| Author |
Message |
Brian Donahue
Joined: 23 Aug 2004
Posts: 6343
Location: Red Gate Software
|
 Posted: Thu Sep 15, 2011 2:58 pm Post subject: |
 |
|
The problem is getting information from the Windows Active Directory Server to the SQL Server. The SETUSER function is provided by SQL Server. So it's either a network/firewall issue or a broken SQL Server as far as I know. Not one line of this is Red Gate's code.
_________________
Brian Donahue
Technical Support
Red Gate Software Ltd.
44 (0)870 160 0037 ext 8521
US and CAN 1-866-RED GATE ext 8521 |
|
| Back to top |
|
 |
jhboricua
Joined: 15 Mar 2011
Posts: 27
|
| Posted: Wed Sep 28, 2011 6:17 pm Post subject: |
|
|
Brian,
It is not a firewall issue nor a broken SQL Server. This only affects SQL 2008 and higher instances running on Server 2008 and higher.
My opinion is that the problem is with Red Gate's reliance on SETUSER and SQL 2008 and higher on Windows Server 2008 and higher usage of Service SIDs.
From MSDN http://msdn.microsoft.com/en-us/library/ms143504.aspx:
| Quote: |
| SQL Server enables per-service SID for each of its services on Windows Server 2008 or Windows Vista operating systems in SQL Server 2008 R2 to provide service isolation and defense in depth. The per-service SID is derived from the service name and is unique to that service. For example, a service SID name for SQL Server service might be NT Service\MSSQL$<InstanceName>. Service isolation enables access to specific objects without the need to run a high-privilege account or weaken the security protection of the object. By using an access control entry that contains a service SID, a SQL Server service can restrict access to its resources. |
In SQL 2005, if you used domain accounts for the SQL services the local groups COMPUTER\SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER and COMPUTER\SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER
would get created and they would contain those domain service accounts. Those groups were granted Sysadmin rights on the SQL 2005 instance.
In SQL 2008 and higher, when running on Windows 2008 and higher, the situation changes. Those local groups are still created and granted Sysadmin rights, but if you look at the members of those local groups, you won't find the domain accounts listed as members. Instead you will find the Service SIDs created during setup, listed as 'NT SERVICE\MSSQLSERVER (SID GUID)'
This is actually a good thing! The SQL Agent account still has Sysadmin rights so there should not be a permissions issue... except if you use a deprecated function such as SETUSER which is not able to handle this scenario.
So IMHO it is a problem that Red Gate needs to address with their product. As other users here, I wasted a lot of time trying to figure out a permissions issue that didn't exist. For you to put the onus back on your customers comes across as arrogant and insulting. We know what we're doing. |
|
| Back to top |
|
|
Brian Donahue
Joined: 23 Aug 2004
Posts: 6343
Location: Red Gate Software
|
| Posted: Wed Sep 28, 2011 8:31 pm Post subject: |
|
|
Sorry, did not mean to come across as arrogant. But for the record, we do know about this and are looking into it. Unfortunately my mandate as support engineer only stretches as far as upchanneling these design shortcomings and trying to propose a workaround.
_________________
Brian Donahue
Technical Support
Red Gate Software Ltd.
44 (0)870 160 0037 ext 8521
US and CAN 1-866-RED GATE ext 8521 |
|
| Back to top |
|
|
Brian Donahue
Joined: 23 Aug 2004
Posts: 6343
Location: Red Gate Software
|
|
| Back to top |
|
|
ghopkins
Joined: 19 Nov 2011
Posts: 6
|
| Posted: Sat Nov 19, 2011 6:35 pm Post subject: |
|
|
I am receiving this error. However, I do not have the registry path referenced. I installed SQL Backup 6.5.1.9 via SQL Toolkit. I tried to create the path in my registry anyway, but it didn't work. I have 64-bit SQL Server 2008 R2 on Windows Server 2008 R2.
Can you tell me how to fix this? Thanks. |
|
| Back to top |
|
|
petey
Joined: 24 Apr 2005
Posts: 2215
|
| Posted: Sun Nov 20, 2011 8:05 am Post subject: |
|
|
Please add the SkipChecks registry entry to the following node:
HKEY_LOCAL MACHINE\Software\Red Gate\SQL Backup\BackupSettingsGlobal\<SQL Instance Name>
regardless of whether it's a 32-bit or 64-bit SQL Server instance.
