Why would you use a managed service account rather than a virtual account in SQL Server 2012?

In SQL Server 2012, service accounts are created as
virtual accounts (VAs), as described
here, as opposed to
managed service accounts (MSAs).
The important differences I can see for these, based on the descriptions:
MSAs are domain accounts, VAs are local accounts
MSAs use automagic password management handled by AD, VAs have no passwords
in a Kerberos context, MSAs register SPNs automatically, VAs do not
Are there any other differences? If Kerberos is not in use, why would a DBA ever prefer an MSA?
UPDATE:
Another user has noted a
possible contradiction in the MS docs concerning VAs:
The virtual account is auto-managed, and the virtual account can access the network
in a domain environment.
versus
Virtual accounts cannot be authenticated to a remote location. All virtual accounts
use the permission of machine account. Provision the machine account in the format
<domain_name>\<computer_name>$.
What is the "machine account"? How/when/why does it get "provisioned"? What is the difference between "accessing the network in a domain environment" and "authenticating to a remote location [in a domain environment]"?

Hi,
“Virtual accounts cannot be authenticated to a remote location. All virtual accounts use the permission of machine account. Provision the machine account in the format <domain_name>\<computer_name>$.”
“The virtual account is auto-managed, and the virtual account can access the network in a domain environment. If the default value is used for the service accounts during SQL Server setup on Windows Server 2008 R2 or Windows 7, a virtual account
using the instance name as the service name is used, in the format NT SERVICE\<SERVICENAME>”
Per the above description, they are two concepts and not conflict with each other.
As you understand, virtual account access network resources by using the credentials of the computer account. Generally, computer account will not be granted permission unless giving the computer account permission on the shared folder manually.
Thanks.
Tracy Cai
TechNet Community Support

Similar Messages

  • I heard some promote use of "Terminal Services(RDS)", rather than App-V application with SCCM 2012 even if you have SCCM licens.

    Hi,
    I heard some promote use of "Terminal Services(RDS)", rather than App-V application with SCCM 2012 even if you have SCCM licens. The reason you dont need to repackage\test the application on an client OS...
    I don't agree and I have not Heard this Before, just that you use TS for some scenario.
    Or is it more likely that "Terminal Services(RDS)", take over the applikation administration?
    /SaiTech

    Surely this all depends on your environment. There's nothing wrong with creating RemoteApps to push to client devices. Maybe you have an environment where RDS is widely used. 
    Why not leverage both solutions and target App-V's at RDS servers and then create App-V based RemoteApps that users can run at home as part of a home working solution via RDWeb.
    Creating apps via RDS will be an admin overhead yes but then so is creating App-V packages in SCCM.
    I don't agree with the arguement re: 'you dont need to repackage\test the application on an client OS...' as
    App-V allows you to run on multple O/S types. 
    To be honest both technologies have their pros and cons. 
    Cheers
    Paul | sccmentor.wordpress.com

  • Is Distributed Transaction Coordinator services of the application role are required by SQL Server 2012 for clustering and support of SharePoint 2013.

    All I want to know is if Distributed Transaction Coordinator services of the application role are required by SQL Server 2012 for clustering and support of SharePoint 2013.
    I have been planning and deploying my companies first Windows Server 2012/SQL Server 2012 Always On cluster and Always On Availability Groups Multi-Subnet cluster and instances for SharePoint 2013, and I will be brutally honest, the documentation on either
    the MSDN and TechNet leave alot to be desired. Continually finding links in the documentation will take me from a Windows 2012 reference to a page talking about Windows Server 2008 or R2, The differences of which there are so many when it comes to configurations,
    settings, roles, services when working with SQL Server 2012. I have been confused, frustrated, screaming mad, with all the misdirection in this documentation.  The documentation takes me windows 2008 R2 which is different than 2012!
    Tired and trying to pick myself up off the floor!
    Greg
    Gman

    In general, DTC is not required for SQL 2012.  But, since you are asking specifically about SharePoint, it would be better to ask in a SharePoint forum.  They would be more likely to know those situations where FTC might be needed by SharePoint. 
    .:|:.:|:. tim

  • Master Data Services not available under shared feature while installing SQL server 2012

    Hi,
    I am trying to install Master Data Services but do not see the option to select MDS under the shared features when going through the SQL server 2012 installation. I have the SQL server 2012 SP1 (64 bit) install files. I have also installed SP2. I havent
    found anything online about the issue.
    Can someone please advise?
    I have a screenshot of the installation screen which I will attach as soon as I am able to get my account verified. Thanks!

