SysAdmin permissions on SQL in a Hierarchy

Similar Messages

• SharePoint 2013 - Server Error in '/' Application - This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database

  Hi
  After I ran SharePoint configuration wizard successfully to upgrade to SharePoint 2013 / SP1.
  I can open Central Administration site just fine.
  but now when I open any Site collection,  I got this error.
  Server Error in '/' Application
  This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database. To connect this server to the server farm, use the SharePoint Products Configuration
  Wizard, located on the Start menu in Microsoft SharePoint 2010 Products
  I have restarted all the servers:  SQL server, WFE and APP servers but still cann't get this resolve.
  Services on all servers are running,  IIS - application pools are running.
  Can someone help with where that could be a problem or if there is a solution.
  Thanks in advance for your comments or advices.
  Swanl

  Please verify the followings:
  Make sure that from the SharePoint front end and application servers that you can ping your SQL server.
  Make sure that your Farm account has permission to the configuration database.
  Lastly verify that your database didn't for some reasons go into recovery mode.
  once everything is fine and you are still having issues, restart the SQL host service on the SQL server.
  Once the service is restarted you will need to reboot Central Admin and then your front end servers.
  In addition, as you built your farm inside the firewall, please disable the firwall, or create rules for SQL Server service in the firwall on SQL server.
  More information about creating rules in firewall, please refer to the following posts: http://social.technet.microsoft.com/Forums/en-US/c5d4d0d0-9a3b-4431-8150-17ccfbc6fb82/can-not-create-data-source-to-an-sql-server http://www.mssqltips.com/sqlservertip/1929/configure-windows-firewall-to-work-with-sql-server/
  Here is a similar post for you to take a look at: http://social.technet.microsoft.com/Forums/en-US/ea54e26c-1728-48d4-b2c5-2a3376a1082c/this-operation-can-be-performed-only-on-a-computer-that-is-joined-to-a-server-farm-by-users-who-have?forum=sharepointgeneral 
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• Error on CMDEXEC job step even User having Sysadmin permissions

  Hi,
  I am struggling while running the CMDEXEC job step.
  Non-SysAdmins have been denied permission to run CmdExec job steps without a proxy account.  The step failed.
   But this job owner having sysadmin permissions. Earlier i am able to run this job step with the same account. nothing change in user permissions.
  Please somebody help me on this issue.

  Hi,
  I am struggling while running the CMDEXEC job step.
  Non-SysAdmins have been denied permission to run CmdExec job steps without a proxy account.  The step failed.
   But this job owner having sysadmin permissions. Earlier i am able to run this job step with the same account. nothing change in user permissions.
  Please somebody help me on this issue.

• SQL 2014 - Group Membership for sysadmin permissions not working

  I am using SQL 2014 on Windows Server 2012 R2 and am running into a permission issue. During the install I specified the local server's Administrators group as well as my specific domain account to have sysadmin privileges. 
  The issue is that accounts that are a member of the local server's administrators group can't even login to SQL Server Management Studio unless they are specifically granted permissions for their account (my domain account works fine as it has a specific
  credential in SQL).
  The log just gives the following error:
  Login failed for user 'domainname\username'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]
  Error: 18456, Severity: 14, State: 11.
  I haven't had this issue in previous versions. Is there something that must be done differently in 2014 to grant permissions to groups?

  Hi, something like
  this?
  Bye
  Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta"
  quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers
  no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Service account not inheriting AD group membership permissions on SQL Server

  I am adding Active Directory groups as logins and database users to our SQL Servers. A service account added to an AD group did not inherit the group permissions that the user accounts did. Can there be different attributes of service accounts that would
  prevent service accounts from inheriting the permissions of AD groups?
  Example: An AD Group AD_group contains a service account user, svc_account and a user account, user_account. AD_group is added to a SQL Server as a login. User_account can log in to SQL Server but svc_account cannot.

  SQL Server will use the information within the token used for authentication, so it may be possible that the service has a stale token (i.e. the token has not been refreshed or the service has not restarted) since you made the changes to the AD group.
  I would recommend using a tool such as ProcessExplorer (https://technet.microsoft.com/en-us/sysinternals/bb896653) to make sure the token for the process is showing the latest group
  memberships properly.
  I hope this helps,
  -Raul Garcia
     SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Permissions of SQL Server Database changes when deploying application

  Hi.
  When deploying my application, I find that the permission changes as in the screenshot below and hence I cannot update the database. It becomes read only.
  However, before deployment, I had already set the permissions for Users to Full Control.
  The Read-Only properties is set to False in the Setup for deployment. Help please.

