL agent job(even own by others) without assigning the sysadmin role.
is it possible?
regards
EA

Hallo Ekbal,
only granting access to the procs will not fit because internally these procs check whether the executing account is member of the sysadmin-role of of any other roles which need the required permissions.
What you have to do is the development of a wrapper-proc which covers the execution with a different user. Get details concerning here:
http://msdn.microsoft.com/en-us/library/ms178106(v=sql.90).aspx
Long story short - you have to do the following steps if you execute the procedures in the context of a certificate:
1. Create a certificate you want to use for the execution of the wrapper procs in msdb
CREATE CERTIFICATE cert_Jobs
ENCRYPTION BY PASSWORD = 'myUltracomplexPassword'
WITH SUBJECT = 'Certificate for JobManagement',
START_DATE = '20120101',
EXPIRY_DATE = '29991231'
2. Backup the certificate for later implementation in the master and implementation in master database
BACKUP CERTIFICATE cert_JobHistory TO FILE = 'C:\temp\cert_JobHistory.cer';
USE master;
GO
CREATE CERTIFICATE cert_JobHistory FROM FILE = 'C:\temp\cert_JobHistory.cer';
3. Create a login based on the certifcate and make it a sysadmin
CREATE LOGIN login_JobHistory FROM CERTIFICATE [cert_JobHistory];
GRANT AUTHENTICATE SERVER TO [login_JobHistory];
GO
EXEC sp_addsrvrolemember @loginame = 'login_JobHistory', @rolename = 'sysadmin';
4. create a user in msdb for the login, create a wrapper proc for sp_update_job
USE msdb
GO
CREATE USER login_JobHistory FROM LOGIN [login_JobHistory];
GO
CREATE PROC dbo.proc_wrapper_update_job
@paramter_list of sp_upate_job
WITH EXECUTE AS OWNER
AS
BEGIN
EXEC dbo.sp_update_job @parameter_list
END
5. add signature of certificate to the proc
ADD SIGNATURE TO OBJECT::dbo.proc_wrapper_update_job
BY CERTIFICATE [cert_JobHistory]
WITH Password = ''myUltracomplexPassword';
6. Grant EXECUTE-permission on the proc to dedicated users you want to manage the jobs
IMHO this process is a bad workaround and - just my point of view - not practicable but I don't see any other solution than granting sysadmin privileges for the dedicated users. What you can do also is doing the modification to the mentioned procs but this
is definitely not recommended because these procs are system procs and you will loose support from Microsoft!
Get more details concerning execution of procedures by certificates by visiting the following links:
AUTHENTICATE SERVER:
http://support.microsoft.com/kb/906549
Using certificates for execution of procs:
http://msdn.microsoft.com/en-us/library/bb283630(v=sql.105).aspx
Uwe Ricken
MCSE - SQL Server 2012
MCSA - SQL Server 2012
MCITP Database Administrator 2005
MCITP Database Administrator 2008
MCITP Microsoft SQL Server 2008, Database Development
db Berater GmbH
http://www-db-berater.de
SQL Server Blog (german only)

Permissions needed for sql server job to execute stored procedure on linked server?

Hi all
I have a job step which attempts to call a stored procedure on a linked server.
This step is failing with a permission denied error. How can I debug or resolve this?
The job owner is sysadmin on both servers so should have execute permission to the database/proc I'm calling, right?
The error is:
The EXECUTE permission was denied on the object 'myProc', database 'myDatabase', schema 'dbo'. [SQLSTATE 42000] (Error 229). The step failed.
My code is:
EXEC [LinkedServer].myDatabase.dbo.myProc
Also tried:
SELECT * FROM OPENQUERY([LinkedServer], 'SET FMTONLY OFF EXEC myDatabase.dbo.myProc')
With the same result.
Any help appreciated.

The job owner may be sysadmin on the remote server. The service account for SQL Server Agent may not. And it is the latter that counts, since the it the service accounts that logs in and impersonates the job owner. But the impersonation inside SQL Server
does not count much in Windows, and it is through Windows connection is made to the other site.
One way to resolve this is to set up a login mapping for the job owner. The login mapping must be for an SQL login on the remote server.
You can verify the theory, but running this query from the job:
SELECT * FROM OPENQUERY([LinkedServer], 'SELECT SYSTEM_USER')
By the way, putting SET FMTONLY OFF in OPENQUERY is a terrible idea. This has the effect that the procedure is executed twice. (Unless both servers are SQL 2012 or higher in which case FMTONLY has no effect at all.)
Erland Sommarskog, SQL Server MVP, [email protected]

SQL Permissions for the SQL Managment Pack

Hi,
Were implementing version 6.5.1.0 of the SQL 2005 2008 2012 Managment pack. Its going ok, but there is a line...
Add “SQLDefaultAction” to the dbmodule_users database role.
that makes no sense. I can't see dbmodule_users as a database role. Am i being thick?
Chris
Chris Gibson

Hi Chris,
Did you follow the SQL management pack guide downloaded here:
http://www.microsoft.com/en-us/download/details.aspx?id=10631
To configure runas account for SQL monitor, you may check the article below:
http://blogs.technet.com/b/kevinholman/archive/2010/09/08/configuring-run-as-accounts-and-profiles-in-r2-a-sql-management-pack-example.aspx
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Setting Oracle Permissions for file access from a pl/sql function

I have a pl/sql function that calls a java method which moves a
file from a directory to another.
Since we are using Linux, Oracle wants some permissions.
Those permissions are set using:
call dbms_java.grant_permission(USER, 'java.io.FilePermission',
FILE, permission)
OK, i want to use this in my pl/sql function, but it doesn't
work.
My function looks like something like this:
-- some pl/sql code
dbms_java.grant_permission(someUSER, 'java.io.FilePermission',
sourceFILE, 'write');
dbms_java.grant_permission(someUSER, 'java.io.FilePermission',
destFILE, 'write');
flag := move(sourceFILE, destFILE);
-- flag is for 1 -> done and 0 -> error
-- some more code ...
The problem is the lines of
dbms_java.grant_permission(someUSER, 'java.io.FilePermission',
sourceFILE, 'write');
do not work!
When i grant permissions manually in sql plus it works great,
but when i do it from the function it does not work!
Any ideas anyone?
Any help would be appreciated.

