?
Solved

Error adding domain account to SQL Server in 2008 R2 AD

Posted on 2011-03-03
5
Medium Priority
?
2,128 Views
Last Modified: 2013-10-12
We are having an issue adding a domain user as an SQL server login.
Environment:
Server: SQL Server 2008 R2, Windows 2008 R2. Computer is on a domain
Domain Controller: Windows 2008 R2, Active Directory on same machine, running on 2008 R2 compatibility mode (not 2000 or 2003 mode as in other posts on this problem!).

When we try to add a domain user to Sql server we get an error 15401 (user or user group not found). However, the active directory can be browsed from that machine - we see the domain users when browsing them in sql server but cannot add them.

The problem has identical symptoms like the often-discussed problem found in Windows 200/2003 active directories and we tried all suggestions we found for this (MS hotfix, kicking the server out of the domain and back in, changing group policy, even disabling the firewall for a moment). Nothing works. It doesn't matter if we try to add the login after having logged into Windows with a local or a domain account. We can add local users as new logins to SQL server without a problem. The behaviour is identical on a second (test) machine running only SQL Server Express 2008 R2 on Win2008R2.

Any ideas how to solve this?

BTW: We stumbled across this when trying to install Team Foundation Server - it's setup stops with a message that the domain controller is unavailable. However, the DC is available as we can login with domain accounts and browse the AD from that server with no problem. We couldn't get this to work so I figured I give it a try in SQL server.
0
Comment
Question by:NilsIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 20

Accepted Solution

by:
Marten Rune earned 2000 total points
ID: 35034268
Is it possible that this name of ther user/group has been altered in the AD?
if so check: http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/240775af-690a-46bf-be21-e1ae63ea024e
(there is also a hotfix at the end of this thread)

This article shows how to errorseek it: http://support.microsoft.com/kb/324321/en-us

//Marten
0
 

Assisted Solution

by:NilsIT
NilsIT earned 0 total points
ID: 35093316
We found the problem was that we used cloned Hyper-V virtual machines that had been cloned AFTER installing Windows Server but without using the sysprep utility. Of course we changed the Netbios name and joined the domain after cloning. Everything SEEMED to work fine but then we got these strange Active Directory errors.

We solved the problem by creating a new virtual machine and installing Windows on it from the scratch (instead of cloning an existing virtual machine). The AD-related problems both in SQL server and Team Foundation Server are gone.

Thank you martenrune for pointing me to that thread as it contained a hint by Chris that the problem can be related to cloned virtual machines.
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 35093656
Glad to se it resolved
//Marten
0
 

Author Closing Comment

by:NilsIT
ID: 35135762
Solution is described in comment NilsIT
0
 
LVL 1

Expert Comment

by:Tec-Futures
ID: 39568166
I had the same issue and ran sysprep to resolve the problem. Removed servers from network and added them back.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question