  If deploying a file for read/write permissions on the O/S(s) talked about in the link, then you need to deploy the file to ProgramData (all users folder) or to a folder you created with the persmission needed at the folder level. You deploy  the file
  to Program Files folder, then the O/S(s) are only going to allow read and read/execute.
  https://technet.microsoft.com/en-us/library/ff716245.aspx?f=255&MSPPError=-2147217396

• Need to write SQL query for hierarchy

  Hi Guys,
  I need help to write a query for the below scenario.
  I have one organization, under that I have many branches. when i provide input to query on last branch, i need to display all parents of that branch like below
  Organization   ---parent
    branch 1  ---child
       branch11
       branch 12
      branch 2   ---child
        branch 21
       branch 3 ----child
        branch 31
        branch 32
        branch 33
  here, when i provide input as branch 3, then I need to fetch results branch 2, branch 1 till organization.
  can any one help me on this.
  Thanks in advance!
  Regards,
  LKR

  Hi,
  Is this the same question as
  https://community.oracle.com/thread/2616828
  Please don't post the same question over and over.  Mark this thread as "Answered" right away, and continue in the other thread (if necessary; the other thread has answers.)

• Permissions to modify SQL Agent Jobs

  Permissions
  on SQL Server Agent
  I would
  like to assign the permission to user ,who can edit all SQL agent job(even own by others) without assigning the sysadmin role.
  is it possible?
  regards
  EA

  Hallo Ekbal,
  only granting access to the procs will not fit because internally these procs check whether the executing account is member of the sysadmin-role of of any other roles which need the required permissions.
  What you have to do is the development of a wrapper-proc which covers the execution with a different user. Get details concerning here:
  http://msdn.microsoft.com/en-us/library/ms178106(v=sql.90).aspx
  Long story short - you have to do the following steps if you execute the procedures in the context of a certificate:
  1. Create a certificate you want to use for the execution of the wrapper procs in msdb
  CREATE CERTIFICATE cert_Jobs
  ENCRYPTION BY PASSWORD = 'myUltracomplexPassword'
  WITH SUBJECT = 'Certificate for JobManagement',
  START_DATE = '20120101',
  EXPIRY_DATE = '29991231'
  2. Backup the certificate for later implementation in the master and implementation in master database
  BACKUP CERTIFICATE cert_JobHistory TO FILE = 'C:\temp\cert_JobHistory.cer';
  USE master;
  GO
  CREATE CERTIFICATE cert_JobHistory FROM FILE = 'C:\temp\cert_JobHistory.cer';
  3. Create a login based on the certifcate and make it a sysadmin
  CREATE LOGIN login_JobHistory FROM CERTIFICATE [cert_JobHistory];
  GRANT AUTHENTICATE SERVER TO [login_JobHistory];
  GO
  EXEC sp_addsrvrolemember @loginame = 'login_JobHistory', @rolename = 'sysadmin';
  4. create a user in msdb for the login, create a wrapper proc for sp_update_job
  USE msdb
  GO
  CREATE USER login_JobHistory FROM LOGIN [login_JobHistory];
  GO
  CREATE PROC dbo.proc_wrapper_update_job
  @paramter_list of sp_upate_job
  WITH EXECUTE AS OWNER
  AS
  BEGIN
  EXEC dbo.sp_update_job @parameter_list
  END
  5. add signature of certificate to the proc
  ADD SIGNATURE TO OBJECT::dbo.proc_wrapper_update_job
  BY CERTIFICATE [cert_JobHistory]
  WITH Password = ''myUltracomplexPassword';
  6. Grant EXECUTE-permission on the proc to dedicated users you want to manage the jobs
  IMHO this process is a bad workaround and - just my point of view - not practicable but I don't see any other solution than granting sysadmin privileges for the dedicated users. What you can do also is doing the modification to the mentioned procs but this
  is definitely not recommended because these procs are system procs and you will loose support from Microsoft!
  Get more details concerning execution of procedures by certificates by visiting the following links:
  AUTHENTICATE SERVER:
  http://support.microsoft.com/kb/906549
  Using certificates for execution of procs:
  http://msdn.microsoft.com/en-us/library/bb283630(v=sql.105).aspx
  Uwe Ricken
  MCSE - SQL Server 2012
  MCSA - SQL Server 2012
  MCITP Database Administrator 2005
  MCITP Database Administrator 2008
  MCITP Microsoft SQL Server 2008, Database Development
  db Berater GmbH
  http://www-db-berater.de
  SQL Server Blog (german only)