    Hi Revees,
    This might be a very naïve and also out of the original scope of the thread question.
    We are thinking of going with the developer edition. We have 2/3 developers and some other testers and business users.
    1) I understand that we need a developer license for each developer. But would we need a license for the business user. Can they have a sort of read access to the dbs?
    2) If a developer has MSDN subscription, Would they need to purchase the license too assuming we purchase the developer edition of the software (and not download it using the MSDN subscription)?
    Thanks for your assistance!

  • Virtual Lab: Exploring SQL Server 2012 Integration Services - Setup script fails

    I am trying to work through a Lab, but cannot get past the Setup script stage.
    The lab is "Exploring SQL Server 2012 Integration Services". I have tried this several times (with new lab instances) and the result is always the same.
    I double click the Setup command ... Press 2 ... when the popup dialog appears I press Ok ... the progress bar completes and the messages in the text box seem to indicate everything has completed (last line says "Done"). I click Close as per the
    instructions and then the script moves to the "Configure SQL Server" stage.
    After a short delay a number of error messages appear: "Could not open a connection ... Login / timeout expired" etc - basically it can't find or can't connect to the server.
    I expected these labs to work seamlessly  :)
    Anyone know what's going wrong here?
    Thanks,
    Larry

    I am moving it to SSIS.
    Kalman Toth Database & OLAP Architect
    SELECT Video Tutorials 4 Hours
    New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012

  • Which service pack should I install if I have SQL Server 2012 RTM version 11.0.2100.60

    I read the recommendation "SQL Server 2012 RTM is no longer in mainstream support. If you wish to continue getting fixes, you should absolutely plan on migrating to the SP2 branch;" from
    http://blogs.sqlsentry.com/team-posts/latest-builds-sql-server-2012/. I am not quite sure how I can migrate from RTM to SP2. Thank you in advance.
    cy

    Hi,
    Yes RTM version of SQL Server 2012 is not supported. You have to apply SQL Server 2012 SP2 below link will help you in doing it
    http://social.technet.microsoft.com/wiki/contents/articles/25632.how-to-install-sql-server-2012-sp2-on-standalone-sql-server-instance.aspx
    Above link also has link to download SQL Server 2012 SP2
    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
    My Technet Wiki Article
    MVP

  • Why would you use Java over C/C++

    This thread :
    http://forum.java.sun.com/thread.jspa?threadID=689490
    Brought back to mind a problem I had in the first C program I worked on -
    I'd declared an array and a file pointer on the stack in a function, overwrote the end of the array by mistake, and trashed the file pointer. The file pointer was used a while after the array was overwritten - took me 2 days to work out what was happening. Array overwrites like this are just not possible in Java - that's a reason to use Java over C or C++.
    Anyone else got their own scare stories like this ? Maybe someone's got a Java scare story that would make you use C ?

    A C++ based bond trading system had the description database varchar field width of 60 characters. The GUI software to display this had buffers 60 characters wide. New bonds came along with widths of over 60 characters so the database field width was changed to 80 characters but nobody told us (the GUI maintenance team) about the change.
    There was no real problem for about 4 days after the first long named bond was inserted. Then, at random times, the GUI application would crash. It took many many days to find the source of the problem and to fix it. The blame was laid at the door of the GUI maintenance team even though we had not written the code and we had logged the potential problem in the bug database months before but management decided that it was not a problem so should not be 'fixed'.
    This literally cost millions because the traders could not be sure of their positions.
    I left as soon as my contract ran out.

  • Why would you use JavaFX over JavaEE or JavaSE?

