Re: SSL won't work under Domain User account. MS Fix buletin does not
From: Jason Robertson (jason6869_at_msn.com)
Date: 10/27/04
- Next message: Siri: "GRANT permission to lots of tables and sp to db user"
- Previous message: Steve Ricketts: "Re: One Web Service updates SQL, another can't?"
- In reply to: Tim S: "RE: SSL won't work under Domain User account. MS Fix buletin does not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Oct 2004 03:44:51 -0700
Hi, Thank you for reply. Yes, System Administrators box is checked in Server
Roles.
The problem has to do with proper permissions to read the Certificate. The
Domain User running on SQL Server as System Administrator does not seem to
have permissions to read the Certificate from "Personal" folder in
Certificates MMC. It can only read the certificate if I assign the Domain
User to Administrators group.
Microsoft talks about it in:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314636
But I have service pack 3a installed and it still does not work. According
to Microsoft, service pack 2 was supposed to fix this problem. I tried Win
2000 Srv Standard, Win 2003 Srv Standard, and Enterprise. SQL Server 2000
Standard, and Enterprise. It does not work anywhere. What is wrong with
Microsoft! Should I be thinking about Linux??
"Tim S" <TimS@discussions.microsoft.com> wrote in message
news:1F8E2F3B-454A-4F38-B252-99E8D3EA4C6C@microsoft.com...
> Have you added the "domain User" to the sysadmin SQL role.
>
> example
>
> EXEC sp_grantlogin @loginame = 'Domain\User'
> EXEC sp_addsrvrolemember
> @loginame = 'Domain\User', @rolename = 'sysadmin'
>
>
> Tim S
>
> "Jason Robertson" wrote:
>
> > Hi,
> >
> > I have set up an Active Directory, Certificate Services on Windows 2003
> > Server. I am running SQL 2000 Server. AD and Certificate Services were
> > installed correctly.
> >
> > My goal is to be able to use SSL when connecting to SQL Server via Query
> > Analyzer. I also want to keep the SQL Server installation under a
"Domain
> > User" account with as little privileges as possible.
> >
> > My problem is that SQL Server will not start when "Domain User" is only
a
> > "member of" "Users" group. It starts when I make "Domain User" a "member
of"
> > "Administrators". It seems that the SSL "forced encryption" will only
work
> > with "Administrator" privileges which is the total access to control the
> > server, and this is not safe.
> >
> > Does it mean that SSL "forced encryption" will only work under a "Domain
> > User" that is a "member" of "Administrators"? Is there another "Group"
with
> > limited privileges that I could assign the "Domain User" to?
> >
> > How else could I have the SSL work and SQL server installation in a
"Domain
> > User" account?
> >
> > I have tried so many different things. Wasted one week already. Nothing
> > works. There was some MS bug bulletin saying that this problem was fixed
> > with SQL 2000 service pack 2. I have service pack 3a installed. It still
> > does not work. The log shows the same errors as on the MS fix buletin
that
> > was supposed to be fixed by that sevice pack. I've tried with Windows
2003
> > Srv, Win 2000 Srv. SQL Standard, Enterprise. I just cant get it to run.
Can
> > you offer some more specific clues? It is so depressing and
dissapointing.
> > Here is the MS buletin that I mentioned:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;314636
> >
> > Thank you for your help.
> >
> >
> >
- Next message: Siri: "GRANT permission to lots of tables and sp to db user"
- Previous message: Steve Ricketts: "Re: One Web Service updates SQL, another can't?"
- In reply to: Tim S: "RE: SSL won't work under Domain User account. MS Fix buletin does not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