• SCCM 2012 R2 Reporting issue updating SQL Reporting permissions

  I am in the process of setting up SCCM 2012 R2.  I am having an issue with the SCCM reporting.  If I set the permissions in the SCCM console, the permissions do not propagate to the SQL reporting... I get this... This is from SRSRP.log...
  Updating data source {5C6358F2-4BB6-4a1b-A16E-8D96795D8602} at ConfigMgr_DIT $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.384+300><thread=5432 (0x1538)>
  (!) Error retrieving folders - [A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.)]. $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.438+300><thread=5432 (0x1538)>
  No folder configuration information found. $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.441+300><thread=5432 (0x1538)>
  Does anyone know how to fix?
  I tried removing and re-installing the reporting point, changing the permissions in SQL Server... and a dozen other things.

  I am in the process of setting up SCCM 2012 R2.  I am having an issue with the SCCM reporting.  If I set the permissions in the SCCM console, the permissions do not propagate to the SQL reporting... I get this... This is from SRSRP.log...
  Updating data source {5C6358F2-4BB6-4a1b-A16E-8D96795D8602} at ConfigMgr_DIT  $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.384+300><thread=5432 (0x1538)>
  (!) Error retrieving folders - [A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.)].  $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.438+300><thread=5432 (0x1538)>
  No folder configuration information found.  $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.441+300><thread=5432 (0x1538)>
  Does anyone know how to fix?
  I tried removing and re-installing the reporting point, changing the permissions in SQL Server... and a dozen other things.

• Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17...

  Hi,
  I have a customized SharePoint page that takes user input data, validate some of the data, then writes the data to a SharePoint list. If an exception occurs, it will write the error to the ULS.
  All was working well in the test environments.
  However, recently we noticed that in the QA environment, when it's trying to write to ULS, it causes another issue:
  Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17 ImpersonationLevel: Impersonation' in database 'SP_F1_Config' on SQL Server instance 'SQL01'. Additional error information from SQL Server is included below. The EXECUTE
  permission was denied on the object 'proc_putObjectTVP', database 'SP_F1_Config', schema 'dbo'.
  I've traced through the code and found that it fails on the line:
      SPDiagnosticsServiceBase.GetLocal<LoggerError>();
  where LoggerError is the logger class inheritng SPDiagnosticsServiceBase
  I have also googled around today, but the most positive solution provided
  on this page was to manually modify SQL object permission, which I believe we should not do, and would not be supported by Microsoft.
  So the questions are:
  Why is AUTHORITY\IUSER used for SPDiagnosticsServiceBase.GetLocal()? Should that account actually be allowed to access SharePoint databases? (This is an intranet environment and using claim based/Windows authentication, no no anonymous access would be allowed
  anyway).
  I've checked the Application Pool account permissions in SQL, comparing the environment that works and the one that doesn't work, and the permissions/roles/schemas look identical on server and database level. Where else can I check?
  On the environment that works, I logged on as SharePoint administrator, created a new SharePoint Visual Web Part solution in Visual Studio, just to test writing to ULS. Then I press F5 in Visual Studio to debug it. It also has the same problem.
  It just seems like somehow the user's identity (or whatever the identity SharePoint required) was not passed to SPDiagnosticsServiceBase.
  Any suggestions, or even better, solutions would be really really much appreciated!

