Ошибка 15404 не удалось получить сведения о пользователе

  • #1

Добрый день, коллеги! Помогите с проблемой — не получается выполнить план обслуживания SQL server 2019. Ошибка внутри Агента

Сообщение
[298] Ошибка SQLServer: 15404, Не удалось получить сведения о пользователе или группе Windows NT «DOMENJulia», код ошибки: 0x5. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

Подскажите что не так…

Последнее редактирование: 20.09.2021

  • #2

Еще вижу пару ошибок, не ясно относится это к делу или нет

Дата 20.09.2021 11:35:22
Журнал Агент SQL Server (Текущий — 20.09.2021 11:35:00)
Сообщение
[408] SQL Server MSSQLSERVER является кластеризованным сервером — возможность автозапуска (AutoRestart) отключена

Дата 20.09.2021 11:35:22
Журнал Агент SQL Server (Текущий — 20.09.2021 11:35:00)

Сообщение
[396] Не определено условие простоя процессора — расписания заданий типа OnIdle использоваться не будут

  • #3

Попробуйте использовать SA а не «DOMENJulia

  • #4

Можно попробовать пересоздать план обслуживания

  • #5

Попробуйте использовать SA а не «DOMENJulia

А где это делать ??

  • #7

Создала план обслуживания заново, заработало)

  • #8

Как я понял, это происходит из-за изменения названия домена или имени ПК (при этом изменяется имя сервера). А у пользователя остаётся предыдущее имя. Например, у вас было имя «DOMENJulia», соответственно имя сервера «DOMEN». Вы меняете имя компьютера на другое, имя сервера тоже меняется на «дргуое», а ваше имя остаётся «DOMENJulia», вместо «другоеJulia». Точнее, оно меняется, но при создании объектов в поле «владелец» записывается старое имя, которое уже не проходит проверку безопасности.

Вот что у меня сейчас и вот что показывает, когда создаю новую БД:

БД.png

Помогло изменение владельца на sa.

  • Remove From My Forums
  • Question

  • For a job under particular user who is not in organization.

    [298] SQLServer Error: 15404, Could not obtain information about Windows NT group/user ‘DomainUser’, error code 0x2. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

    Thanks in Advancce.

Answers

  • Even he is not in organization , his login exists in server.

    My confusion is how can job can be failed

    Hello,

    When job is run owner of job is verified ,owner of job can only be a login .So in case if that login is disabled or deleted job can fail.To overcome this you can make SA as owner because 2 advantages

    1. SA ID does not changes

    2. Even if SA is disabled job will execute as it SQL server when running job is sees administrator as owner of job it will not do impersonation( or check)

    3. Making SA as owner of job might not be completely good practice in terms of security but you can do that .

    Service account is Account with which SQL server and  SQL agent services are running


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    • Proposed as answer by

      Wednesday, February 19, 2014 10:08 AM

    • Edited by
      Shanky_621MVP
      Wednesday, February 19, 2014 10:51 AM
    • Marked as answer by
      Sofiya Li
      Monday, February 24, 2014 3:19 AM

    • Edited by
      Satheesh Variath
      Tuesday, February 18, 2014 2:23 PM
    • Proposed as answer by
      Sofiya Li
      Wednesday, February 19, 2014 10:08 AM
    • Marked as answer by
      Sofiya Li
      Monday, February 24, 2014 3:19 AM

SQLServer Error 15404 can be resolved with Bobcares by your side. 

At Bobcares, we offer solutions for every query, big and small, as a part of our SQL Server Support.

Let’s take a look at how our Support Team is ready to help customers resolve SQLServer Error 15404.

How to resolve SQLServer Error 15404

SQL server error 15404 occurs due to the specification of an invalid principal. Furthermore, the error may also pop up when the impersonation of a Windows account fails due to no full trust relationship between the domain of the Windows account and the SQL Server service account.

For instance, suppose we run a few high privilege T-SQL statements like sp_addsrvrolemember or Create Login, we may find ourselves facing Error 15404.

In this scenario, we will see notice messages in PALLOG. In case the PALLOG is disabled, we have to enable it manually by creating /var/opt/mssql/logger.ini  with the following content:

How to fix SQLServer Error 15404

[Output:sql]
type=File
filename=/var/opt/mssql/log/pallog.txt

[Logger:security]
level=debug
outputs=sql

Let’s take a look at the messages in PALLOG:

03/12/2022 12:36:56.448761588 Debug [security.kerberos] <0000040947/0x00000200> Processing SSPI operation 0x0000000F

03/12/2022 12:36:56.439366379 Error [security.ldap] <0000040947/0x00000200> Initializing credentials for use in new cache failed: Keytab contains no suitable keys for red4$@SQLREPRO.EDU

03/12/2022 12:36:56.439613575 Debug [security.kerberos] <0000040947/0x00000200> Import name [ADMINISTRATOR@SQLREPRO.EDU] returned [ADMINISTRATOR@SQLREPRO.EDU]

