Unable to determine if the owner (Domain\UserName) of job JOB_NAME has server access

本文涉及的产品
云数据库 RDS SQL Server,基础系列 2核4GB
RDS SQL Server Serverless,2-4RCU 50GB 3个月
推荐场景:
简介: 早上巡检的的时候,发现一数据库的作业报如下错误(作业名等敏感信息已经替换),该作业的OWNER为一个域账号: JOB RUN: 'JOB_NAME' was run on 2016-6-1 at 7:00:00 DURATION: 0 hours, 0 minutes, 1 seconds STATUS: Failed MESSAGES: The job failed.

早上巡检的的时候,发现一数据库的作业报如下错误(作业名等敏感信息已经替换),该作业的OWNER为一个域账号:

JOB RUN: 'JOB_NAME' was run on 2016-6-1 at 7:00:00

DURATION: 0 hours, 0 minutes, 1 seconds

STATUS: Failed

MESSAGES: The job failed. Unable to determine if the owner (Domain\UserName) of job JOB_NAME has server access (reason: Could not obtain information about Windows NT group/user 'Domain\UserName', error code 0x2095. [SQLSTATE 42000] (Error 15404)).

 

在SQL Server Agent错误日志里面,你会看到如下错误信息:

 

Date        2016/6/1 7:10:01

Log        SQL Server Agent (Current - 2016/6/1 8:40:00)

Message

[298] SQLServer Error: 15404, Could not obtain information about Windows NT group/user 'Domain\UserName', error code 0x2095. [SQLSTATE 42000] (ConnIsLoginSysAdmin)

 

 

关于15404的错误的官方介绍如下所示。具体参考下面链接信息

 

Product Name

SQL Server

Event ID

15404

Event Source

MSSQLSERVER

Component

SQLEngine

Symbolic Name

SEC_NTGRP_ERROR

Message Text

Could not obtain information about Windows NT group/user 'user', error code code.

 
 

15404 is used in authentication when an invalid principal is specified. Or, impersonation of a Windows account fails because there is no full trust relationship between the SQL Server service account and the domain of the Windows account.

 

 

Check that the Windows principal exists and is not misspelled.

If this error is the result of a lack of a full trust relationship between the SQL Server service account and the domain of the Windows account, one of the following actions can resolve the error:

  • Use an account from the same domain as the Windows user for the SQL Server service.

  • If SQL Server is using a machine account such as Network Service or Local System, the machine must be trusted by the domain containing the Windows User.

  • Use a SQL Server account.

 

 

 

具体来说,是因为当SQL Server实例不能访问AD Server,因为AD Server出现了异常,导致SQL Server服务(本地Windows用户帐户)试图验证AD中的用户“域\用户名”,但是无法验证,因为它没有正确的/权限访问AD资源。

The SQL Server service (a local Windows user account) was trying to authenticate the user "domain\userName" in AD, which it could not do because it does not have the right/permission to access AD resources.

 

另外关于15404错误,其实有多种可能性,根据具体的代码有所不同(error code 0x5、error code 0x2095 等),以前我遇到一个error code为0x5的案例,总结在这一篇MS SQL Could not obtain information about Windows NT group/user 'domain\login', error code 0x5. [SQLSTATE 42000] (Error 15404)

 

15404 is the exception when EXECUTE AS context cannot be impersonated. Reasons for these error are plenty. The most common reasons are:

  • when the SQL Server instance does not have access to the AD server because is running as a local user or as 'local service' (this would have an error code 0x5, ACCESS_DENIED)
  • when the SQL Server is asked to impersonate an unknown user, like an user from a domain the SQL Server has not idea about (this would have the error code 0x54b, ERROR_NO_SUCH_DOMAIN)

The proper solution is always dependent on the error code, which is the OS error when trying to obtain the impersonated user identity token: one searches first for the error code in the System Error Codes table (or fires up windbg, does a loopback non-invasive kernel debug connection and goes !error, which is what I prefer cause is faster...).

 

解决方法一般也很简单,将作业的ower改为sa或将SQL Agent服务改为拥有sysadmin角色的账号即可解决问题。

 

参考资料:

https://msdn.microsoft.com/en-us/library/dn205134(v=sql.110).aspx

http://stackoverflow.com/questions/1905172/ssrs-unable-to-determine-if-the-owner-of-job-has-server-access-sqlstate-42000

相关实践学习
使用SQL语句管理索引
本次实验主要介绍如何在RDS-SQLServer数据库中,使用SQL语句管理索引。
SQL Server on Linux入门教程
SQL Server数据库一直只提供Windows下的版本。2016年微软宣布推出可运行在Linux系统下的SQL Server数据库,该版本目前还是早期预览版本。本课程主要介绍SQLServer On Linux的基本知识。 相关的阿里云产品:云数据库RDS SQL Server版 RDS SQL Server不仅拥有高可用架构和任意时间点的数据恢复功能,强力支撑各种企业应用,同时也包含了微软的License费用,减少额外支出。 了解产品详情: https://www.aliyun.com/product/rds/sqlserver
相关文章
|
XML 应用服务中间件 数据格式
控制台报错: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting proper
控制台报错: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting proper
102 0
控制台报错: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting proper
|
Kubernetes 容器
k8s报错:Error from server (NotFound): the server could not find the requested resource (get services h
k8s报错:Error from server (NotFound): the server could not find the requested resource (get services h
|
关系型数据库 MySQL Java
解决方案 --Failed to initialize JPA EntityManagerFactory: Unable to create requested service
解决方案 --Failed to initialize JPA EntityManagerFactory: Unable to create requested service
解决方案 --Failed to initialize JPA EntityManagerFactory: Unable to create requested service
|
XML 分布式计算 Hadoop
hiveserver2连接报错: User: root is not allowed to impersonate anonymous (state=08S01,code=0)
hiveserver2连接报错: User: root is not allowed to impersonate anonymous (state=08S01,code=0)
786 0
|
SQL 存储 安全
SQL Agent Job 报“Access to the remote server is denied because the current security context is not trusted”
SQL Server 2005(Microsoft SQL Server 2005 - 9.00.5000.00)下的一个作业执行一个存储过程,存储过程中动态SQL语句使用链接服务器(Linked Servers),从另外一台SQL Server服务器获取数据。
1372 0
|
SQL 安全 数据库
The server principal "sa" is not able to access the database "xxxx" under the current security context
在SQL Server服务器上一个作业执行时,遇到下面错误信息: Message: Executed as user: dbo. The server principal "sa" is not able to access the database "xxxx" under the current security context. [SQLSTATE 08004] (Error 916). The step failed.   作业本身执行的存储过程非常简单,就是将数据库A中的历史数据处理过后,归档到A_History库中,结果就遇到这么一个问题。
2944 0
|
Java 关系型数据库 Oracle
Unable to read additional data from server sessionid
jenkins构建项目报错: Caused by: com.weibo.api.motan.exception.MotanFrameworkException: error_message: ClusterSupport No service urls for the refer:motan://192.
10545 0
|
SQL 数据库 关系型数据库
下一篇
DataWorks