  Hi，
  Thanks for your sharing, it will be userful to the people who stuck with the same issue.
  Best regards
  Patrick Liang
  TechNet Community Support

• SQL 2012 permissions and MBAM

  We are doing a deploy of MBAM 2.5 and as required, we have installed SQL 2012. A part of the setup is setting the required permissions in SQL. I am definitely not a DBA and do not have access to someone who knows it well. Can anyone walk me through setting
  the correct permissions from the following http://technet.microsoft.com/en-us/library/dn645331.aspx ? I am a novice with SQL, but can follow instruction.
  In particular the pieces on:
  Prerequisites for the Recovery Database
  Required SQL Server permissions
  Required permissions:
  SQL Server instance login server roles:
  dbcreator
  processadmin
  SQL Server Reporting Services instance rights:
  Create Folders
  Publish Reports
  Prerequisites for the Compliance and Audit Database
  Required SQL Server permissions
  Required permissions:
  SQL Server instance login server roles:
  dbcreator
  processadmin
  SQL Server Reporting Services instance rights:
  Create Folders
  Publish Reports
  Prerequisites for the Reports
  SSRS instance rights – required for configuring Reports only if you are installing databases on a separate server from the server where Reports are configured.
  Required instance rights:
  Create Folders
  Publish Reports
  Thanks in advance

  Hello,
  The permissions to create folders and publish reports are needed only if you have a separate SQL Server for reports (Reporting Services
  on a separate server). You don’t have that scenario?
  Anyway, in case you have that scenario, the following resources should help:
  http://technet.microsoft.com/en-us/library/aa337471(v=sql.105).aspx
  (Publisher role has permissions to add reports and create folders)
  http://technet.microsoft.com/en-us/library/aa337471(v=sql.105).aspx
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• Remove NT AUTHORITY\SYSTEM from sysadmin role - sql 2008 r2

  This topic was somewhat covered for SQL server 2005, I couldn't find any on 2008 R2, so asking again.
  I have NT AUTHORITY\SYSTEM, NT SERVICE\MSSQLSERVER and NT SERVICE\MSSQLSERVER$AGENT accounts in sql server sysadmin role on all my servers. SQL Server service and sql server agent service are running under different Active directory service accounts
  accounts, not the last two mentioned above.
  How do I remove these accounts from sysadmin role without breaking anything? Can anyone provide documentations addressing this problem specific for SQL server 2008 R2? If you know any reasons for I should not attempt to remove them,
  please point me to the 2008 r2 specific documentation. These came up in security audit and I have to provide specific docs.
  Thanks In advance.
  Mars

  Hi,
  I recommend you not to remove NT AUTHORITY\SYSTEM, NT SERVICE\MSSQLSERVER and NT SERVICE\MSSQLSERVER$AGENT accounts from sysadmin role in SQL Server 2008 R2.
  NT AUTHORITY\SYSTEM is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network.
  The Database Engine runs in Windows as a Windows service named MSSQLSERVER. The NT SERVICE\MSSQLSERVER login is used by the service to connect to the Database Engine. The SQL Server Agent runs as a Windows service named NT SERVICE\SQLSERVERAGENT. The NT SERVICE\SQLSERVERAGENT
  login is used by the SQL Server Agent service to connect to the Database Engine. The two logins act as a Security Identifier (SID) for the two services respectively in Windows, and they are members of the sysadmin fixed server role in SQL Server, so they can
  do anything in the Database Engine.
  For more details, please review the following links:
  Setting Up Windows Service Accounts：http://msdn.microsoft.com/en-us/library/ms143504(v=sql.105).aspx
  How to Create Secure SQL Server Service Accounts：http://www.mssqltips.com/sqlservertip/2503/how-to-create-secure-sql-server-service-accounts/
  Thanks
  Lydia Zhang

• SQL version could not be verified error while installing the SCOM 2012 R2 reporting component

  I have the below SCOM server roles in my SCOM 2012 R2 set up
  1) All servers with Windows Server 2008 R2 SP1, MS - SCOM1, DB & DW - DB1, Reporting Server - DB2
  2) All the DB servers with SQL 2012 SP1
  3) Windows firewall is turned off on all the servers.
  4) Success fully installed all the components except SCOM reporting.
  While installing the SCOM 2012 R2 reporting component on DB2 ( Iam running this set up on the server where I instllaed the SQL DB engine and reportin services in Native mode. Configured the SQL reporting database and reporting URLs successfully in SQL reporting
  configuration manager) getting the below error in the Rporting server instance page. Kindly advise.
  I ran mofcomp.exe and there is no firewall restrictions. My account also has DB owner & sysadmin permissions.
  Also tried re installing the SQL on Reporting server.
  "The installed version of SQL Server could not be verified or is not supported. Verify that the computer and the installed version of SQL Server meet the minimum requirements for installation, and that the firewall settings are correct. See the Supported
  Configurations document for further information".