The command :
dbms_java.grant_permission
(someUSER, 'java.io.FilePermission',sourceFILE, 'write');
is right.
Open sqlplus
Connect as sys or system
type :
execute dbms_java.grant_permission
(someUSER, 'java.io.FilePermission',sourceFILE, 'write');
commit;
try to compile again your procedure...does it work now ?
bye
Giovanni Regola

SysAdmin permissions on SQL in a Hierarchy

We are getting the following error in the Monitoring / Replication tab:
We have a CAS and 4 primary sites, replication is failed between all.
The Computer account for our CAS has SA permissions on the SQL box, does the computer account for the SQL box also need to be added to SA on itself?
What about the other primary server computer accounts, do they need to be SA on the CAS SQL box?

When installing Config Mgr 2012 with a remote SQL server it is required that the installation account and the Config Mgr computer account
are both Local Administrator and SQL Sysadmin on the remote server.

SQL Server UID Permissions and JDBC

I'm using Netbeans 5.5.1 on my local PC and have created a connection to a remote SQL server using IP. I have followed the JDBC driver installation (as obtained from the Microsoft site) and I have even connected to the remote database in my Netbeans IDE using an account "imsteam". All appears okay with the connectivity....except...
With the account "imsteam", that I use to remotely connect to the database server...I can only see tables and stored procedures that were created by the user "imsteam". All other tables and stored procedures have been created/owned by "dbo", which I know exist, but I can't see them in my "run-time" window in Netbeans.
I have had our DBA check the permissions on the SQL server itself, and "imsteam" account has access to all tables and stored procedures, but I still can't see them through the JAVA netbeans IDE.
Is there some little "gotcha" that I need to be aware of when using netbeans so I can see these tables and procedures. Any advice, or references to articles specifically on account permissions with netbeans would be appreciated.
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>formats1='(\\+\\d{1,3} ?)(\$\\d{1,5}\$|\\d{1,5}) ?\\d{1,6} ?\\d{0,7} ?\\d{0,5} ?\\d{0,5}'</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>formats2='(?:\\+? ?[01] ?-?\\.?)?\$?\\d{3}\$?\\�?-?\\.? ?\\d{3}-?\\.?\\�? ?\\d{4}'</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>dialPath='C:/Program Files/Avaya/Avaya IP Softphone'</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>var ecNumStr='';function captureMouseClick(e){sel=event.srcElement;if(sel.className=="clickableSpan"){val=ReturnValidNumber(sel.innerText);if(val){dial(val);}ecNumStr='';}}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function captureMouseOverOut(e){sel=event.srcElement;if(sel.className=="clickableSpan"){status="Click to dial using Avaya IP SoftPhone";document.body.style.cursor="file://"+dialPath+"/ring.ico";}else{document.body.style.cursor="";status="";}}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>document.onclick=captureMouseClick;document.onmouseover=captureMouseOverOut;document.onmouseout=captureMouseOverOut;</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function mainFuncFN(){parsePhoneNums();return;}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function parsePhoneNums(){var formats=new Array;formats[0]=RegExp(formats1,"gi");formats[1]=RegExp(formats2,"gi");for(var nof=0;nof<2;nof++){if(document.body.createTextRange==null)return;var brng=document.body.createTextRange();var drng=brng.duplicate();bodytext=brng.text;var numbers=bodytext.match(formats[nof]);if(numbers==null);else{for(var i=0;i<numbers.length;i++){flag=0;if(ReturnValidNumber1(numbers[i])==-1)continue;if(!drng.findText(numbers))continue;if(check_valid_range(drng) == -1) flag = 1;brng.setEndPoint("StartToEnd",drng);if(flag == 0)assignContextMenu(drng);drng=brng.duplicate();}}}}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function assignContextMenu(rng){if (rng.parentElement().tagName=='SPAN'){if(rng.parentElement().className=='clickableSpan')return;}if((val2=rng.execCommand("BackColor",0,"YELLOW"))==false)return;fnspan=document.createElement('span');rng.parentElement().appendChild(fnspan);fnspan.className='clickableSpan';fnspan.innerText=rng.text;rng.text="";}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function ReturnValidNumber(inStr){var retnum="";var digits="0123456789";var others=".()-+ �";var others2=".()-+ ";var others1=" ";var i=0;for(i=0;i<inStr.length;i++){var c=inStr.charAt(i);if(digits.indexOf(c)==-1&&others.indexOf(c)==-1)return -1;if(digits.indexOf(c)!=-1||others.indexOf(c)!=-1){retnum+=c;}}return retnum;}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function ReturnValidNumber1(inStr){var retnum="";var digits="0123456789";var others=".()-+ �";var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZ";var i=0;for(i=0;i<inStr.length;i++){var c=inStr.charAt(i);if(digits.indexOf(c)==-1&&others.indexOf(c)==-1&&alpha.indexOf(c)==-1)return -1;if(digits.indexOf(c)!=-1){retnum+=c;}if(alpha.indexOf(c)!=-1){ retnum+=c;}}if(retnum.length<9){return -1;}if(retnum.length>16){return -1;}return retnum;}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function check_valid_range(rng) {rng1 = rng.duplicate();rng1.moveStart("character",-1);length_orig= rng.text.length;length_1 = rng1.text.length;if(length_orig == (length_1 -1)){inStr = rng1.text; var digits = "0123456789";var alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";var c1 = inStr.charAt(0);if ((digits.indexOf(c1) != -1) )return -1;if((alpha.indexOf(c1) != -1))return -1;}rng1.moveEnd("character",1);length_2 = rng1.text.length;if(length_1 == (length_2 -1)){inStr = rng1.text;var digits1 = "0123456789-";var alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";var c2 = inStr.charAt(length_2 -1);if( (alpha.indexOf(c2) != -1))return -1;if((digits1.indexOf(c2) != -1))return -1;}return 1;}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>function dial(telephoneNumber){if(telephoneNumber==null)return;if(telephoneNumber.length<2)return;if(telephoneNumber.length>50){number1=telephoneNumber.slice(0,50);window.location="phone://"+number1;}else window.location="phone://"+telephoneNumber;}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>document.onmouseup=mouseup;function mouseup(){ xE=document.selection.createRange();here=xE.duplicate();here.collapse();etype='mouse';try{top.select=(xE.text).slice(0);}catch(e){;}}</SCRIPT>
<SPAN style="DISPLAY: none">h</SPAN>
<SCRIPT defer>mainFuncFN()</SCRIPT>