03/12/2022 12:36:56.439633375 Debug [security.kerberos] <0000040947/0x00000200> Import name [red4$] returned [red4$]

03/12/2022 12:36:56.439753473 Debug [security.kerberos] <0000040947/0x00000200> Import name [RED4$] returned [RED4$]

03/12/2022 12:36:56.439905471 Debug [security.kerberos] <0000040947/0x00000200> Import name [red4$] returned [red4$]

03/12/2022 12:36:56.440014469 Error [security.kerberos] <0000040947/0x00000200> GSS MAJOR: 851968 GSS MINOR: 39756033 Error acquiring credentials in AcquireCredCaseInsensitive

03/12/2022 12:36:56.440029069 Error [security.kerberos] <0000040947/0x00000200> Unspecified GSS failure. Minor code may provide more information

03/12/2022 12:36:56.440039869 Error [security.kerberos] <0000040947/0x00000200> No key table entry found for red4$@SQLREPRO.EDU

03/12/2022 12:36:56.440053069 Debug [security.kerberos] <0000040947/0x00000200> SSPI operation 0x0000000F returned status: KerberosStream.cpp:2021 Operation unsuccessful

03/12/2022 12:36:56.440119868 Debug [security.kerberos.libos] <0000040961/0x0000020c> GetSecContextByUserABI() return value: 0x80090304

03/12/2022 12:36:56.468617991 Debug [security.kerberos.libos] <0000040961/0x0000020c> QueryContextAttributes() return value: 0x00000000

03/12/2022 12:36:56.468748289 Debug [security.kerberos.libos] <0000040961/0x0000020c> QueryContextAttributes() return value: 0x00000000

03/12/2022 13:56:26.489370580 Debug [security.kerberos.libos] <0000040961/0x0000020c> LookupAccountSid() return value: 0x00000001

As seen above, queries like Create login require checking permissions. The first time this is done, current permission is invalidated. When we repeat it, the permission check is rechecked. Furthermore, during the permission check, the SQL Server will go through the myssql.keytab to find the machine entry key or MSA key

In case the SQL Server cannot find the entries or finds invalid entries, it results in an error.

If we find ourselves facing this particular error, our Support Engineers suggest ensuring the Windows principal exists in addition to not being misspelled. Here are a few more troubleshooting tips courtesy of our Support Team to resolve this issue:

  • Ensure we use an account from the same Windows user domain for the SQL Server service.
  • If SQL Server uses a machine account like Local System or Network System, the machine has to be trusted by the Windows User domain.
  • Use a SQL Server account

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrated how to fix SQLServer Error 15404.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Содержание

  1. MSSQLSERVER_15404
  2. Сведения
  3. Объяснение
  4. Действие пользователя
  5. Fixing Maintenance Plan Error code 0x534
  6. Sql server error 15404 error code 0x534
  7. Answered by:
  8. Question
  9. Sql server error 15404 error code 0x534
  10. Answered by:
  11. Question
  12. SQLServer Error 15404 | How-to-fix
  13. How to resolve SQLServer Error 15404
  14. Conclusion
  15. PREVENT YOUR SERVER FROM CRASHING!

MSSQLSERVER_15404

Применимо к: SQL Server (все поддерживаемые версии)

Сведения

attribute Значение
Название продукта SQL Server
Идентификатор события 15404
Источник события MSSQLSERVER
Компонент SQLEngine
Символическое имя SEC_NTGRP_ERROR
Текст сообщения Не удалось получить сведения о пользователе/группе Windows NT «пользователь«, код ошибки код_ошибки.

Объяснение

15404 используется при проверке подлинности, если указан недопустимый участник. Или олицетворение учетной записи Windows не выполняется, так как не существует связи полного уровня доверия между учетной записью SQL Server и учетной записью домена Windows.

Действие пользователя

Убедитесь, что участник Windows существует и его имя указано верно.

Если эта ошибка — результат отсутствия связи полного уровня доверия между учетной записью службы SQL Server и учетной записью домена Windows, то ошибку можно устранить одним из следующих способов.

Используйте для службы SQL Server учетную запись из домена, к которому относится пользователь Windows.

Если SQL Server использует учетную запись компьютера, например Network Service или Local System, то домен, на котором находится пользователь Windows, должен доверенную связь с компьютером.

Источник

Fixing Maintenance Plan Error code 0x534

Have you ever changed Server name on which SQL Server instance is installed? One of my friends changed the hostname of a Windows server with SQL Server already installed. After this, the SQL Server maintenance plan jobs started to fail. As we know, internally SQL Server still shows the old hostname this must be dropped manually. Otherwise your SQL Server maintenance plan jobs fail with this error.

The Job failed: Could not obtain information about Windows NT group/user ‘XXXXXXAdministrator’, error code 0x534. [SQLSTATE 42000] (Error 15404))

In this post, I will show you the procedure to resolve the errors and execute the SQL Server Agent Maintenance Plan jobs successfully. Below is the error screenshot showing job failure in the SQL Server agent logs. The error is highlighted in the image in red.