    Just curious why you would use FX over the others? Is it because of the GUI, and some added features, or what makes FX better?
    Also what exactly is the differences between the 3? It seems like SE is the basic, then EE is used for client-server and maybe security and such? FX seems to just have advanced GUI and stuff like that? Does anyone have a link or a list of what features are different and such?
    Thanks a lot!!!
    ~KZ
    Edited by: KonradZuse on Jul 6, 2012 8:41 AM

    KonradZuse wrote:
    I usually use swing, but I am starting a new business application for real world use, so I want it to be the best it can be. FX's Gui is great, but is it worth it to start using that right away? I also want to be able to use 3D, and as someone said you can do 2D in a 3D space, so that is basically what I need for now, but I would like to be able to do full 3D.JFX isn't exactly built to do 3D stuff right now. But neither is Java2D (the base for AWT and Swing), so nothing is different really.
    So what I really want to know is what is the differences between SE and EE?One is "Java", the other is a specification. For more information I refer to Google.

  • Why would you use Group Discovery

    Does Group discovery just get members (systems or users) from groups? If so, I can just do that on the actual system discovery or user discovery, there is a check box to discovery members of a group. So my question is, what is the point?

    So the actual groups would be in the CM console? At that point I can create a collection of a group or groups and deploy to the machines in those groups? 
    The groups themselves would not be in the console but you would be able to deploy to members of a group by building a collection with query based memberships.
    Query would look like this:
    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
    SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
    from SMS_R_System where SMS_R_System.SystemGroupName = “DomainName\\GroupName”
    Collection will contain all systems member of the group.

  • SQL server 2012 does not see local disks other than C being started under domain account (which is local admin on the server)

    Hi all. We have a SQL Server 2012 installed to a fresh Windows Server 2012 Server. There is a service account domain\rusystem01 created to run SQL services. It is added as a Local administrator on this server.
    The issue is that SQL Server does not see any local drives (other than C drive) on the server if we run it from this domain service account (for example, we cannot move any databases to any other drives or setup backup).
    It works fine (and other drives ARE available) if SQL Services are started from Network service account or Local service account (which is not recommended by Microsoft). But does not work from domain account.
    Any ideas how to fix this?
    MCP

    >Any ideas how to fix this?
    Apply NTFS ACLs for the folders (and perhaps volumes*) for SQL Server.  Use the Per-Service SID, rather than the Service Account for the ACLs so they survive changing the service account. 
    The per-service SID is "NT Service\MSSQLSERVER" for a default instance and "NT Service\MSSQL$InstanceName" for a named instance.
    *Volume ACLs are set in Disk Management.
    David
    David http://blogs.msdn.com/b/dbrowne/
    David, would you please clarify what do you propose? I open D: volume on the Disk management and grant NT Service\MSSQL$DEV account with Full control permissions. Restarted SQL - no effect. Still only C: is visible for SQL.
    MCP

  • Sharepoint 2013 SSRS Interaction with Sql Server 2012 Reporting Services connecting to Sql Server 2008 R2 database

    Hi
    I'm working on upgrading sharepoint 2010 to sharepoint 2013 with sql server 2008 r2. I've ran into some problems but have been able to get a test farm upgraded. However to run SSRS 2013 it seems Sql Server 2012 Reporting Services are required. Upgrading
    to a full sql server 2012 database isn't an option. I know that sql server 2012 reporting services can use sql server 2008 r2 as a catalog and content database so I was wondering could this be a workaround? Importantly would I need a separate machine/virtual
    machine to host sql server 2012 reporting services? or could it live on the sql server 2008 r2 machine? Any pointers appreciated. Thanks Dan

    Remember that SSRS must be deployed on the SharePoint server. Having said that, yes you can install SSRS 2012 SP1 on a server running SQL 2008 R2. And yes, you can use 2008 R2 as your Database Engine server while SSRS 2012 SP1 runs on the SharePoint server.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Trying to install features for PowerPivot and Reporting Services from SQL Server 2012 with SP2, but no access to key?