hi shilohcity,
i did have some problem when i updated my sql server to sp3. The driver i was using.., Atinav's aveConnect3, didn't connect and was throwing exceptions. But after contacting their tech support, they provided me with an updated version, which they had released recently, and that solved the problem. I now believe that with that support, what i paid for that driver was worth it.'cos I would've been kept waiting for the updates if i was using some free driver with poor tech support.
see these links..
http://forum.java.sun.com/thread.jsp?forum=48&thread=351239
and another one
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=e4774458.0301270610.134f9e5d%40posting.google.com&rnum=1&prev=/groups%3Fq%3DaveConnect%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3De4774458.0301270610.134f9e5d%2540posting.google.com%26rnum%3D1
I do think this is some problem that could be solved by the driver vendors. the M$ 's TDS version is still a mystery as far as i know. and the driver should communicate with sql server using this TDS protocol. I dont know, may be SP3 would've introduced updates in the TDS protocol.. and the drivers should be able to support it, or new updated versions released.
It can happen in future too... M$ may change their stance anytime.. better be wise in choosing your DB Server and even be more careful while chosing JDBC drivers.
cheers,
-Jer

SCCM 2012 and SQL Permissions

I have been questioned on one my SCCM implementations, the DBA wants me to revoke sysadmin rights for the site server account (SCCM computer account) as well the the SCCM install account on the SQL server currently hosting our Configmgr database.
1. What are the repercussions (operations, site backups and reporting level) if I revoke these rights after implementation?
2. What permissions does the site server computer object require if we are to revoke sysadmin rights?
3. Also could I get away with revoking local admin rights on the SQL server for our SCCM Site Server account?

First, it's called tongue in cheek humor. DBAs take themselves entirely too seriously -- case in point :-)
Second, you are not granting "someone" sysadmin rights, you are granting sysadmin rights to a computer account which is very secure and cannot be interactively logged into. The install user account needing sysadmin rights is only temporary. Security is about
managing risk, not absolute rules. Absolute rules leave systems unuseable and typically imply that the person applying them doesn't even know why they are applying them -- they are just blindly doing it. Giving your neighbor a key to your door also violates
the security standard of not giving anyone the keys to your house but you trust your neighbor and have other security pre-cautions in place so it's an acceptable risk. Just like giving a computer account sysadmin rights -- does it violate a core principal,
perhaps, does it lower your security posture, no. Will it cause the DBAs some additional paper work, perhaps (maybe I've hit on the real reason your so perturbed?)
Next, ConfigMgr is not sending an e-mail or simply using the database -- it is also monitoring that database, re-indexing it, backing it up, and in general managing its configuration and health as well as the server hosting it. No one is asking for permissions
on every SQL Server, just the one that ConfigMgr uses so your analogy is far out of proportion.
As for DBAs screwing up every ConfigMgr install -- sorry but this is fact. As mentioned, it's happened on *every* ConfigMgr project I've ever been on and everyone I know that implements ConfigMgr says the same thing. And why does this happen? Because the
DBAs blindly follow their own guidance instead of what we've asked of them.
As for ITIL, sorry, most people "say" they practice ITIL but ITIL is in fact unpracticable in the real world -- just like Robert's Rules of order it means everyone is more concern about how to fill out the proper paperwork instead of actually getting anything
done -- it's a theoretical set of concepts that are great in theory and have a lot of practical application. Split responsibilities are also good in theory, but always cause issues when there isn't communication and the right hand decides to apply its own
standards in a vacuum of reality and ignores the requests made of it by the left hand.
As for security, you are sadly misinformed and read too many industry rags with talking heads that spew garbage so that the uninformed can feel empowered. In the last handful of years, Microsoft and its products have been oft lauded and recognized as industry
leaders in security by all reputable security sources.
As for ConfigMgr (SCCM is the Society for Critical Care Medicine so if you wish to insult them, I suggest you go to their website) being "crappy", well that just sounds like Microsoft bashing and serves no real purpose.
If you wish Microsoft to change ConfigMgr's sysadmin requirements, I suggest you file a DCR on Connect. Be prepared to justify your suggestion with real-world business impact and real technical reasons and not just "I'm a DBA and I say so" and "ConfigMgr
is crappy".
Jason | http://blog.configmgrftw.com

SCVMM 2008 R2 - "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS)."

I know this question has been asked before, but never for R2, that I can tell, and the posted fixes aren't working. I have just installed SCVMM 2008 R2 on a Windows Server 2008 R2 server, using a remote SQL 2008 SP1 database. When I attempt to connect to SCVMM, I get the following error:
"The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).
Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.
ID: 2607"
What I've seen online is that this is usually becuase the domain account SCVMM is running as does not have the proper permissions on the SQL database. Here's what I've confirmed:
1) My SCVMM service account is a local admin on the SCVMM server
2) My SCVMM service account is a dbowner on the SCVMM database in SQL
3) My SQL service account is a dbowner on the SCVMM database in SQL
4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still "doesn't have access to AD DS," which is obviously untrue)
5) Neither service account is locked out
Has anyone run in to this? It says in Technet that remote SQL 2008 is supported, as long as the SQL management studio is installed to the SCVMM server, and I installed and patched before I began the SCVMM installation. I just don't know what else to try - I have no errors in event logs, no issues during the installation itself...
Andrew Topp

That answer was very unhelpful fr33m4n. The individual mentions that they've received the error that points to the KB article. I currently receive the same error -- there seems to be no resolution. I've run the Microsoft VBS script to add TAUG to the WAAG
as suggested by 331951, and that made absolutely no difference.
1) My SCVMM service account is a local admin on the SCVMM server
2) My SCVMM service account is a dbowner on the SCVMM database in SQL
3) My SQL service account is a dbowner on the SCVMM database in SQL
4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still
"doesn't have access to AD DS," which is obviously untrue)
The user is also a member of WAAG, the machines have delegated authority to each other. Is there any other solution?