First, connect to your SQL Server instance with SQL Server Management Studio and run the below queries to check SQL Server name:

In the below screenshot, the server name and machine name are different.

Run the below shown T-SQL scripts to drop the old server name, and then it add back the SERVERNAME to match the operating system’s hostname.

In the below screenshot, first we dropped old server name.

In the below screenshot, we have added new server name using T-SQL.

Now, log into the SQL Server with a “sysadmin” privileged user. Go to SQL Server logins, and you can still see the oldServernameadministrator login bound with the SQL Server engine.

Drop the login “OldServernameadministrator” and create a new windows login as “NewServernameadministrator”, adding the sysadmin Server role.

In the below screenshot, we have added “DB01administrator” login.

The owner of the job associated with maintenance plan is OldServernameadministrator. We need to reset the ownerid using the below T-SQL Update query.

Now, We need to reset the owner of the job associated with the maintenance plan by running the below T-SQL query. In below screenshot, reset the owner of the job.

Right click on SQL Server job and select properties and change the owner of job to “sa” login.

Delete old maintenance plan and re-create the maintenance plan. Right click and click execute maintenance plan. You can see maintenance plan executed successfully. J

Источник

Sql server error 15404 error code 0x534

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

== I asked this question directly to Remus and wanted to share the response to all of those people using this forum ==

We recently moved our database server from SQL Server 2000 to SQL Server 2005. All applications on our intranet development server stay the same [VS.NET 2003], but recently resources in our Dev DB server ran out of space. While doing a thorough investigation, I noticed ERRORLOG file was occupying about 35 Gig of HDD space. I immediately checked SQL Server error log and noticed an entry which says –

Date 7/7/2006 4:45:37 PM

Log SQL Server (Current — 7/7/2006 4:45:00 PM)

The activated proc [dbo].[SqlQueryNotificationStoredProcedure-5eaf8465-d0cb-4be7-93b6-44bb979dd41c] running on queue BW_Content.dbo.SqlQueryNotificationService-5eaf8465-d0cb-4be7-93b6-44bb979dd41c output the following: ‘Could not obtain information about Windows NT group/user ‘BWCINCHoffK’, error code 0x534.’

What is this SqlQueryNotificationService in my database? Is it a SQL Server 2005 thing? Why the same kind of stored procedure does not exist in other databases, but BW_Content? This error is getting repeated most probably every second and is filling up our server.

I believe our corporate IT people removed our domain accounts from BWCINC domain to BWCORP domain and probably some application which is using BWCINCHoffK credential is getting errored out. I tried to locate this application and was not successful.

Is there anyway that I can stop this ERRORLOG from growing? How can I delete these log entries so that I can make space on our Hard Drive? Is there an easy way in SQL Server 2005 to locate which application is creating this error?

Источник

Sql server error 15404 error code 0x534

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

== I asked this question directly to Remus and wanted to share the response to all of those people using this forum ==

We recently moved our database server from SQL Server 2000 to SQL Server 2005. All applications on our intranet development server stay the same [VS.NET 2003], but recently resources in our Dev DB server ran out of space. While doing a thorough investigation, I noticed ERRORLOG file was occupying about 35 Gig of HDD space. I immediately checked SQL Server error log and noticed an entry which says –

Date 7/7/2006 4:45:37 PM

Log SQL Server (Current — 7/7/2006 4:45:00 PM)

The activated proc [dbo].[SqlQueryNotificationStoredProcedure-5eaf8465-d0cb-4be7-93b6-44bb979dd41c] running on queue BW_Content.dbo.SqlQueryNotificationService-5eaf8465-d0cb-4be7-93b6-44bb979dd41c output the following: ‘Could not obtain information about Windows NT group/user ‘BWCINCHoffK’, error code 0x534.’

What is this SqlQueryNotificationService in my database? Is it a SQL Server 2005 thing? Why the same kind of stored procedure does not exist in other databases, but BW_Content? This error is getting repeated most probably every second and is filling up our server.

I believe our corporate IT people removed our domain accounts from BWCINC domain to BWCORP domain and probably some application which is using BWCINCHoffK credential is getting errored out. I tried to locate this application and was not successful.

Is there anyway that I can stop this ERRORLOG from growing? How can I delete these log entries so that I can make space on our Hard Drive? Is there an easy way in SQL Server 2005 to locate which application is creating this error?

Источник

SQLServer Error 15404 | How-to-fix

by Nikhath K | Apr 3, 2022

SQLServer Error 15404 can be resolved with Bobcares by your side.

At Bobcares, we offer solutions for every query, big and small, as a part of our SQL Server Support.

Let’s take a look at how our Support Team is ready to help customers resolve SQLServer Error 15404.

How to resolve SQLServer Error 15404

SQL server error 15404 occurs due to the specification of an invalid principal. Furthermore, the error may also pop up when the impersonation of a Windows account fails due to no full trust relationship between the domain of the Windows account and the SQL Server service account.

For instance, suppose we run a few high privilege T-SQL statements like sp_addsrvrolemember or Create Login, we may find ourselves facing Error 15404.