  Hi,
  As far as I know, after installing SSRS, we don't need to configure the database and reporting URLs manully. When we install the reporting service for SCOM, it will configure those automatically.
  If possible, you may re-install SSRS and then install SCOM reporting service.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Error with DB instance installation on SQL Cluster environment

  Dear Experts,
  We have an issue with UAT installation of ECC 6.0 on  the following environment
  MSSQL :
  Microsoft SQL Server Management Studio                              10.0.4064.0
  Microsoft Analysis Services Client Tools                              10.0.4064.0
  Microsoft Data Access Components (MDAC)                              6.1.7601.17514
  Microsoft MSXML                              3.0 6.0
  Microsoft Internet Explorer                              8.0.7601.17514
  Microsoft .NET Framework                              2.0.50727.5446
  Operating System                              6.1.7601
  OS :
  Microsoft Windows 2008  SR2
  While running the DB instance installation with Distributed setup, we are facing the following issue during the step "Grant database access for account usm" . SAPINST is run from the central instance to install the DB instance on a separate server. (Both the servers are on the same domain). The IDs SIDADM, SAPServiceSID exists in the DB with sysadmin permissions.
  SAPINST logs is as follows
  INFO 2011-11-28 20:24:52.263
  Creating file C:Program Filessapinst_instdirx.
  INFO 2011-11-28 20:24:52.263
  Removing file C:Program Filessapinst_instdirx.
  INFO 2011-11-28 20:25:08.169
  Creating file C:Program Filessapinst_instdirERPEhP4AS-ABAPMSSDISTRIBUTEDDBx.
  INFO 2011-11-28 20:25:08.169
  Removing file C:Program Filessapinst_instdirERPEhP4AS-ABAPMSSDISTRIBUTEDDBx.
  INFO 2011-11-28 20:25:11.326
  Creating file C:Program Filessapinst_instdirx.
  INFO 2011-11-28 20:25:11.326
  Removing file C:Program Filessapinst_instdirx.
  INFO 2011-11-28 20:25:12.201
  Copied file 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/statistic.xml' to 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/statistic.45.xml'.
  INFO 2011-11-28 20:25:12.576
  Copied file 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/statistic.xml' to 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/statistic.46.xml'.
  WARNING 2011-11-28 20:25:14.138
  Unable to get information about path
  LABEL.ASC using GetVolumeInformation. Operating system error message: The specified path is invalid.
  WARNING 2011-11-28 20:25:14.935
  Host name has been overridden. Using host name 'eccuatad1' which might not be the real host name.
  INFO 2011-11-28 20:25:14.935
  Copied file 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/inifile.xml' to 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/inifile.15.xml'.
  INFO 2011-11-28 20:25:15.44
  Execute step
  Component  W2K_ServicePack_Check|ind|ind|ind|ind
  Preprocess  of component |NW_ABAP_DB|ind|ind|ind|ind|0|0|NW_First_Steps|ind|ind|ind|ind|0|0|W2K_ServicePack_Check|ind|ind|ind|ind|2|0
  INFO 2011-11-28 20:25:20.513
  Copied file 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/keydb.xml' to 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/keydb.15.xml'.
  INFO 2011-11-28 20:25:20.607
  Copied file 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/statistic.xml' to 'C:/Program Files/sapinst_instdir/ERPEhP4/AS-ABAP/MSS/DISTRIBUTED/DB/statistic.47.xml'.
  INFO 2011-11-28 20:25:20.638
  Execute step doGrantServiceRights of component |NW_ABAP_DB|ind|ind|ind|ind|0|0|NW_CreateDBandLoad|ind|ind|ind|ind|8|0|NW_CreateDB|ind|ind|ind|ind|0|0|NW_MSS_DB|ind|ind|ind|ind|2|0|MssOsUser|ind|ind|ind|ind|11|0
  ERROR 2011-11-28 20:25:20.857
  FSL-06002  Error 1060 (The specified service does not exist as an installed service.
  ) in execution of a 'SyWinGetSecurityDescriptor' function, line (1296), with parameter (Error in getting security descriptor for 'MSSQL$U001' NT service).
  ERROR 2011-11-28 20:25:20.873
  MUT-03025  Caught ESyException in Modulecall: ESAPinstException: error text undefined.
  ERROR 2011-11-28 20:25:20.873
  FCO-00011  The step doGrantServiceRights with step key |NW_ABAP_DB|ind|ind|ind|ind|0|0|NW_CreateDBandLoad|ind|ind|ind|ind|8|0|NW_CreateDB|ind|ind|ind|ind|0|0|NW_MSS_DB|ind|ind|ind|ind|2|0|MssOsUser|ind|ind|ind|ind|11|0|doGrantServiceRights was executed with status ERROR ( Last error reported by the step :Caught ESyException in Modulecall: ESAPinstException: error text undefined.).
  Could you please let us know any resolution for this. Thank You