Service Accounts for Reporting Service in SQL Server Failover Cluster setup

I am setting up 2 Report Services (SSRS) in SQL Failover Clustering (Version: 2012SP1) on Windows 2012, as part of scale out architecture.
There are 2 options to configure the service account for SSRS:
Option 1) Using domain accounts, as what I have done for DB Engine and SQL Agent.
Option 2) accept the default, which is virtual account for SSRS. Per documentation URL:
http://msdn.microsoft.com/en-us/library/ms143504.aspx
which is the recommended one? is it option 2?
There is security note on above URL as well, but does not clearly mention that option 1 is not recommended.
Security Note: Always run SQL Server services by using the lowest possible user rights. Use a MSA or virtual account when possible. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead
of a shared account for SQL Server services. Use separate accounts for different SQL Server services. Do not grant additional permissions to the SQL Server service account or the service groups. Permissions will be granted through group membership or granted
directly to a service SID, where a service SID is supported.
Thanks very much for your help!

Hi Luo Donghua,
In SQL Server Failover Cluster Instance, personally two options can run well. If you use the virtual account for SQL Server Reporting Service. Virtual accounts in Windows Server 2008 R2 and Windows 7 are managed local accounts that provide the features to
simplify service administration. The virtual account is auto-managed, and the virtual account can access the network in a domain environment.
Of cause, you can also use domain accounts in your clustering.
Just make sure your service account is set up here, or that it is using a proper built-in account.For more information, see:http://ermahblerg.com/2012/11/08/cluster-ssrs-in-2008/
Thanks,
Sofiya Li
Sofiya Li
TechNet Community Support

Why SCCM 20012 Install fails with remote 64 bit SQL Server but proceeds for remote 32 bit SQL Server

I have the following setup:
AD User accounts
- SQLAdmin (used to run SQL Services i.e. Database Engine)
- SCCMADmin (used to install SCCM 2012)
SPN registered for user account SQLAdmin
setspn -S MSSQLSvc/SQL.Domain_Name:1432 Domain_Naem\SQLAdmin
setspn -S MSSQLSvc/SQL:1432 Domain_Name\SQLAdmin
setspn -S MSSQLSvc/SQL.Domain_Name:1433 Domain_Naem\SQLAdmin
setspn -S MSSQLSvc/SQL:1433 Domain_Name\SQLAdmin
and checked with setspn -L TESTING\SQLAdmin
1 SERVER called SQL
32bit Server with SQL Server 2008 + SP3 + Cumulative Update 6
2 SQL instances - Default (MSSQLSERVER) and
SCCM2012
MSSQLSERVER instance uses TCP port 1433
SCCM2012 Instance users TCP port 1432 (no dynamic ports)
User accounts that have been given public and sysadmin SQL server roles
on both instances are: SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Client Protocols TCP enabled (and Named Pipes) (checked via SQL Server Configuration Manager)
Local Administrators Group on this server has members - SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Firewall turned on with access allowed on Ports 1432, 1433, 4022,445, and WMI - WMI-in, DCOM-in and ASync-iN builtin rules allowed\enabled.
1 SERVER called SQL3
64bit Server with SQL Server 2008 + SP3 + Cumulative Update 6
2 SQL instances - Default (MSSQLSERVER) and
SCCM2012
MSSQLSERVER instance uses TCP port 1433
SCCM2012 Instance users TCP port 1432 (no dymanic ports)
User accounts that have been given public and sysafmin SQL server roles on both instances are:
SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Client Protocols TCP enabled (and Named Pipes) (checked via SQL Server Configuration Manager)
Local Administrators Group on this server has members - SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Firewall turned off
1 SERVER called SCCM
64bit Server that is to be the Primary Site Server\MP for SCCM 2012
ODBC link to SQL\SCCM2012,1432
ODBC link to SQL3\SCCM2012,1432
ODBC uses SQL Native Client 10.0 (64 bit)
Both ODBC connections when TESTed pass and suggest connectivity to SQL Servers
Install process doe SCCM2012
Tried to install SCCM 2012 RC2 when logged in to SCCM Server as AD user account
SCCMAdmin, and when utilising the SCCM2012 SQL instance on
32 bit server of SQL install proceeds barring warning about 8GB rec, for SQL Server. Then fails on PKI certificate issue. Installation (chose HTTP for MP). I beleive the PKI failure as install starts is
due to the fact that SCCM 2012 needs its database server to b 64 bit ?
Thus i then tried to install SCCM 2012 RC2 when logged in to SCCM Server as AD user account SCCMAdmin, and
when using the SCCM2012 SQL instance on
64 bit server of SQL install proceeds but fails at checking stage and says:
SQL Server sysadmin rights FAILED SQL3.Domain_Name
Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup
cannot continue.
and
Site System to SQL Server communication WARNING SCCM.Domain_Name
A communication error has been detected between the specified site system and the site database computer. This error can occur when the site database server is offline or if a valid SPN has not been registered in Active Directory Domain Services for the SQL
Server instance hosting the site database. Setup cannot continue.
Why does the install of SCCM 2012 with 32 bit SQL proceed further than the install with 64 bit SQL, with the latter process failing as above error meesages show and yet both servers are set identically (apart from temporary turning off Firewall on the 64
bit server) and during the install the Databse Server specified is accepted ?