In this scenario, we will see notice messages in PALLOG. In case the PALLOG is disabled, we have to enable it manually by creating /var/opt/mssql/logger.ini with the following content:

Let’s take a look at the messages in PALLOG:

As seen above, queries like Create login require checking permissions. The first time this is done, current permission is invalidated. When we repeat it, the permission check is rechecked. Furthermore, during the permission check, the SQL Server will go through the myssql.keytab to find the machine entry key or MSA key

In case the SQL Server cannot find the entries or finds invalid entries, it results in an error.

If we find ourselves facing this particular error, our Support Engineers suggest ensuring the Windows principal exists in addition to not being misspelled. Here are a few more troubleshooting tips courtesy of our Support Team to resolve this issue:

  • Ensure we use an account from the same Windows user domain for the SQL Server service.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrated how to fix SQLServer Error 15404.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

Источник

I am creating a SQL Server Replication using a script. When I try to execute

The job failed. Unable to determine if the owner (STARmoorer7) of job L3BPT2M-Atlas-14 has server access (reason: Could not obtain information about Windows NT group/user 'STARmoorer7', error code 0x5. [SQLSTATE 42000] (Error 15404)).

This is a job created by a script that defines replication.

How do I debug this?

asked Aug 5, 2009 at 17:13

Raj More's user avatar

Raj MoreRaj More

46.5k33 gold badges128 silver badges195 bronze badges

3

Active Directory is refusing access to your SQL Agent. The Agent should be running under an account that is recognized by STAR domain controller.

magnattic's user avatar

magnattic

12.4k13 gold badges63 silver badges114 bronze badges

answered Aug 5, 2009 at 17:30

Remus Rusanu's user avatar

Remus RusanuRemus Rusanu

286k40 gold badges430 silver badges565 bronze badges

7

For me, the jobs were running under DOMAINAdministrator and failing with the error message "The job failed. Unable to determine if the owner (DOMAINadministrator) of job Agent history clean up: distribution has server access (reason: Could not obtain information about Windows NT group/user 'DOMAINadministrator', error code 0x5. [SQLSTATE 42000] (Error 15404)). To fix this, I changed the owner of each failing job to sa. Worked flawlessly after that. The jobs were related to replication cleanup, but I’m unsure if they were manually added or were added as a part of the replication set-up — I wasn’t involved with it, so I am not sure.

answered Sep 19, 2016 at 15:00

Derreck Dean's user avatar

Derreck DeanDerreck Dean

3,6481 gold badge26 silver badges45 bronze badges

0

We encountered similar errors in a testing environment on a virtual machine. If the machine name changes due to VM cloning from a template, you can get this error.

If the computer name changed from OLD to NEW.

A job uses this stored procedure:

msdb.dbo.sp_sqlagent_has_server_access @login_name = 'OLDAdministrator'

Which uses this one:

EXECUTE master.dbo.xp_logininfo 'OLDAdministrator'

Which gives this SQL error 15404

select text from sys.messages where message_id = 15404;
Could not obtain information about Windows NT group/user '%ls', error code %#lx.

Which I guess is correct, under the circumstances. We added a script to the VM cloning/deployment process that re-creates the SQL login.

answered Feb 16, 2012 at 21:43

Craig Celeste's user avatar

Craig CelesteCraig Celeste

12k9 gold badges41 silver badges48 bronze badges

In my case I was getting this error trying to use the IS_ROLEMEMBER() function on SQL Server 2008 R2. This function isn’t valid prior to SQL Server 2012.

Instead of this function I ended up using

select 1 
from sys.database_principals u 
inner join sys.database_role_members ur 
    on u.principal_id = ur.member_principal_id 
inner join sys.database_principals r 
    on ur.role_principal_id = r.principal_id 
where r.name = @role_name 
and u.name = @username

Significantly more verbose, but it gets the job done.

Raj More's user avatar

Raj More

46.5k33 gold badges128 silver badges195 bronze badges

answered Jan 3, 2013 at 18:44

Bacon Bits's user avatar

Bacon BitsBacon Bits

30k5 gold badges56 silver badges63 bronze badges

Just solved this problem. In my case it was domain controller is not accessible, because both dns servers was google dns.

I just add to checklist for this problem:

  • check domain controller is accessible

answered Aug 4, 2014 at 11:26

Rail's user avatar

RailRail

7008 silver badges12 bronze badges

1

I was having the same issue, which turned out to be caused by the Domain login that runs the SQL service being locked out in AD. The lockout was caused by an unrelated usage of the service account for another purpose with the wrong password.

The errors received from SQL Agent logs did not mention the service account’s name, just the name of the user (job owner) that couldn’t be authenticated (since it uses the service account to check with AD).

answered Mar 4, 2015 at 0:51

mniles's user avatar

I had to connect to VPN for the publish script to successfully deploy to the DB.

answered Apr 25, 2015 at 17:42

Pete's user avatar

PetePete

1492 silver badges14 bronze badges

In our case, the Windows service account that SQL Server and SQL Agent were running under were locked out in Active Directory.

answered Jul 12, 2019 at 12:57

Michael Ross's user avatar

I just got this error and it turns out my AD administrator deleted the service account used by EVERY SQL Server instance in the entire company. Thank goodness AD has its own recycle bin.

