Service account not inheriting AD group membership permissions on SQL Server

Similar Messages

• SharePoint 2013 - Server Error in '/' Application - This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database

  Hi
  After I ran SharePoint configuration wizard successfully to upgrade to SharePoint 2013 / SP1.
  I can open Central Administration site just fine.
  but now when I open any Site collection,  I got this error.
  Server Error in '/' Application
  This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database. To connect this server to the server farm, use the SharePoint Products Configuration
  Wizard, located on the Start menu in Microsoft SharePoint 2010 Products
  I have restarted all the servers:  SQL server, WFE and APP servers but still cann't get this resolve.
  Services on all servers are running,  IIS - application pools are running.
  Can someone help with where that could be a problem or if there is a solution.
  Thanks in advance for your comments or advices.
  Swanl

  Please verify the followings:
  Make sure that from the SharePoint front end and application servers that you can ping your SQL server.
  Make sure that your Farm account has permission to the configuration database.
  Lastly verify that your database didn't for some reasons go into recovery mode.
  once everything is fine and you are still having issues, restart the SQL host service on the SQL server.
  Once the service is restarted you will need to reboot Central Admin and then your front end servers.
  In addition, as you built your farm inside the firewall, please disable the firwall, or create rules for SQL Server service in the firwall on SQL server.
  More information about creating rules in firewall, please refer to the following posts: http://social.technet.microsoft.com/Forums/en-US/c5d4d0d0-9a3b-4431-8150-17ccfbc6fb82/can-not-create-data-source-to-an-sql-server http://www.mssqltips.com/sqlservertip/1929/configure-windows-firewall-to-work-with-sql-server/
  Here is a similar post for you to take a look at: http://social.technet.microsoft.com/Forums/en-US/ea54e26c-1728-48d4-b2c5-2a3376a1082c/this-operation-can-be-performed-only-on-a-computer-that-is-joined-to-a-server-farm-by-users-who-have?forum=sharepointgeneral 
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• How to retrieve Min(startDate) and Max(endDate) for different groups of data? (sql server 2000)

  My sample dataset (below) contains 3 groups -- 'a', 'b', 'c'.  I need to retrieve the Min(startDate) and Max(EndDate) for each group so that the output looks something like this (date format not an issue):
  fk   minStart       maxEnd
  a    1/13/1985    12/31/2003
  b    2/14/1986    12/31/2003
  c    4/26/1987    12/31/2002
  What is the Tsql to perform this type of operation?  Note:  the actual data resides in a sql server 2000 DB.  If the Tsql is different between version 2000 and the later versions -- I would be grateful for both versions of the Tsql
  --I noticed that multiple lines of Insert values doesn't work in Sql Server 2000 -- this sample is in Sql Server 2008
  create table #tmp2(rowID int Identity(1,1), fk varchar(1), startDate datetime, endDate datetime)
  insert into #tmp2
  values
  ('a', '1/13/1985', '12/31/1999'),
  ('a', '3/17/1992', '12/31/1997'),
  ('a', '4/21/1987', '12/31/2003'),
  ('b', '2/14/1986', '12/31/2003'),
  ('b', '5/30/1993', '12/31/2001'),
  ('b', '6/15/1994', '12/31/2003'),
  ('b', '7/7/2001', '12/31/2003'),
  ('c', '4/26/1987', '12/31/1991'),
  ('c', '8/14/1992', '12/31/1998'),
  ('c', '9/10/1995', '12/31/2002'),
  ('c', '10/9/1996', '12/31/2000')
  Thanks
  Rich P

  Rich
  It is unclear what you are trying to achieve, you said that it is SQL Server 2000 but provide a sample data with SQL Server 2008 syntax
  Is it possible to use UNION ALL for your queries to make its one 
  select * from
  select * from #tmp2 t1 where exists
  (select * from (select top 1 * from #tmp2 t2 where t2.fk = t1.fk order by t2.startdate) x where x.rowID = t1.rowID)
  UNION ALL
  select * from #tmp2 t1 where exists
  (select * from (select top 1 * from #tmp2 t2 where t2.fk = t1.fk order by t2.Enddate desc) x where x.rowID = t1.rowID)
   as  der order by fk
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Reporting Service integration but dont' want install SharePoint Component on SQL server