    Hi,
    I had installed SQL Server 2012 PowerPivot on WFE and App Server. This is test farm with 1 WFE and 1 APP and 1 SQL Server.
    However, we had a heap of issues with Windows Claims Authentication and PowerPivot - issues were raised with "unable to make a connection to EntityDataSource" . Now we uninstalled the PowerPivot and Reporting Services features and wanted to install
    with the SQL Server 2012 with SP2. Originally SP2 was installed seperately and we had read there had been issues.
    Anyway on trying to install the features again using the SQL Server 2012 with SP2 iso I get 
    Could not open key UNKNOWN\Components
    I don't want to start deleting or changing permissions as quite dodgey. What is this key for anyway and how do I resolve my issue.
    Thanks.
    John.

    Hi John,
    Did you meet the error message during the process of configuring the PowerPivot for SharePoint?
    If yes, I suppose that the existing features or components have not been uninstalled completely.
    I recommend to delete the two keys left when uninstalling the PowerPivot and please make a copy of the registry keys before you delete the two keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\ServiceProxies\Microsoft.AnalysisServices.Sharepoint.Integration.MidTierServiceProxy
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\ServiceProxies\Microsoft.AnalysisServices.Sharepoint.Integration.MidTierServicea
    Please check the steps in the link below to see if there anything wrong when you uninstalling the PowerPivot and then re-install it to see how it works:
    https://technet.microsoft.com/en-us/library/ff487866(v=sql.110).aspx
    Thanks,
    Victoria
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Victoria Xia
    TechNet Community Support

  • EHP2 - EHP7 Upgrade Path using SQL Server 2012/Win Server 2012 R2

    Hi Guys.
    I have question regarging Upgrade Roadmap for a ERP 6 EHP2 system based on NW 7.01 which I would like to Upgrade to ERP6 EHP7 SP7
    Source System is
    Windows 2012
    SQL Server 2008 R2
    EHP2 for ERP 6.0 SPS Level 14
    Target System
    Windows 2012
    SQL Server 2012
    EHP7 for ERP 6.0 SP 7 based on NW 7.4 SP 9
    During Upgrade checks it says I must Upgrade Database first before continue since DB Release is too low for NW 7.4 SP9 as stated in Note
    1951491 - Minimal DB system platform requirements for SAP NetWeaver 7.4 SP08
    So, at this point I agree i have to update SQL Server to 2012 before next step
    Now, my concern is that my Source System does not have the minimum NW SP level (14) to run under SQL Server 2012 which is 26.
    Im currently running SAP Kernel 721 EXT Level 401 which is above mininum
    According to Note 1651862 - Release planning for Microsoft SQL Server 2012 that would not be possible
    Existing systems of SAP products that are out of SAP maintenance can be upgraded to SQL Server 2012 in order to prepare a SAP upgrade, if they match the SAP NetWeaver Support Package requirements defined below.
    SAP products prior to SAP NetWeaver 7.0 are not supported at all on SQL Server 2012.
    Required minimum SAP Netweaver Support Package Stacks (SPSs) for SQL Server 2012 (SAP ABAP, SAP ABAP+JAVA stacks)
    SAP NETWEAVER 7.0 - SPS 26 (SAP BASIS 26, SAP BW 28)
    SAP EHP1 FOR SAP NETWEAVER 7.0 - SPS 11 (SAP BASIS 11, SAP BW 11)
    SAP EHP2 FOR SAP NETWEAVER 7.0 - SPS 11 (SAP BASIS 11, SAP BW 11)
    SAP EHP3 FOR SAP NETWEAVER 7.0 - SPS 03 (SAP BASIS 03, SAP BW 03)
    SAP NETWEAVER 7.1 - SPS 14 (SAP BASIS SP14)
    SAP EHP1 FOR SAP NETWEAVER 7.1 EhP1 - SPS 10(SAP BASIS SP10, SAP BW SP10)
    SAP NetWeaver 7.2 - no restriction
    SAP NETWEAVER 7.3 - SPS 07 (SAP BASIS 07, SAP BW 07)
    SAP EHP1 FOR SAP NETWEAVER 7.3 - SPS 03 (SAP BASIS 03, SAP BW 03)
    If your system is running on a SPS lower than the one required above, you have to apply the minimum required SPS before upgrading/migrating to SQL Server 2012.
    If you install a NetWeaver product on SQL Server 2012, the required SPS for your product must be applied immediately after the installation - see SAP note 1676665, section I for more information.
    But performing the Upgrade would be technically possible? I mean not for productive use but technicaly during that time the Database is Upgrade and during SUM Execution.
    According to the note it states if you install a Netweaver Product in SQL Server 2012, SPS must be applied immediately, so is kinda ambigous what SAP is saying.
    Best
    Martin