See if you can run the Active Directory Users and Computers utility (%SystemRoot%system32dsa.msc), and check to make sure the account you are relying on still exists.

answered May 26, 2020 at 22:03

Ken's user avatar

  • #1

Добрый день, коллеги! Помогите с проблемой — не получается выполнить план обслуживания SQL server 2019. Ошибка внутри Агента

Сообщение
[298] Ошибка SQLServer: 15404, Не удалось получить сведения о пользователе или группе Windows NT «DOMENJulia», код ошибки: 0x5. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

Подскажите что не так…

Последнее редактирование: 20.09.2021

  • #2

Еще вижу пару ошибок, не ясно относится это к делу или нет

Дата 20.09.2021 11:35:22
Журнал Агент SQL Server (Текущий — 20.09.2021 11:35:00)
Сообщение
[408] SQL Server MSSQLSERVER является кластеризованным сервером — возможность автозапуска (AutoRestart) отключена

Дата 20.09.2021 11:35:22
Журнал Агент SQL Server (Текущий — 20.09.2021 11:35:00)

Сообщение
[396] Не определено условие простоя процессора — расписания заданий типа OnIdle использоваться не будут

  • #3

Попробуйте использовать SA а не «DOMENJulia

  • #4

Можно попробовать пересоздать план обслуживания

  • #5

Попробуйте использовать SA а не «DOMENJulia

А где это делать ??

  • #7

Создала план обслуживания заново, заработало)

  • #8

Как я понял, это происходит из-за изменения названия домена или имени ПК (при этом изменяется имя сервера). А у пользователя остаётся предыдущее имя. Например, у вас было имя «DOMENJulia», соответственно имя сервера «DOMEN». Вы меняете имя компьютера на другое, имя сервера тоже меняется на «дргуое», а ваше имя остаётся «DOMENJulia», вместо «другоеJulia». Точнее, оно меняется, но при создании объектов в поле «владелец» записывается старое имя, которое уже не проходит проверку безопасности.

Вот что у меня сейчас и вот что показывает, когда создаю новую БД:

БД.png

Помогло изменение владельца на sa.

Перейти к контенту

SQLServer Error 15404 can be resolved with Bobcares by your side. 

At Bobcares, we offer solutions for every query, big and small, as a part of our SQL Server Support.

Let’s take a look at how our Support Team is ready to help customers resolve SQLServer Error 15404.

How to resolve SQLServer Error 15404

SQL server error 15404 occurs due to the specification of an invalid principal. Furthermore, the error may also pop up when the impersonation of a Windows account fails due to no full trust relationship between the domain of the Windows account and the SQL Server service account.

For instance, suppose we run a few high privilege T-SQL statements like sp_addsrvrolemember or Create Login, we may find ourselves facing Error 15404.

In this scenario, we will see notice messages in PALLOG. In case the PALLOG is disabled, we have to enable it manually by creating /var/opt/mssql/logger.ini  with the following content:

How to fix SQLServer Error 15404

[Output:sql]
type=File
filename=/var/opt/mssql/log/pallog.txt

[Logger:security]
level=debug
outputs=sql

Let’s take a look at the messages in PALLOG:

03/12/2022 12:36:56.448761588 Debug [security.kerberos] <0000040947/0x00000200> Processing SSPI operation 0x0000000F

03/12/2022 12:36:56.439366379 Error [security.ldap] <0000040947/0x00000200> Initializing credentials for use in new cache failed: Keytab contains no suitable keys for red4$@SQLREPRO.EDU

03/12/2022 12:36:56.439613575 Debug [security.kerberos] <0000040947/0x00000200> Import name [ADMINISTRATOR@SQLREPRO.EDU] returned [ADMINISTRATOR@SQLREPRO.EDU]

03/12/2022 12:36:56.439633375 Debug [security.kerberos] <0000040947/0x00000200> Import name [red4$] returned [red4$]

03/12/2022 12:36:56.439753473 Debug [security.kerberos] <0000040947/0x00000200> Import name [RED4$] returned [RED4$]

03/12/2022 12:36:56.439905471 Debug [security.kerberos] <0000040947/0x00000200> Import name [red4$] returned [red4$]

03/12/2022 12:36:56.440014469 Error [security.kerberos] <0000040947/0x00000200> GSS MAJOR: 851968 GSS MINOR: 39756033 Error acquiring credentials in AcquireCredCaseInsensitive

03/12/2022 12:36:56.440029069 Error [security.kerberos] <0000040947/0x00000200> Unspecified GSS failure. Minor code may provide more information

03/12/2022 12:36:56.440039869 Error [security.kerberos] <0000040947/0x00000200> No key table entry found for red4$@SQLREPRO.EDU

