RE: SSL won't work under Domain User account. MS Fix buletin does not

From: Tim S (TimS_at_discussions.microsoft.com)
Date: 10/26/04 

Date: Tue, 26 Oct 2004 12:09:02 -0700

Have you added the "domain User" to the sysadmin SQL role.

example

    EXEC sp_grantlogin @loginame = 'Domain\User'
    EXEC sp_addsrvrolemember
        @loginame = 'Domain\User', @rolename = 'sysadmin'

Tim S

"Jason Robertson" wrote:

> Hi,
>
> I have set up an Active Directory, Certificate Services on Windows 2003
> Server. I am running SQL 2000 Server. AD and Certificate Services were
> installed correctly.
>
> My goal is to be able to use SSL when connecting to SQL Server via Query
> Analyzer. I also want to keep the SQL Server installation under a "Domain
> User" account with as little privileges as possible.
>
> My problem is that SQL Server will not start when "Domain User" is only a
> "member of" "Users" group. It starts when I make "Domain User" a "member of"
> "Administrators". It seems that the SSL "forced encryption" will only work
> with "Administrator" privileges which is the total access to control the
> server, and this is not safe.
>
> Does it mean that SSL "forced encryption" will only work under a "Domain
> User" that is a "member" of "Administrators"? Is there another "Group" with
> limited privileges that I could assign the "Domain User" to?
>
> How else could I have the SSL work and SQL server installation in a "Domain
> User" account?
>
> I have tried so many different things. Wasted one week already. Nothing
> works. There was some MS bug bulletin saying that this problem was fixed
> with SQL 2000 service pack 2. I have service pack 3a installed. It still
> does not work. The log shows the same errors as on the MS fix buletin that
> was supposed to be fixed by that sevice pack. I've tried with Windows 2003
> Srv, Win 2000 Srv. SQL Standard, Enterprise. I just cant get it to run. Can
> you offer some more specific clues? It is so depressing and dissapointing.
> Here is the MS buletin that I mentioned:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;314636
>
> Thank you for your help.
>
>
>

Relevant Pages

  • Re: Unable to Apply SP4 to SQL 2000 Cluster (new Node)
    ... Rebuild the node in the failover cluster. ... Scenario 1" in SQL Server 2000 Books Online. ... This setup process updates to SP4 only the binaries on the new ...
    (microsoft.public.sqlserver.clustering)
  • Re: WSS 3.0 question
    ... I followed the advise given in removing WSS 3.0 etc, ... the server is complaining that the SQL service(?) was tempered with or corrupt. ... I may just instal the SQL server as I was going eventuall use it anyway. ... If WSUS 3.0 is installed, I would suggest you uninstall it and then you install WSS 3.0. ...
    (microsoft.public.windows.server.sbs)
  • Re: SQL Server 2005 Cluster Setup Quiz
    ... I did test and it did not install the client tools. ... http://www.clusterhelp.com - Cluster Training ... Microsoft SQL Server MVP ... Provide a template on how to read SQL Server 2005 setup log files. ...
    (microsoft.public.sqlserver.clustering)
  • Re: WSUS
    ... I'm not seeing performance issues with the full enchilada installed, and 25 users busy hitting SQL. ... WSUS isn't difficult to uninstall - if you have WSUS v2 (installed with SBS R2) uninstall R2 from add/remove programs. ... How can anyone work with 4 instances of SQL Server on the same box? ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot setup SQL Mail on SBS 2003
    ... Microsoft CSS Online Newsgroup Support ... Cannot setup SQL Mail on SBS 2003 ... The account you use to start the SQL Server service must be a domain ...
    (microsoft.public.windows.server.sbs)