Thanks for the reply.
I can connect via ODBC to the the 32 bit SQL Server and the 64 bit SQL Server from the SCCM Server
The SQL Server Unit called SQL3 unit is a 64 bit SQL.
The SQL Server Unit called SQL is only 32 bit, but at least gets past the final checking stage and the error messages about sysadmin rights and Site System to SQL Server communication problem, and then fails with PKI certificate error message.
When trying to install SCCM specifying the 64 bit SQL Server as the Database Server it gives the 2 error messages at the final checking stage of the installation as listed.
So as I said what is confusing is the fact that if the SCCM install uses the remote 32 bit SQL Server it passes the final checking (although fails with PKI certificate message) but the 64 bit SQL Server set up exactly the same apart from the Firewall being
left off for the time being, fails at the final check stage with the 2 listed errors.
If I use a local 64 bit SQL Server the installation is fine.
Still would like to find out what cause the 2 issues for the remote 64 bit SQL Server, when ODBC seems fine, sysadmin rights have been given for the installer account and the SCCM computer account and SPNs have been set for the user account running the SQL
Services.

SQL Server sysadmin rights error

Greetings,
I am trying to install SCCM using a remote SQL configuration, and cannot get past this “SQL Server sysadmin rights” error. When I run the Prerequisite Checker, I put in the SQL server, since I am trying to connect to the SQL default instance, I am typing
in the server name only, and I put in LOCALHOST for the SDK server.
After reading another post that this error is not always accurate, I ran the install option and got as far as the following error.
Server environment is using the following: SCCM 2007 SP2 on Windows 2008 R2 SP1; SQL 2005 SP3 on Windows 2008 R2 SP1
I am sure the SQL server is configured accurately, I have done this before and use the following links when preparing the SQL server.
How to Install Configuration Manager Using a Remote SQL Server
http://technet.microsoft.com/en-us/library/bb693554.aspx
Appendix B: Configure Remote SQL for WSUS
http://technet.microsoft.com/en-us/library/dd939912%28WS.10%29.aspx
I have already added the machine account of the SCCM server to the local Administrators group of the remote SQL server as described in the first link above. The user account I am using for the install also has the
sysadmin SQL server role assigned.
Another test that I did to verify the remote SQL server configuration and my user account sysadmin rights, I ran the Prerequisite Checker from another Windows 2008 server in the domain.
As you can see from the screen shot above, this means something is messed up on my SCCM server and not the SQL server. The following error is from the ConfigMgrPrereq.log.
<03-29-2012 09:53:22> <<<RuleCategory: Access Permissions>>>
<03-29-2012 09:53:22> <<<CategoryDesc: Checking access permissions...>>>
<03-29-2012 09:53:22> Could not connect to SQL database.
<03-29-2012 09:53:22> SQL2005;    SQL Server sysadmin rights;
Error; Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance targeted for site database installation or the SQL Server instance could not be contacted to verify permissions.
Setup cannot continue.
<03-29-2012 09:53:22> <<<RuleCategory: Access Permissions>>>
<03-29-2012 09:53:22> <<<CategoryDesc: Checking access permissions...>>>
<03-29-2012 09:53:28> LOCALHOST could connect to SQL server.
<03-29-2012 09:53:30> LOCALHOST;    SMS Provider Communication;
Passed
I know there are plenty of options for verbose logging after installation, but does anyone know if there is a way to do this with the SCCM Prerequisite Checker, before installation? I checked the setup.exe command line switches and there was no option for
this.
Any other suggestions would be appreciated, Thanks.