03/12/2022 12:36:56.440053069 Debug [security.kerberos] <0000040947/0x00000200> SSPI operation 0x0000000F returned status: KerberosStream.cpp:2021 Operation unsuccessful

03/12/2022 12:36:56.440119868 Debug [security.kerberos.libos] <0000040961/0x0000020c> GetSecContextByUserABI() return value: 0x80090304

03/12/2022 12:36:56.468617991 Debug [security.kerberos.libos] <0000040961/0x0000020c> QueryContextAttributes() return value: 0x00000000

03/12/2022 12:36:56.468748289 Debug [security.kerberos.libos] <0000040961/0x0000020c> QueryContextAttributes() return value: 0x00000000

03/12/2022 13:56:26.489370580 Debug [security.kerberos.libos] <0000040961/0x0000020c> LookupAccountSid() return value: 0x00000001

As seen above, queries like Create login require checking permissions. The first time this is done, current permission is invalidated. When we repeat it, the permission check is rechecked. Furthermore, during the permission check, the SQL Server will go through the myssql.keytab to find the machine entry key or MSA key

In case the SQL Server cannot find the entries or finds invalid entries, it results in an error.

If we find ourselves facing this particular error, our Support Engineers suggest ensuring the Windows principal exists in addition to not being misspelled. Here are a few more troubleshooting tips courtesy of our Support Team to resolve this issue:

  • Ensure we use an account from the same Windows user domain for the SQL Server service.
  • If SQL Server uses a machine account like Local System or Network System, the machine has to be trusted by the Windows User domain.
  • Use a SQL Server account

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrated how to fix SQLServer Error 15404.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

I am creating a SQL Server Replication using a script. When I try to execute

The job failed. Unable to determine if the owner (STARmoorer7) of job L3BPT2M-Atlas-14 has server access (reason: Could not obtain information about Windows NT group/user 'STARmoorer7', error code 0x5. [SQLSTATE 42000] (Error 15404)).

This is a job created by a script that defines replication.

How do I debug this?

asked Aug 5, 2009 at 17:13

Raj More's user avatar

Raj MoreRaj More

46.5k33 gold badges128 silver badges194 bronze badges

3

Active Directory is refusing access to your SQL Agent. The Agent should be running under an account that is recognized by STAR domain controller.

magnattic's user avatar

magnattic

12.4k13 gold badges63 silver badges114 bronze badges

answered Aug 5, 2009 at 17:30

Remus Rusanu's user avatar

Remus RusanuRemus Rusanu

285k40 gold badges429 silver badges564 bronze badges

7

For me, the jobs were running under DOMAINAdministrator and failing with the error message "The job failed. Unable to determine if the owner (DOMAINadministrator) of job Agent history clean up: distribution has server access (reason: Could not obtain information about Windows NT group/user 'DOMAINadministrator', error code 0x5. [SQLSTATE 42000] (Error 15404)). To fix this, I changed the owner of each failing job to sa. Worked flawlessly after that. The jobs were related to replication cleanup, but I’m unsure if they were manually added or were added as a part of the replication set-up — I wasn’t involved with it, so I am not sure.

answered Sep 19, 2016 at 15:00

Derreck Dean's user avatar

Derreck DeanDerreck Dean

3,6581 gold badge25 silver badges45 bronze badges

0

We encountered similar errors in a testing environment on a virtual machine. If the machine name changes due to VM cloning from a template, you can get this error.

If the computer name changed from OLD to NEW.

A job uses this stored procedure:

msdb.dbo.sp_sqlagent_has_server_access @login_name = 'OLDAdministrator'

Which uses this one:

EXECUTE master.dbo.xp_logininfo 'OLDAdministrator'

Which gives this SQL error 15404

select text from sys.messages where message_id = 15404;
Could not obtain information about Windows NT group/user '%ls', error code %#lx.

Which I guess is correct, under the circumstances. We added a script to the VM cloning/deployment process that re-creates the SQL login.

answered Feb 16, 2012 at 21:43

Craig Celeste's user avatar

Craig CelesteCraig Celeste

11.9k9 gold badges41 silver badges48 bronze badges

In my case I was getting this error trying to use the IS_ROLEMEMBER() function on SQL Server 2008 R2. This function isn’t valid prior to SQL Server 2012.

Instead of this function I ended up using

select 1 
from sys.database_principals u 
inner join sys.database_role_members ur 
    on u.principal_id = ur.member_principal_id 
inner join sys.database_principals r 
    on ur.role_principal_id = r.principal_id 
where r.name = @role_name 
and u.name = @username

Significantly more verbose, but it gets the job done.

Raj More's user avatar

Raj More

46.5k33 gold badges128 silver badges194 bronze badges

answered Jan 3, 2013 at 18:44

Bacon Bits's user avatar

Bacon BitsBacon Bits

30k5 gold badges55 silver badges63 bronze badges

Just solved this problem. In my case it was domain controller is not accessible, because both dns servers was google dns.