  Vincent,
  Thanks for the reply. Still I am not clear on how to use the STM tools in my scenario. I had issues with the domain installation with distributed in a cluster. Working with SAP and got a reply today saying that SAPINST will be modified.
  Krishna

• Executing SSIS packages through SQL Server Jobs.

  Hi,
  I have an SSIS package which generates xml and text files and ftps it to an ftp site. When i run the package from BIDS it works successfully but when i run it from a job it fails. My SSIS package connects to DB server A and though i'm creating a job on DB
  server A but my folder structure and the package resides in server B from where i'm connecting to DB server A through Management Studio. I'm using File system in SQL server Agent Job to call the package. When i execute the job i get following error:
  Executed as user: I\A. ...er Execute Package Utility  Version 9.00.3042.00 for 64-bit  Copyright (C) Microsoft Corp 1984-2005. All rights reserved.    Started:  5:08:05 PM  Error: 2011-06-21 17:08:05.11         
  Description: Unable to load the package as XML because of package does not have a valid XML format. A specific XML parser error will be posted.  End Error  Error: 2011-06-21 17:08:05.11         Description:
  Failed to open package file "E:\P\H\R\Tools\R\R\R.dtsx" due to error 0x80070003 "The system cannot find the path specified.".  This happens when loading a package and the file cannot be opened or loaded correctly into the XML document. This can be the
  result of either providing an incorrect file name was specified when calling LoadPackage or the XML file was specified and has .  The step failed.
  Could you please tell me where am i going wrong?
  Thanks,
  Deepti
  Deepti

  Hi Christa Kurschat,
  I'm running the job under proxy account. And that account has sysadmin permissions.
  I used following script to create proxy account and run my package under that account:
  I. Create job executor account
  Highlight Security->New Login, say to make login as devlogin, type your password, default database can be your target database.
  Server roles: check �sysadmin�
  User mapping: your target database
  Msdb database: you make sure to include
  SQLAgentUserRole, SQLAgentReaderRole,  SQLAgentOperatorRole
  Then click OK
  II. Create SQL proxy account and associate proxy account with job executor account
  Here is the code and run it the query window.
  Use master
  CREATE CREDENTIAL [MyCredential] WITH IDENTITY = 'yourdomain\myWindowAccount', secret = 'WindowLoginPassword'
  Use msdb
  Sp_add_proxy @proxy_name='MyProxy', @credential_name='MyCredential'
  Sp_grant_login_to_proxy @login_name=' devlogin', @proxy_name='MyProxy'
  Sp_grant_proxy_to_subsystem @proxy_name='MyProxy', @subsystem_name='SSIS'
  III. Create SSIS package
  In MS SQL Server Business Intelligence Development Studio, you use job executor account devlogin to create the SSIS package (DTS) and make sure you can execute this package
  in SQL Server Business Intelligence Development Studio. Compile/build this package.
  IV. Create the job, schedule the job and run the job
  In SQL Server Management Studio, highlight SQL Server Agent -> Start. Highlight Job ->New Job�, name it , myJob.
  Under Steps, New Step, name it, Step1,
  Type: SQL Server Integration Service Package
  Run as: myProxy
  Package source: File System
  Browse to select your package file xxx.dtsx
  Click Ok
  Schedule your job and enable it
  I followed these steps.
  Thanks,
  Deepti
  Deepti