Yes, my user account is a member of Domain Admins, Enterprise Admins, and Schema Admins. The SQL Server service is running using a service account, and I have also registered the SPN. Below are copies of the log files.
Conents of the ConfigMgrPrereq.log.
<03-30-2012 09:10:03> ********************************************
<03-30-2012 09:10:03> ******* Start Prerequisite checking. *******
<03-30-2012 09:10:03> ********************************************
<03-30-2012 09:10:03> CPrereqManager: - Since Registry values empty, this is for fresh installation.
<03-30-2012 09:10:15> Executing prereq functions...
<03-30-2012 09:10:15> <<<RuleCategory: Access Permissions>>>
<03-30-2012 09:10:15> <<<CategoryDesc: Checking access permissions...>>>
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Administrative rights on site system;    Passed
<03-30-2012 09:10:15> <<<RuleCategory: System Requirements>>>
<03-30-2012 09:10:15> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Unsupported site server operating system version for setup;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Domain membership;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Schema extensions;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Software updates KB911897;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Software updates KB912818;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Software updates KB913538;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Software updates KB914389;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Software updates KB925903;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Software updates KB932303;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    FAT Drive on Site Server;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Short File Name (8.3) Support (Site system);    Passed
<03-30-2012 09:10:15> <<<RuleCategory: Dependent Components>>>
<03-30-2012 09:10:15> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Microsoft Management Console (MMC) version;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Minimum .NET Framework version;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Microsoft XML Core Services 6.0 (MSXML60);    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    WSUS SDK on site server;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    WSUS 3.0 SP1 is required on site server;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Windows Server 2003-based schannel hotfix;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Windows Remote Management (WinRM) v1.1;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    Microsoft Remote Differential Compression (RDC) library registered;    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    MMC updates for Configuration Manager (Software Updates);    Passed
<03-30-2012 09:10:15> OAGCS-SUV-LDC;    .NET update for Configuration Manager (Software Updates);    Passed
<03-30-2012 09:10:15> <<<RuleCategory: Access Permissions>>>
<03-30-2012 09:10:15> <<<CategoryDesc: Checking access permissions...>>>
<03-30-2012 09:10:15> Could not connect to SQL database.
<03-30-2012 09:10:15> OAGCS-SAV-WTS1;    SQL Server sysadmin rights;    Error;    Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server
instance targeted for site database installation or the SQL Server instance could not be contacted to verify permissions. Setup cannot continue.
<03-30-2012 09:10:15> <<<RuleCategory: Access Permissions>>>
<03-30-2012 09:10:15> <<<CategoryDesc: Checking access permissions...>>>
<03-30-2012 09:10:22> LOCALHOST could connect to SQL server.
<03-30-2012 09:10:24> LOCALHOST;    SMS Provider Communication;    Passed
<03-30-2012 09:10:24> <<<RuleCategory: System Requirements>>>
<03-30-2012 09:10:24> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<03-30-2012 09:10:24> LOCALHOST;    Domain membership;    Passed
<03-30-2012 09:10:24> LOCALHOST;    Short File Name (8.3) Support (Site system);    Passed
<03-30-2012 09:10:24> LOCALHOST;    Installed version of WAIK (SMS Provider);    Passed
<03-30-2012 09:10:24> <<<RuleCategory: Dependent Components>>>
<03-30-2012 09:10:24> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<03-30-2012 09:10:24> ***************************************************
<03-30-2012 09:10:24> ******* Prerequisite checking is completed. *******
<03-30-2012 09:10:24> ***************************************************
<03-30-2012 09:10:24> Updating Prerequisite checking result
<03-30-2012 09:10:24> Connecting to OAGCS-SUV-LDC registry
<03-30-2012 09:10:24> Setting registry values
Contents of the ConfigMgrSetup.log
<03-30-2012 09:10:03>
===================== << Starting SMS V4 SP2 Setup >> =====================
<03-30-2012 09:10:03> Commandline :
"E:\CM\CONFIGMGR07SP2_RTM_SELECT_ENU\SMSSETUP\BIN\I386\SETUP.EXE" /prereq /input
<03-30-2012 09:10:04> This is 64 bit.
<03-30-2012 09:10:04> Verifying the Reg for AssetIntelligence Installation
<03-30-2012 09:10:04> Setting the default CSV folder path
<03-30-2012 09:10:04> SMS Build Number = 6487
<03-30-2012 09:10:04> SMS Version = 4.0
<03-30-2012 09:10:04> SMS Minimum Build Number = 800
<03-30-2012 09:10:04> Verifying SMS Active Directory Schema Extensions.
<03-30-2012 09:10:04> DS Root:CN=Schema,CN=Configuration,DC=csdtest,DC=csnet,DC=gov
<03-30-2012 09:10:04> Verifying SMS Active Directory Schema Extensions.
<03-30-2012 09:10:04> DS Root:CN=Schema,CN=Configuration,DC=csdtest,DC=csnet,DC=gov
<03-30-2012 09:10:04> The command line options are /PREREQ
<03-30-2012 09:10:15> IsValidNetBIOSName validation of 'OAGCS-SAV-WTS1' succeeded
<03-30-2012 09:10:15> IsValidNetBIOSName validation of 'LOCALHOST' succeeded
<03-30-2012 09:10:15> Registered type OAGCS-SAV-WTS1 MASTER for OAGCS-SAV-WTS1 master
<03-30-2012 09:10:15> Registered type SMS Master for OAGCS-SAV-WTS1 master
<03-30-2012 09:10:15> Registered type OAGCS-SAV-WTS1 SMS_ for OAGCS-SAV-WTS1 SMS_
<03-30-2012 09:10:15> Registered type SMS ACCESS for OAGCS-SAV-WTS1 SMS_
<03-30-2012 09:10:15> Start prerequisite checking.
<03-30-2012 09:10:15> Could not connect SQL Server 'master' db.
<03-30-2012 09:10:15> Could not check if OAGCS-SAV-WTS1 is cluster SQL.
<03-30-2012 09:10:15> The prereq rules for primary site fresh installation are being run.
<03-30-2012 09:10:15> Verifying SMS Active Directory Schema Extensions.
<03-30-2012 09:10:15> DS Root:CN=Schema,CN=Configuration,DC=csdtest,DC=csnet,DC=gov
<03-30-2012 09:10:15> NtfsDisable8dot3NameCreation is set to 0.
<03-30-2012 09:10:15> Success in GetMMCVersion. Version is 3.0.
<03-30-2012 09:10:15> .NET Framework Version: 50727
<03-30-2012 09:10:15> The current user does not have access right to site OAGCS-SAV-WTS1.
<03-30-2012 09:10:15> The prerequisite checking stopped on this machine.
<03-30-2012 09:10:24> NtfsDisable8dot3NameCreation is set to 0.
<03-30-2012 09:10:27> Completed prerequisite checking.

Execute as Procedure permissions

The developers on one of our current projects has asked to have permission to run the DBCC DROPCLEANBUFFERS command. Since I don't want to give him sa permissions on the sql box, I created the following procedure:
CREATE PROCEDURE dbo.Clear_Buffers
AS
EXECUTE AS LOGIN = 'sa'
DBCC DROPCLEANBUFFERS
GO
I then granted the user execute and denied all the rest on that procedure.
When he tries to run it he gets the following error:
Msg 229, Level 14, State 5, Procedure Clear_Buffers, Line 1
The EXECUTE permission was denied on the object 'Clear_Buffers', database 'Database', schema 'dbo'.
Did I miss a permission I needed to assign to him?
Thanks.