I just add to checklist for this problem:

  • check domain controller is accessible

answered Aug 4, 2014 at 11:26

Rail's user avatar

RailRail

7008 silver badges12 bronze badges

1

I was having the same issue, which turned out to be caused by the Domain login that runs the SQL service being locked out in AD. The lockout was caused by an unrelated usage of the service account for another purpose with the wrong password.

The errors received from SQL Agent logs did not mention the service account’s name, just the name of the user (job owner) that couldn’t be authenticated (since it uses the service account to check with AD).

answered Mar 4, 2015 at 0:51

mniles's user avatar

I had to connect to VPN for the publish script to successfully deploy to the DB.

answered Apr 25, 2015 at 17:42

Pete's user avatar

PetePete

1492 silver badges14 bronze badges

In our case, the Windows service account that SQL Server and SQL Agent were running under were locked out in Active Directory.

answered Jul 12, 2019 at 12:57

Michael Ross's user avatar

I just got this error and it turns out my AD administrator deleted the service account used by EVERY SQL Server instance in the entire company. Thank goodness AD has its own recycle bin.

See if you can run the Active Directory Users and Computers utility (%SystemRoot%system32dsa.msc), and check to make sure the account you are relying on still exists.

answered May 26, 2020 at 22:03

Ken's user avatar

Hello,

I’m having trouble running jobs with my active directory (ADS) account. I’ve setup my SQL services to run under an ADS account, but jobs cannot seem to query ADS for user information. We’re running Windows Server 2003 and SQL Server 2005 SP2.

 Here is the error message:

==

The job failed.  Unable to determine if the owner (ADSme) of job eFASRtest has server access (reason: Could not obtain information about Windows NT group/user ‘ADSme’, error code 0x5. [SQLSTATE 42000] (Error 15404)).

==

also this message in log:

==

[298] SQLServer Error: 15404, Could not obtain information about Windows NT group/user ‘ADSme, error code 0x5. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

==

I have done a *lot* of searching and cannot find the solution. I believe the 0x5 code is access denied. 

The same job runs if I change the owner to a SQL login that’s not an ADS account.

I’m not certain how to confirm that the SQL Agent account is the account actually querying ADS, also.

Any help would be greatly appreciated!

 Thanks,

-Tony

  • Remove From My Forums
  • Question

  • Hello,

    Thank you all in advance for a reply (and hopefully a solution!).

    Intermittently, we receive the following error when a SQL Agent Job is started:

    The job failed.  Unable to determine if the owner (DOMAINsvcaccount) of job SolveMe has server access (reason: Could not obtain information about Windows NT group/user ‘DOMAINsvcaccount’, error code 0x3a. [SQLSTATE 42000] (Error 15404)).

    Again, the key word is intermittently. Our processes work most nights, but sometimes the above error pops up. This happens for various jobs at various times.

    Additionally, this error has been seen with DTS packages in SQL Server 2000.

    I do not believe this is a permissions issue with the service account, because as I said, most of the time it works. However when it doesn’t, our on call gets paged in the middle of the night to simply restart the process. That is no fun at all!

    Any ideas??

  • Remove From My Forums
  • Question

  • Hello,

    Thank you all in advance for a reply (and hopefully a solution!).

    Intermittently, we receive the following error when a SQL Agent Job is started:

    The job failed.  Unable to determine if the owner (DOMAINsvcaccount) of job SolveMe has server access (reason: Could not obtain information about Windows NT group/user ‘DOMAINsvcaccount’, error code 0x3a. [SQLSTATE 42000] (Error 15404)).

    Again, the key word is intermittently. Our processes work most nights, but sometimes the above error pops up. This happens for various jobs at various times.

    Additionally, this error has been seen with DTS packages in SQL Server 2000.

    I do not believe this is a permissions issue with the service account, because as I said, most of the time it works. However when it doesn’t, our on call gets paged in the middle of the night to simply restart the process. That is no fun at all!

    Any ideas??

  • Remove From My Forums
  • Question

  • I have created a Job which will run the script generated by LiteSpeed for a particular DB Restore. However when i run the job, it is failing with the following error:

    The job failed.  Unable to determine if the owner (REDMONDv-kamir) of job Restore_Job has server access (reason: Could not obtain information about Windows NT group/user ‘REDMONDv-kamir’, error code 0x5. [SQLSTATE 42000] (Error 15404)).

    I ran the script through SSMS and it works fine. Any ideas how to fix this?

Answers

  • Hello,

    Error 0x5 means access denied.

    Try to changing the owner of the jobs to the sa account, on the properties of the job.

    If the above does no help, please change the service account for the SQL Server agent service to account with proper permissions.

    http://technet.microsoft.com/en-us/library/ms345578.aspx

    Hope this helps.
      
     
    Regards,

    Alberto Morillo

    SQLCoffee.com

    • Proposed as answer by

      Friday, December 31, 2010 3:20 AM

    • Marked as answer by
      Kazim Ali Tabrez Mir
      Friday, December 31, 2010 5:56 PM

SQL Server Agent 15404 Error

If you encounter in the Sql Server Agent Log «SQLServer Error: 15404, Could not obtain information about Windows NT group/user ‘ISTMRKSQLHOSTAdministrator’, error code 0x534. [SQLSTATE 42000] (ConnIsLoginSysAdmin)» this is related with Sql Server Agent job security.

