Solved

Lost permissions MS Sql server

Posted on 2014-02-13
4
438 Views
Last Modified: 2014-05-23
Hi all!

Something strange has happened, suddenly only domain users an sa-account have connect-only access to the SQL-server. Domain admins are gone, and I am unable to do anything since all users only have connect-access. I haven't done anything to the server at all, it just suddenly was a problem backing up the database because of the lack of permissions.

Thanks for any help

Kjetil
0
Comment
Question by:Sekodata
  • 2
  • 2
4 Comments
 
LVL 20

Accepted Solution

by:
Marten Rune earned 500 total points
ID: 39858767
What does the errorlog say?
http://support.microsoft.com/kb/966659

Do you backup through a sql agent job, if so what account is the SQL agent running under?

Does the windows applicationlog reveal anything of interest

Come back with answers to these questions and well figure this out.

Regards Marten
0
 

Author Comment

by:Sekodata
ID: 39858793
Hi, the event log:
Login failed for user 'sa'. Reason: An error occurred while evaluating the password. [CLIENT: (ip-address)]

the sql log:
2014-02-14 13:44:57.11 Logon       Error: 18456, Severity: 14, State: 7.
2014-02-14 13:44:57.11 Logon       Login failed for user 'sa'. Reason: An error occurred while evaluating the password. [CLIENT: (ip-address)]
2014-02-14 13:44:58.25 Backup      Error: 3041, Severity: 16, State: 1.
2014-02-14 13:44:58.25 Backup      BACKUP failed to complete the command BACKUP DATABASE (databasename)
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 39859027
State 7: The login is disabled *and* the password is incorrect.
http://sqlblog.com/blogs/aaron_bertrand/archive/2011/01/14/sql-server-v-next-denali-additional-states-for-error-18456.aspx

I'm guessing the authentication mode is not mixed mode, since the SA account is disabled.
Otherwise it can't be disabled if I'm not incorrect.

If you hav a account use it, otherwise restart SQL using the -m
(Start the instance of SQL Server in single-user mode by using either the -m options)
http://technet.microsoft.com/en-us/library/dd207004(v=sql.105).aspx
Now local admins can logon.

Your main problem is probably that there is no known fullbackups, so log backups cannot be performed, se:
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/13e7a89e-bc75-492c-98c6-24e4158f76c3/error-3041-severity-16-state-1-check-the-backup-application-log?forum=sqltools

So fix the accounts (starting up with -m switch), correct the accounts, run a native fullbackup and logbackup to see that they work (don't throw these). Run your backups using your 3'rd party tool. verify the backups on a different server or something similar. Now you can throw the native backups you did earliare.

Regards Marten
0
 

Author Comment

by:Sekodata
ID: 40087697
I've requested that this question be deleted for the following reason:

no fix
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question