Solved

Event ID 19011 Source MSSQLServer

Posted on 2008-10-29
2
3,677 Views
Last Modified: 2012-06-21
Good morning all,

I am getting the following problem on boot up of my SQL servers

Event ID 19011
Source MSSQLServer
Description
SuperSocket info (SpnRegister): Error 8344

The problem seems to be that my service account does not have enought permissions.  I have spoken to my DBA and gone through the SQL Server 2000 Security (Service Accounts) documentation he has and the following MS artical Q283811.

The DB service account is a Domain User with the following rights in the Application Server GPO

Act as Part of the Operating System
Bypass Traverse Checking
Lock Pages In Memory
Log on as a Batch Job
Log on as a Service
Replace a Process Level Token

Full control over the following registry entries

HKEY_LOCAL_MACHINE\Software\Clients\Mail
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\80
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\MSSQLServer
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\Providers
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\Replication
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\SQLServerAgent
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\Tracking

The user has full control over the Log and data areas on the server and is a memeber of the sysadmin group in enterprise admistrator.

Please can anyone suggest what I might be missing to give this user enough rights to prevent this error.
0
Comment
Question by:GarryBaker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Author Comment

by:GarryBaker
ID: 22830908
OK problem seem to be that the user is unable to register the SPN,  I found a fix saying that you need to confirgure the advanced active directory permission setting to allow the user to Write Public Information.  Does anyone know how to do this and I can seem to be able to find it.

See following ling.

http://www.sqlnewsgroups.net/group/microsoft.public.sqlserver.server/topic12560.aspx
0
 

Accepted Solution

by:
GarryBaker earned 0 total points
ID: 22831199
OK problem resolved.  found the following fix from MS kb811889

To configure the SQL Server service to create SPNs dynamically, follow these steps:1. Click Start, click Run, type Adsiedit.msc, and then click OK.  
2. In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName, and then click Properties.

Notes
" DomainName is a placeholder for the name of the domain.  
" RootDomainName is a placeholder for the name of the root domain.  
" AccountName is a placeholder for the account that you specify to start the SQL Server service.  
" If you specify the Local System account to start the SQL Server service, AccountName is a placeholder for the account that you use to log on to Microsoft Windows.  
" If you specify a domain user account to start the SQL Server service, AccountName is a placeholder for the domain user account.  
 
3. In the CN= AccountName Properties dialog box, click the Security tab.  
4. On the Security tab, click Advanced.  
5. In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries.

If SELF is not listed, click Add, and then add SELF.  
6. Under Permission entries, click SELF, and then click Edit.  
7. In the Permission Entry dialog box, click the Properties tab.  
8. On the Properties tab, click This object only in the Apply onto list, and then make sure that the check boxes for the following permissions are selected under Permissions
" Read servicePrincipalName
" Write servicePrincipalName
 9. Click OK three times, and then exit the ADSI Edit snap-in.  
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question