Open Sql Server Management Studio, go to Object Explorer select Jobs under SQL Server Agent. Find your Maintenance Plan and right click on it, select Properties. On the General Page change Owner to ‘sa‘. Then execute the maintenance plan again.

Popular posts from this blog

On HP 3PAR Storage, disks are grouped inside magazines. So when it comes to replacing a failed disk, magazine that holds the disk has to be brought offline using a servicemag start command.

In this post, I am going to explain configuring multiple VLANs on a bond interface. First and foremost, I would like to describe the environment and give details of the infrastructure. The server has 4 Ethernet links to a layer 3 switch with names: enp3s0f0, enp3s0f1, enp4s0f0, enp4s0f1 There are two bond interfaces both configured as active-backup bond0, bond1 enp4s0f0 and enp4s0f1 interfaces are bonded as bond0. Bond0 is for making ssh connections and management only so corresponding switch ports are not configured in trunk mode. enp3s0f0 and enp3s0f1 interfaces are bonded as bond1. Bond1 is for data and corresponding switch ports are configured in trunk mode. Bond0 is the default gateway for the server and has IP address 10.1.10.11 Bond1 has three subinterfaces with VLAN 4, 36, 41. IP addresses are 10.1.3.11, 10.1.35.11, 10.1.40.11 respectively. Proper communication with other servers on the network we should use routing tables. There are three

Recently I have to export the user list for a particular domain. Luckily Zimbra has Admin GUI with a search feature. When you search accounts, you can download search results as a comma-separated csv file. So I did a search and download the result file, but the result did not have all the columns I need and also there is no option for customizing columns for search results. So I had to write a bash script to get the desired list. Here is the bash script ( It can be customized by adding or removing field names. Run it under zimbra user like ./zimbra_account_list.sh <domain_name_here> ):

  • #1

Добрый день, коллеги! Помогите с проблемой — не получается выполнить план обслуживания SQL server 2019. Ошибка внутри Агента

Сообщение
[298] Ошибка SQLServer: 15404, Не удалось получить сведения о пользователе или группе Windows NT «DOMENJulia», код ошибки: 0x5. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

Подскажите что не так…

Последнее редактирование: 20.09.2021

  • #2

Еще вижу пару ошибок, не ясно относится это к делу или нет

Дата 20.09.2021 11:35:22
Журнал Агент SQL Server (Текущий — 20.09.2021 11:35:00)
Сообщение
[408] SQL Server MSSQLSERVER является кластеризованным сервером — возможность автозапуска (AutoRestart) отключена

Дата 20.09.2021 11:35:22
Журнал Агент SQL Server (Текущий — 20.09.2021 11:35:00)

Сообщение
[396] Не определено условие простоя процессора — расписания заданий типа OnIdle использоваться не будут

  • #3

Попробуйте использовать SA а не «DOMENJulia

  • #4

Можно попробовать пересоздать план обслуживания

  • #5

Попробуйте использовать SA а не «DOMENJulia

А где это делать ??

  • #7

Создала план обслуживания заново, заработало)

  • #8

Как я понял, это происходит из-за изменения названия домена или имени ПК (при этом изменяется имя сервера). А у пользователя остаётся предыдущее имя. Например, у вас было имя «DOMENJulia», соответственно имя сервера «DOMEN». Вы меняете имя компьютера на другое, имя сервера тоже меняется на «дргуое», а ваше имя остаётся «DOMENJulia», вместо «другоеJulia». Точнее, оно меняется, но при создании объектов в поле «владелец» записывается старое имя, которое уже не проходит проверку безопасности.

Вот что у меня сейчас и вот что показывает, когда создаю новую БД:

БД.png

Помогло изменение владельца на sa.

Студворк — интернет-сервис помощи студентам

Доброго времени суток друзья! Помогите пожалуйста разобраться с одним вопросом, есть mssql, на нем висят БД 1с, до сих пор резервную копию делал руками, но баз стало довольно много, и решил воспользоваться планом обслуживания. Создал план, настроил расписание, и как положено в Агенте SQL Server в разделе задания появились мои вложенные планы, но вот проблема, при попытке запуска выдается такая ошибка:
Ошибка SQLServer: 15404, Не удалось получить сведения о пользователе или группе Windows NT «WIN-37L9L2ERROUAdministr», код ошибки: 0x534. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

Немного почитав информации по этой ошибке, изменил владельца для вложенных планов, в задании Агента SQL, но результат остался прежним.

Тип Аутентификации смешанный.

Подскажите пожалуйста, как можно решить эту проблему?

Понравилась статья? Поделить с друзьями:
  • Ошибка 1540 опель зафира
  • Ошибка 1145 ipad
  • Ошибка 1134 порше кайен
  • Ошибка 1130 гранд чероки
  • Ошибка 1130 toyota