  1) Server Farm 1 Sharepoint 2010 Server, 1 SQL 2008 R2 Server. I want to use RS SharePoint Integration mode, but don't want install RS Add-in and SharePoint components then join Farm, want the SQL server to be a dedicate SQL server. can I use one(or one
  of the SharePoint server to run RS web site,but put only the reportserver database in SQL server ? Can I do this ?
  2) in another test, I installed SharePoint(have to install all not WFE) on SQL and joined SQL server to SharePoint Farm, but I did not see \Reportserver in IIS, but I can browse http://MY_SQL_Server/reportserver site, someone says, RS in SQL 2008 don't use
  IIS, is this true ?
  3) If the 1st option does not work, can I install a 2nd SQL server as RS server(put only reportserver database on it, and join to SharePoint Farm if must), put all other SharePoint DB on another SQL server ?
  Thanks
  Jason

  Hello Jason,
  You cannot configure a report server in a SQL Server without SharePoint products being installed. 
  If you are configuring a report server to run in SharePoint integrated mode in a SharePoint farm, you must install front-end Web server components of a SharePoint product on the report server computer, I think that is the minimal installation of SharePoint
  Server 2010 on Report Server. To install and configure SharePoint web front end on Report Server, please see How to: Install a SharePoint Web Front-end on a Report Server Computer.
  Here is a step-by-step instructions for installing and configuring Reporting Services in SharePoint integrated mode in a multi-server deployment topology. Hope it can be helpful to you.
  How to: Install and Configure SharePoint Integration on Multiple Servers
  Thanks & Regards.
  Lily Wu

• Ident_Current('TableName') not giving last inserted identity Value in SQL Server 2012

  Hi ,
  Ident_Current('TableName') is not giving last inserted identity Value in SQL Server 2012. 
  Latest Value of ID and Ident_Current is differing for that particular table.  
  Why its happening? Ident_Current value is greater than last inserted ID.
  Please guide me why its happening?

  Here is one example:
  CREATE DATABASE PMCtest ON (NAME = 'PMCtest', FILENAME = 'B:\ProdDB-Unzipped\PMCtest.mdf', SIZE = 25GB )
  LOG ON (NAME = 'PMCtest_log', FILENAME = 'B:\ProdDB-Unzipped\PMCtest.ldf', SIZE = 2GB)
  CREATE TABLE identity_crisis (a int IDENTITY NOT NULL PRIMARY KEY,
                                b sysname NOT NULL CHECK (b <> 'sysschobjs'))
  go
  INSERT identity_crisis (b) VALUES ('First name')
  INSERT identity_crisis SELECT name FROM sys.objects
  go
  SELECT MAX(a), ident_current('identity_crisis')
  FROM  identity_crisis
  go
  DROP TABLE identity_crisis
  Because the second INSERT statement fails, the identity values from 2 to 12 are lost. This is a very intentional design to promote high concurrency. If you don't want gaps, you should not use IDENTITY, but roll your own.
  Also, beware that ident_current returns database-wide value, so if you insert one row, and another process inserts another row before you interrogate ident_current, you will get the id for the row of the other process.
  Erland Sommarskog, SQL Server MVP, [email protected]

• Sql is not working after changing from MsAccess into sql server

  Following Sql  is not working after changing from MsAccess into sql server. 
  sum(trn.sales) as sales,
  sum(trn.cost) as cost,
  sales - cost as profit // Here is not working . can we not use sales a column. Please advise
  from trn
  Kind Regards
  pol
  polachan

  It will not work if use two different column from the table or column  from two  different table
  Example
  sum(trn.sales * trn.rate) as salesAmount,
  sum(trn.cost) as cost,
  sum(trn.salesAmount)-sum(trn.cost) as profit ----- Here is not working . can we not use sales a column. Please advise
  from trn
  Regards
  polachan

• Use service accounts at AlwaysOn Availability Groups

  Valued readers,
  We have a AlwaysOn Availability Group consisting of 2 SQL servers. Both servers have their own service account for the sql services. I read in all sorts of documents on the internet that it is recommended that the sql service account on all servers within
  the same availability group are using the same serviceaccount. This would have to do with registering the SPN of the virtual server for kerberos. What impact does it have if I don’t change the serviceaccount ?