The EXECUTE AS LOGIN call is failing because it requires the users to be able to impersonate the login 'sa' directly. In your scenario I would suggest a different approach: You can use a digital signature to temporarily have a controlled elevation of privileges to sysadmin exclusively for the DBCC DROPCLEANBUFFERS call.
Since there are no arguments needed to execute this DBCC, there is no need for arguments and the SP should be really straight forward:
use master
go
CREATE PROCEDURE [dbo].[sp_DbccDropCleanBuffers]
AS
-- Optional:
-- Verify that the current DB is master DB (or the DB you prefer)
-- Since signed modules can be copied to other DBs, this check would prevent
-- Privileged users from other DBs to make copies of the SP
IF( db_id() <> 1 )
BEGIN
raiserror( N'This SP can only be executed from master DB', 16, 1 )
END
ELSE
BEGIN
DBCC DROPCLEANBUFFERS
END
go
-- Now, lets create a certificate and sign the module
CREATE CERTIFICATE [cert_DbccDropCleanBuffers]
-- [Optional] Either encryption by password
-- or encryption by DBMK is possible
-- Please refer to BOL for details
WITH SUBJECT = 'DBCC DROPCLEANBUFFERS signing cert'
go
ADD SIGNATURE TO [dbo].[sp_DbccDropCleanBuffers]
BY CERTIFICATE [cert_DbccDropCleanBuffers]
go
-- [optional] There is no need for teh pvk anymore, we can destroy it
ALTER CERTIFICATE [cert_DbccDropCleanBuffers] REMOVE PRIVATE KEY
go
-- And then create a login for the signing certificate and make it a member of sysadmin role
CREATE LOGIN [cert_DbccDropCleanBuffers] FROM CERTIFICATE [cert_DbccDropCleanBuffers]
go
EXEC sp_addsrvrolemember 'cert_DbccDropCleanBuffers', 'sysadmin'
go
After the module is signed, anyone who has permission to execute it would be a member of sysadmin via the signature during the SP body execution. Once the SP call returns, the context returns back to normal. To make management on who can execute this SP, I would also recommend making use of user defined roles and grant permission based only on roles (in such way, permission management becomes role membership management).
I hope this information helps. Please let us know if you have any additional questions or feedback.
Thanks a lot,
-Raul Garcia
SDE/T
SQL Server Engine

Change SQL 2012 Security roles after installation

I installed SQL 2012 SP1 Standard edition and during the setup it asked me for the users for various service . I choose to keep them as default
After the installation i could see the services were not started, so i changed everything to Local System
Also in future i may need to change them to run under some domain service account.
What steps do i have to take to make sure approprate rights are granted to the accounts that run the SQL services. I could see Local System just had Public security role.
Can someone guide me on verifying what the security roles for accounts should be.

running them as domain account is a good thing and it does not need to part of admin group.
make sure your domain account has access backup paths/locations.
Also, make sure your account has "perform volume maintanence tasks" - to make use of INF.
Is your system 64 bit or 32 bit. if 64 bit, you are okay else you will need to enable lock pages in the memory for the service.
Below are the links to some articles that talk about this:
http://www.mssqltips.com/sqlservertip/2503/how-to-create-secure-sql-server-service-accounts/
http://blogs.msdn.com/b/askjay/archive/2011/02/28/required-rights-for-sql-server-service-account.aspx
http://technet.microsoft.com/en-us/library/ms191543(v=sql.110).aspx
http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx
Hope it Helps!!

Critical SMS_Executive SQL Login failed for user 'NT AUTHORITY\SYSTEM'.