    Hi Martin,
    For a test scenario, there's no harm in trying it (other than spending a lot of time on it, but hopefully that will prove not to be a waste). Generally, I expect you'll be fine upgrading your DBMS even though you aren't on the required minimum SP yet. The main thing you'll be missing out on is the updates to DBACOCKPIT, but once you do your EhP upgrade (with sps update included), you'll be putting that in place.
    So, you could try this on your sandbox system and see if there are any problems. I assume the intent is to start the EhP upgrade as soon as the DBMS upgrade is done, right? In other words, you won't be actually using the system without the required SP except to run the EhP upgrade?
    Alternatively, you could do a minimal support pack update, perhaps just a Basis SP only, to the minimum SP needed for your current release, then do the DBMS upgrade, then proceed with the EhP upgrade. This would be the safest procedure, but, as I said, I expect you can probably get away without going to this level without much problem. Again, the idea would be minimizing the time between the start and end of the total project on each system (DEV, QAS, PRD, etc).
    Regards,
    Matt

  • Why would you charge me $40 for a supposedly free upgrade?Have been a faithful verizon customer for years went in for myfree upgrade and paid for a iphone and protectve cover now I have to pay a fee for a free service? I will start switching my devices to

    Why would you charge me$40 for a free upgrade? I chose a iPhone and paid you the difference plus protective cover, now you want to charge  me a fee for activating a number I have had for years!!!  I have been a faithful Verizon customer for years but I will switch companies when my contracts are up or I can get a buy out from another company, your free upgrade is not free and is a false advertisement as far as I'm concerned

    However you had already stated you did not choose a "free upgrade", but paid the difference for an iPhone. So much for your "free upgrade". Additionally, I was not aware Verizon was in the business of giving away "free service"(s)?????? Purchasing a "free" or "reduced price" phone IS NOT a free service. You sign a contract in exchange for receiving that benefit. There is an upgrade fee along with that service you are contracted to complete or you will be charged an early termination fee(ETF), so this IS NOT a free service.
    Yes, you have a choice to go with another provider which ALSO charges an upgrade fee OR charges you full retail value for your phone. So much for a "free upgrade" there.
    AT&T = upgrade fee
    Sprint = upgrade fee
    T-Mobile = no upgrade fee but must pay full retail cost for the phone
    For what it is worth, you would not have had to pay an upgrade fee had you simply paid full retail cost for your phone OR purchased it with Edge at full retail cost. Depending on your calling plan and data allowance, you may have even ended up paying less for your phone had you done so. That is why a little research before you make a purchase can go a long way.
    I know it is cheaper for me to pay full retail for a phone than to purchase a discounted device in exchange for signing a contract.
    Good luck with the new provider.

  • Why do you use email to contact me but refuse to accept my email

    Hi
    I understand that email can be a very convenient and effective way of communication; however The FCC has strict regulations on how wireless carriers can ask and receive customer information.
    If you need assistance with an account or billing issue and you’re overseas you can always chat live or call our international support number free from your AT&T mobile at +1.916.843.4685.
    Thanks,
    Charise

    Why do I have to use Facebook, tweeter or this goofy community service instead of email? Why do you use my email address to contact me but refuse to accept email In return? Just like you, I also prefer the ease and convenience of email. Would you prefer I setup my own social network and require you to post your bills to it??! Email is ubiquitous and--unlike your service--it works perfectly overseas.

Maybe you are looking for