  Hello Sean,
  No I do not think so. Do you mean this :
  “Find your service account and hit the Security tab
  Select “SELF” in the “Groups or user names” listbox
  Find “Write public information” in the “Permissions for SELF” listbox
  and check “Allow”
  After, you’ll need to restart SQL Server for the SPN to register. Use setspn -l domain\account to verify that the account has
  properly registered.
  Should you also register the virtual server name? And what about if you use different service accounts?
  With best regards, Albert

• Workflow Service Account not connecting to Content Databases

  I have created a Project Site called "SP Migration" and allocated a number of tasks at say,
  http://domain/sites/spmigration.  I noticed in My Sites that tasks from the root site collection where there but any from my Project site were not.  Then, I've noticed in the Event Viewer the below error
  (this account is the workflow management service account)
  I have checked the Web Application that hosts this site collection and the sps_workflow_service has full control permissions.  I know I can probably go about add permissions directly in SQL but I don't want to have to do that for all Site Collections
  and I'm sure this is not meant to be done this way in any event.  How can I apply this permissions to all SP Content Databases?

  Hi,
  Could you please provide more information about your migration? Since the issue appears to occur only to new or migrated site collections, there might be something there.
  If you are not sure about what permission should apply to service accounts, you could refer to the references below:
  https://technet.microsoft.com/en-us/library/cc263445.aspx
  https://technet.microsoft.com/en-us/library/cc678863.aspx
  Regards,
  Rebecca Tu
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Group membership on AD-bound server is not updating correctly

  I have a 10.6.4 server that is bound to AD with Win2008 domain controllers. I am seeing group membership not update properly on this OS X server. If I type "id -p username" I don't get a full list of groups the user is a member of. If I launch Workgroup Manager, all of the groups are listed. I am using the box as a Subversion server and need the group updates to propagate from AD for Apache authentication to work correctly. Any ideas as to why the propagation is not happening? Is there a way I can flush whatever cache might be causing an issue? Can the group membership list be "refreshed"?

  Yes, we are using Initialization Blocks to update the User Groups. Our USER_PERMISSION table has Login, Company_ID, Roles, etc columns in it. The Initialization Block will query on this Table and the query has a where clause in it and the Where clause "where company_id=(select substr(':USER', 0, (instr(':USER', '.')) - 1) from dual) and upper(login)=upper((select substr(':USER', (instr(':USER', '.')) + 1) from dual))) and dw_delete_date is null" from which it will get the roles for each user. And YES, the Caching is turned off for this initialization block.
  And I should try deleting the user folders, but my company has a very strict policy so I should do that in DEv, then QA and in PRD. Hope this works, but I am still not convinced why this is happening. We cannot keep on deleting the user folders in future if this happens again.

• Master Data Services not available under shared feature while installing SQL server 2012

  Hi,
  I am trying to install Master Data Services but do not see the option to select MDS under the shared features when going through the SQL server 2012 installation. I have the SQL server 2012 SP1 (64 bit) install files. I have also installed SP2. I havent
  found anything online about the issue.
  Can someone please advise?
  I have a screenshot of the installation screen which I will attach as soon as I am able to get my account verified. Thanks!

  Hi Revees,
  This might be a very naïve and also out of the original scope of the thread question.
  We are thinking of going with the developer edition. We have 2/3 developers and some other testers and business users.
  1) I understand that we need a developer license for each developer. But would we need a license for the business user. Can they have a sort of read access to the dbs?
  2) If a developer has MSDN subscription, Would they need to purchase the license too assuming we purchase the developer edition of the software (and not download it using the MSDN subscription)?
  Thanks for your assistance!

• Built-in domain Administrator account not given full access to new Exchange 2013 server

  I migrated from Exchange 2010 to 2013 over the weekend.  I cannot log into the EAC with my domain administrator account I use to log into all my other servers.  I also cannot run the clean-mailboxdatabase cmdlet logged in as this user.  I
  had no trouble moving mailboxes from the old server to the new server with this account though.
  This account is a member of: Domain Admins, Enterprise Admins, Exchange Full Admin, Exchange Organization Admin, Organization Management, Schema Admins, Server Management.
  I can log into the EAC with another admin account that has the same memberships as the Administrator account.
  I tried giving the account the role of "Databases" as suggested by others to fix the clean-mailboxdatabase issue but that did not work for me either.
  The Administrator mailbox has been moved to the new database on the Exchange 2013 server.  The Exchange 2010 has been decommissioned and is turned off.

