Can't install SQL Server 2005 SP2: Error 29512 - Unable Add User To Local Group

Posted on 2007-10-11
Last Modified: 2010-05-14
There is already an EE question on this topic but my situation is different.  I've also noticed at least five other posts on the web with this problem with no solutions given.

When installing SP2 for SQL Server 2005 I get this error message:

MSI (s) (E0!68) [09:02:25:673]: Product: Microsoft SQL Server 2005 (64-bit) -- Error 29512. SQL Server Setup was unable add user OUR-LAN-DOMAIN\OUR-SERVICE-ACCOUNT to local group OUR-LAN-DOMAIN\SQLServer2005SQLAgentUser$OUR-DATABASE-SERVER-NAME$MSSQLSERVER.

The error message seems to contradict itself: it says "local group" which seems to me to mean the group on the database server itself YET the group name is prefixed with our LAN domain name.  So which one is it?

Also, I'm not sure if this message means there is a problem in Active Directory or in the security model of SQL Server itself.  I don't think it means SQL Server itself because I don't think SQL Server has groups... it only has Roles, right?

We looked in Active Directory and the user above does indeed exist in the domain-level group mentioned.

Please help!
Question by:ZuZuPetals
    LVL 16

    Expert Comment

    here is the kb on it...

    good luck with that
    LVL 2

    Author Comment

    UPDATE: To our server, I added the local group without the domain prefix:


    Then added the domain user OUR-SERVICE-ACCOUNT to it.

    Funny: I attempt to install SP2 and it still fails, BUT, the install removes OUR-SERVICE-ACCOUNT from the group above !!!  Weird!

    Incidentally, I found the exact location of the failure in the SP2 install log:

    <Func Name='Do_sqlGroupMember'>
    Failure adding user OUR-SERVICE-ACCOUNT to local group OUR-LAN-DOMAIN\SQLServer2005SQLAgentUser$OUR-SERVER$MSSQLSERVER (5)
    Error Code: 0x80070005 (5)
    Windows Error Text: Access is denied.
    Source File Name: sqlca\sqlsecurityca.cpp
    Compiler Timestamp: Sat Oct  7 09:43:41 2006
    Function Name: Do_sqlGroupMember
    Source Line Number: 1132

    I still have a feeling that the reason it's failing is because it's trying to create a local group PREFIXED with OUR-LAN-DOMAIN\

    Local groups can't be prefixed with a DOMAIN\, right?

    Why is SP2 doing this?
    LVL 2

    Accepted Solution

    Ok, we figured this out...

    When SQL Server was originally installed on this Server, the Server was configured as an Active Directory Domain Controller and therefore did not have any "local" users or groups.  As a result, the SQL Server Services accounts were established as DOMAIN acounts, (just as it shows in our error message).


    However, this server has since been demoted and is no longer a Domain Controller, and now does have local users and groups.  So when SP2 is installing and goes looking in the local users accounts for DOMAIN\SQLServer2005SQLAgentUser$OUR-SERVER$MSSQLSERVER, it of course cannot find it.  And because it is a DOMAIN account, it cannot be added to the local users.

    We had forgotten this server used to be a domain controller at one time, and were hence confused when it seemed to be looking for a "local" user that had domain nomenclature.

    So, we've simply reinstalled SQL Server (which worked flawlessly).

    Thanks All!
    LVL 2

    Author Comment

    Ok, just received an email from Experts-Exchange requesting that I do something with this open question... ironically, we had asked Experts-Exchange how to simply retract, or close out a questions some time ago and never received a response.

    Basically in this case, none of the input we received was helpful in solving our issue, and we ultimately solved it ourselves.  We posted what we found/did back here or the benefit of the community, but how do we actually simply close this question?


    Expert Comment

    PAQ'd and 500 points refunded

    Cleanup Admin

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Suggested Solutions

    If you having speed problem in loading SQL Server Management Studio, try to uncheck these options in your internet browser (IE -> Internet Options / Advanced / Security):    . Check for publisher's certificate revocation    . Check for server ce…
    Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now