Thursday, March 29, 2012

Changing the SQL Server Service Account

I have a SQL 2000 (SP3) running on a Windows NT 4.0 (SP6) box used in our test environment. The SQL Server was configured to run under the local system account before I got here. In an effort to standardize things, I tried changing the SQL Service account to run under a designated domain user account purpose built for the job. We use this particular account for all of our new-build servers (which are W2K). This domain account is configured to be a "Power User" on the NT 4.0 Server in question.

Soon after changing things over to run under the new account, all the developers complained that they could no longer connect to the server. I could through QA and EM, but none of the developers could.

The developers are using WebLogic and JDBC drivers for the most part. I wasn't aware that the SQL Server service account affected client connectivity. Was I wrong or is there something else at work here?

Thanks,

hmscottDamn...I'm dealing with something similar right now...

The SSSA run things on behalf of the server...

My guess is that they all connect using sa blank (or whatever, connection pooling id and are still connectiong using sql server auth) and now that it's trusted, their connections are wrong...

How do they connect?

Like when you register a server in EM?

I don't think the service account has anything to do with it...

MOO|||Hi Brett,

They're connecting via various user accounts that are application-specific. Unfortunately, I am only beginning to make progress on convincing management to swing to all trusted connections. The developers insist that WebLogic doesn't support the concept of running under a service account.

Anyway, one guy was using sa, others were using different application accounts. I was able to connect successfully using a trusted connection (but then, I'm a Domain Admin, too, so there's no telling for sure.

It's far from an ideal setup; I'm just trying to correct things bit by bit.

Regards,

Hugh|||Hi Brett,
The developers insist that WebLogic doesn't support the concept of running under a service account.

That may be true...we use websphere and we set a connection pooling account that authenticates through sql server...but it's 1 id and many connections

Anyway, one guy was using sa
Hugh

There's always one...

Still no one is using the SSSA to connect...right?|||No, no one is using that account. I'm sure because the pasword is quite complex and other than being documented in a restricted folder for the DBAs, it's not known.

Thanks for your time...

Regards,

hmscott

No comments:

Post a Comment