  Hi,
  Based on my research, to retrieves the mailbox statistics for the disconnected mailboxes for all mailbox databases in the organization, we can try the following command:
  Get-MailboxDatabase | Get-MailboxStatistics -Filter 'DisconnectDate -ne $null'
  http://technet.microsoft.com/en-us/library/bb124612(v=exchg.150).aspx
  Additionally, The Identity parameter specifies the disconnected mailbox in the Exchange database and it can be display name instead of mailbox GUID.
  http://technet.microsoft.com/en-us/library/jj863439(v=exchg.150).aspx
  Hope it can help you.
  Thanks,
  Angela Shi
  TechNet Community Support

• The SQL Agent service is not running. This operation requires the SQL Agent service. (rsSchedulerNotResponding)

  Hi,
  I have started sql agent service on the SQL server but I still cannot subscribe. I have followed few instructions but no joy.
  Can you please help?
  Thanks,

  Hi Mo,
  According to your description, you want to subscribe a report with E-mail delivery extension, right?
  In Reporting Services, since the E-mail delivery extension is not configured by default, if we want to subscribe reports with E-mail delivery extension, we should specify E-mail settings in Reporting Services Configuration Manager. Besides, we should specify
  advanced settings in rsReportServer.config file. In your scenario, please make sure you have configured the E-mail delivery extension correctly. For more information, please refer to this article:
  Configure a Report Server for E-Mail Delivery (SSRS Configuration Manager).
  If you have any question, please feel free to ask.
  Best regards,
  Qiuyun Yu
  Qiuyun Yu
  TechNet Community Support

• Windows service does not stop when DB is shutdown from SQL*Plus

  I have a 11g XE DB in a Windows 7 machine.
  The installation has created a Windows service called OracleServiceXE. It's status is STARTED.
  I then login to SQLPLUS as sysdba and do a shutdown immediate;
  SQL> shutdown immediate
  Database closed.
  Database dismounted.
  ORACLE instance shut down.
  Problem is, when I refresh the services, the OracleServiceXE is still showing as STARTED.
  If I use the listener control to stop the listener the Windows service OracleXETNSListener changes status to BLANK.
  Why is this?

  tvCa-Oracle wrote:
  That service is a prerequisite Windows service to be able to start the database, but it is not the status of the database itself.
  When you do start the database, he may or may not start the service automatically (not sure there), but it is a needed service, for each database SID, on Windows.
  If you want to know what it is, open Task Manager or Process Explorer, only start the service (not the database), and see which OS process is launched.
  AFAIK, this is only on Windows, there's no comparable component on Linux/Unix for this.
  The Windows service OracleServiceXE has c:\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE as the Parth to executable.
  If I click on the Services tab in Task manager, then right-click the OracleServiceXE and click Go to process, it show the oracle.exe in the processes tab.
  If stop it, the service, from the Windows service control, the oracle.exe disappears and we cannot login to the DB.
  If we start the service from the windows service control, the oradim.exe appears, then a second later the oracle.exe appears. Once the DB status of the Windows service is STARTED, the oradim.exe disappears.
  So, I can start and stop the oracle DB with the Windows service. But If I stop the DB from sql*plus the the service is not stopped....

• What windows account to use as proxy account to schedule a package to run in sql server 2005 job

  I have successfully set up a credential and proxy in SQL Server 2005 to run a SSIS 2005 job under my windows account. The problem I got is the password of  my account will expire sometime so the job execution will fail until I change the password
  in the credential. I am thinking either to ask our IT administrator to set my account to password never expire or use a different account for the credential. I have very limited knowledge regarding windows security. So if I go the second option what account
  should I use for the credential/proxy? I need to know about this before asking our IT admin.

  It must be a domain wide service account (with a strong, non-expiring password), not a private account with just enough rights to run packages (this implies the account must be able to connect to remote data sources and shares). Oftentimes, such
  an account also needs write access to the %temp% directory.
  Arthur My Blog
  Thanks. I will try to tell our admin see if it makes sense to him.

• Reporting Services Add-in for Sharepoint- does it need an SQL Server license?

  In a new project we will be creating an SSRS in Sharepoint integrated mode. For this we'll need SQL Server and Sharepoint on that box.
  We'll also have one or more SharePoint Web Front End (WFE) servers. To allow them to connect to the SSRS-in-sharepoint-mode box, and to present the user with the right user interface for doing so, I believe we can install the Reporting Services Add-In for
  Sharepoint on the WFE servers.
  The question is, do we need to have  SQL Server license for each WFE server where we use the Reporting Services Add-In, or is it free to use?
  We've had advice that we need to buy a SQL Server license everywhere we use the add-in, but I am not sure this is correct.
  Thanks in advance,
  Rich

  Hello there,
  The Reporting service Add-in for SharePoint can be downloaded free on Microsoft Download site. That means it does not need any license on the add-in.
  Regards,
  Edward
  Edward Zhu
  TechNet Community Support