_________________
Peter Yeoh
SQL Backup Consultant Developer
Associate, Yohz Software
Beyond compression - SQL Backup goodies under the hood, updated for version 7 |
|
| Back to top |
|
|
ghopkins
Joined: 19 Nov 2011
Posts: 6
|
| Posted: Wed Nov 23, 2011 8:23 pm Post subject: |
|
|
| Thanks, Petey, for your advice. I created that path with the name of my server as the SQL Instance Name since I have a named default instance. However, I still get the same error. |
|
| Back to top |
|
|
petey
Joined: 24 Apr 2005
Posts: 2215
|
| Posted: Thu Nov 24, 2011 7:53 am Post subject: |
|
|
| Quote: |
| I created that path with the name of my server as the SQL Instance Name since I have a named default instance. |
You need to use the name of the instance, not that of the server. E.g. if your instance name is 'PRODINST', your registry node would be
HKEY_LOCAL MACHINE\Software\Red Gate\SQL Backup\BackupSettingsGlobal\PRODINST
Thanks.
_________________
Peter Yeoh
SQL Backup Consultant Developer
Associate, Yohz Software
Beyond compression - SQL Backup goodies under the hood, updated for version 7 |
|
| Back to top |
|
|
ghopkins
Joined: 19 Nov 2011
Posts: 6
|
| Posted: Thu Nov 24, 2011 10:03 am Post subject: |
|
|
SELECT SERVERPROPERTY('instancename') results in NULL.
I substituted the name that shows in Object Explorer for the Server Name.
I also tried the value that shows in the registry under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL, which has a DWORD of MSSQLSERVER with a value of MSSQL10_50.MSSQLSERVER. I tried this last value of the DWORD. It did not work.
I still get the same error when I run the Job. |
|
| Back to top |
|
|
petey
Joined: 24 Apr 2005
Posts: 2215
|
| Posted: Thu Nov 24, 2011 10:07 am Post subject: |
|
|
If it's the default instance, use
HKEY_LOCAL MACHINE\Software\Red Gate\SQL Backup\BackupSettingsGlobal\(local)
Thanks.
_________________
Peter Yeoh
SQL Backup Consultant Developer
Associate, Yohz Software
Beyond compression - SQL Backup goodies under the hood, updated for version 7 |
|
| Back to top |
|
|
ghopkins
Joined: 19 Nov 2011
Posts: 6
|
| Posted: Thu Nov 24, 2011 10:19 am Post subject: |
|
|
I thought I read that I needed to use the Wow6432Node key since I have 64-bit Windows and 64-bit SQL Backup.
The key I'm filling is this.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Red Gate\BackupSettingsGlobal\<Instance Name> with DWORD SkipChecks with a value of 1. I've also tried QWORD SkipChecks with a value of 1.
Thanks for your help. |
|
| Back to top |
|
|
ghopkins
Joined: 19 Nov 2011
Posts: 6
|
| Posted: Thu Nov 24, 2011 10:22 am Post subject: |
|
|
I found the registry key you mentioned without the Wow in the path, and it worked!!!
Thanks, Petey!!! |
|
| Back to top |
|
|
petey
Joined: 24 Apr 2005
Posts: 2215
|
| Posted: Thu Nov 24, 2011 10:31 am Post subject: |
|
|
Glad to hear it's working for you now.
From version 6.4 onward, SQL Backup stores its settings in the HKEY_LOCAL MACHINE\Software\Red Gate\SQL Backup\BackupSettingsGlobal\ node, even on 64-bit operating systems.
_________________
Peter Yeoh
SQL Backup Consultant Developer
Associate, Yohz Software
Beyond compression - SQL Backup goodies under the hood, updated for version 7 |
|
| Back to top |
|
|
ghopkins
Joined: 19 Nov 2011
Posts: 6
|
| Posted: Thu Nov 24, 2011 11:10 am Post subject: |
|
|
| Good to know and thanks again!! |
|
| Back to top |
|
|
ebutler
Joined: 28 Apr 2009
Posts: 2
|
| Posted: Thu Oct 04, 2012 9:18 pm Post subject: |
|
|
petey thank you for that information.
Is this fixed in releases later than 6.5.1.9?
I spent a day on this issue and I am sure there are a lot more out there that have done the same thing.
I have a lot of servers that I will be migrating to SS 2012 and I would rather not make it a common practice to modify registry settings for all of my installs.
Please advise of an ETA for the solution.
Thank You |
|
| Back to top |
|
|
|