I am getting sql login errors on my sms executive log that i believe is stopping me from pxe booting. I have tried finding where to enter the credentials but i cannot find it.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
Starting SMS_EXECUTIVE... SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Microsoft System Center 2012 Configuration Manager v5.00 (Build 7958)
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
Copyright (C) 2011 Microsoft Corp. SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Running as a Win32 service. SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Process ID: 2368 SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Worker thread ID: 2412 SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Certificate (0x610450) is Exportable SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Initialize COM Security. SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
InitializeCOMSecurity: RegOpenKeyEx for appid key Succeeded.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
InitializeCOMSecurity: RegQueryInfoKey for appid key Succeeded.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
InitializeCOMSecurity: RegQueryValueEx for AccessPermission Succeeded.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
InitializeCOMSecurity: IsValidSecurityDescriptor() Succeeded.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
InitializeCOMSecurity: MakeAbsoluteSD() Succeeded.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
InitializeCOMSecurity: CoInitializeEx() Succeeded.
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
InitializeCOMSecurity() Succeeded. SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Installation directory: E:\Program Files\Microsoft Configuration Manager
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
This server: E076SCCM SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Site server: sccmserver.org SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Site code: 076 SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
Site type: 1 SMS_EXECUTIVE
4/10/2014 3:13:12 PM 2412 (0x096C)
CSMSExecService::RegisterDBConnection: Register a DB connection...
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
Initializing the status message reporting system...
SMS_EXECUTIVE 4/10/2014 3:13:12 PM
2412 (0x096C)
The path to the "Status Manager" inbox is "E:\Program Files\Microsoft Configuration Manager\inboxes\statmgr.box\statmsgs".
SMS_EXECUTIVE 4/10/2014 3:13:13 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...
SMS_EXECUTIVE 4/10/2014 3:13:14 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...
SMS_EXECUTIVE 4/10/2014 3:13:19 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...
SMS_EXECUTIVE 4/10/2014 3:13:24 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
*** [28000][18456][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'NT AUTHORITY\SYSTEM'.
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
*** [42000][4060][Microsoft][SQL Server Native Client 11.0][SQL Server]Cannot open database "CM_076" requested by the login. The login failed.
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
*** Failed to connect to the SQL Server, connection type: SMS ACCESS.
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connection
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
CSiteControlEx::GetMasterSCF:Failed to read site information from database, retry in 5 seconds ...
SMS_EXECUTIVE 4/10/2014 3:13:31 PM
2412 (0x096C)
SMS_STATUS_MANAGER is not running as part of this process, the SMS_EXECUTIVE to SMS_STATUS_MANAGER in-memory status message queue will not be used.
SMS_EXECUTIVE 4/10/2014 3:13:47 PM
2412 (0x096C)
Registered this process as a source of "SMS Server" events.
SMS_EXECUTIVE 4/10/2014 3:13:47 PM
2412 (0x096C)
Registered this process as a source of "SMS Client" events.
SMS_EXECUTIVE 4/10/2014 3:13:47 PM
2412 (0x096C)
Registered this process as a source of "SMS Provider" events.
SMS_EXECUTIVE 4/10/2014 3:13:47 PM
2412 (0x096C)
Status message reporting system initialized successfully.
SMS_EXECUTIVE 4/10/2014 3:13:47 PM
2412 (0x096C)
STATMSG: ID=500 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_EXECUTIVE" SYS=sccmserver.org SITE=076 PID=2368 TID=2412 GMTDATE=Thu Apr 10 19:13:47.950 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4=""
ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_EXECUTIVE 4/10/2014 3:13:47 PM
2412 (0x096C)
Certificate maintenance interval is every 1800 seconds
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_AD_FOREST_DISCOVERY_MANAGER initialized, DLL = "\bin\x64\ADForestDisc.dll", startup type = "Scheduled", current state = "Stopped", requested operation = "None", next start time = "Sun Apr 13 00:00:00 2014 Eastern
Daylight Time". SMS_EXECUTIVE
4/10/2014 3:13:48 PM 2412 (0x096C)
STATMSG: ID=1105 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_FOREST_DISCOVERY_MANAGER" SYS=sccmserver.org SITE=076 PID=2368 TID=2412 GMTDATE=Thu Apr 10 19:13:48.119 2014 ISTR0="2014 04 0 13 04 00 00 000" ISTR1="" ISTR2=""
ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT initialized, DLL = "\bin\x64\adsgdis.dll", startup type = "Scheduled", current state = "Stopped", requested operation = "None", next start time = "Thu Apr 10 15:15:00 2014 Eastern
Daylight Time". SMS_EXECUTIVE
4/10/2014 3:13:48 PM 2412 (0x096C)
STATMSG: ID=1105 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT" SYS=sccmserver.org SITE=076 PID=2368 TID=2412 GMTDATE=Thu Apr 10 19:13:48.120 2014 ISTR0="2014 04 4 10 19 15 00 000" ISTR1=""
ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_AD_SYSTEM_DISCOVERY_AGENT initialized, DLL = "\bin\x64\adsysdis.dll", startup type = "Scheduled", current state = "Stopped", requested operation = "None", next start time = "Thu Apr 10 15:15:00 2014 Eastern Daylight
Time". SMS_EXECUTIVE
4/10/2014 3:13:48 PM 2412 (0x096C)
STATMSG: ID=1105 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_SYSTEM_DISCOVERY_AGENT" SYS=sccmserver.org SITE=076 PID=2368 TID=2412 GMTDATE=Thu Apr 10 19:13:48.157 2014 ISTR0="2014 04 4 10 19 15 00 000" ISTR1="" ISTR2=""
ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_AD_USER_DISCOVERY_AGENT initialized, DLL = "\bin\x64\adusrdis.dll", startup type = "Scheduled", current state = "Stopped", requested operation = "None", next start time = "Thu Apr 10 15:15:00 2014 Eastern Daylight
Time". SMS_EXECUTIVE
4/10/2014 3:13:48 PM 2412 (0x096C)
STATMSG: ID=1105 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_USER_DISCOVERY_AGENT" SYS=sccmserver.org SITE=076 PID=2368 TID=2412 GMTDATE=Thu Apr 10 19:13:48.158 2014 ISTR0="2014 04 4 10 19 15 00 000" ISTR1="" ISTR2=""
ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_AI_KB_MANAGER initialized, DLL = "\bin\x64\aikbmgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_ALERT_NOTIFICATION initialized, DLL = "\bin\x64\NotiCtrl.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_AMT_PROXY_COMPONENT initialized, DLL = "\bin\x64\amtproxymgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_CERTIFICATE_MANAGER initialized, DLL = "\bin\x64\CertMgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_CLIENT_CONFIG_MANAGER initialized, DLL = "\bin\x64\ccm.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_CLIENT_HEALTH initialized, DLL = "\bin\x64\chmgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_CLOUD_SERVICES_MANAGER initialized, DLL = "\bin\x64\CloudMgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_COLLECTION_EVALUATOR initialized, DLL = "\bin\x64\colleval.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_COMPONENT_MONITOR initialized, DLL = "\bin\x64\compmon.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_COMPONENT_STATUS_SUMMARIZER initialized, DLL = "\bin\x64\compsumm.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_DATABASE_NOTIFICATION_MONITOR initialized, DLL = "\bin\x64\smsdbmon.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_DESPOOLER initialized, DLL = "\bin\x64\despool.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_DISCOVERY_DATA_MANAGER initialized, DLL = "\bin\x64\ddm.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_DISTRIBUTION_MANAGER initialized, DLL = "\bin\x64\distmgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER initialized, DLL = "\bin\x64\EPCtrlMgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_ENDPOINT_PROTECTION_MANAGER initialized, DLL = "\bin\x64\EPMgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_EN_ADSERVICE_MONITOR initialized, DLL = "\bin\x64\adctrl.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_FALLBACK_STATUS_POINT initialized, DLL = "\bin\x64\fspmgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_HIERARCHY_MANAGER initialized, DLL = "\bin\x64\hman.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_INBOX_MANAGER initialized, DLL = "\bin\x64\inboxmgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_INBOX_MONITOR initialized, DLL = "\bin\x64\inboxmon.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_INVENTORY_DATA_LOADER initialized, DLL = "\bin\x64\dataldr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_INVENTORY_PROCESSOR initialized, DLL = "\bin\x64\invproc.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_LAN_SENDER initialized, DLL = "\bin\x64\sender.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_LICENSE_MANAGER initialized, DLL = "\bin\x64\licensemgr.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_MIGRATION_MANAGER initialized, DLL = "\bin\x64\migmctrl.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_MP_CONTROL_MANAGER initialized, DLL = "\bin\x64\mpcontrol.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_MP_FILE_DISPATCH_MANAGER initialized, DLL = "\bin\x64\mpfdm.dll", startup type = "Automatic", current state = "Starting", requested operation = "Start".
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
SMS_NETWORK_DISCOVERY initialized, DLL = "\bin\x64\netdisc.dll", startup type = "Scheduled", current state = "Stopped", requested operation = "None", not scheduled to start again.
SMS_EXECUTIVE 4/10/2014 3:13:48 PM
2412 (0x096C)
STATMSG: ID=1106 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_NETWORK_DISCOVERY" SYS=sccmserver.org SITE=076 P

First, if your site server is having problems logging into the DB, which it clearly is, you've got bigger issues than just PXE.
Have you verified the permissions in your SQL Server instance for the local System account (I'm assuming at this point that it is local to the site server)?
Jason | http://blog.configmgrftw.com

Permissions in PL/SQL

Similar Messages

Maybe you are looking for