Share via

Unable to change the service account of a clustered SQL Server instance - "the server threw exception 0x80010105”

  • Article

One of the most common issues related with SQL Server service accounts, is that they run with high privileges. This is often due to lack of understanding of how the dependencies on security and permissions on SQL Server. This may cause risk able scenarios for highly sensitive databases. Often these databases also have demands for high availability, so making a change to adjust this risk is something that many people is hesitating about. The following article explains the proper rights for SQL Server service accounts.

https://technet.microsoft.com/en-us/library/ms143504.aspx

While changing service account to a new domain user by SQL Server Configuration Manager in a clustered SQL Server instance, “the server threw exception 0x80010105” may arise. This error comes from Windows side, since the new account can not reach out to the resource of cluster by making COM calls.

To solve this issue:

  1. Be sure that Everyone is added to "Remote Launch" & "Remote Activation" DCOM permissions.
  2. Be sure that new domain user account have read rights in WMI.

           (WINMGMTS:\\.\root\Microsoft\SqlServer\ComputerManagement10)(for SQL Server 2008 R2).

           (WINMGMTS:\\.\root\Microsoft\SqlServer\ComputerManagement11)(for SQL Server 2012).

To give this right:

Login with administrative privileges to SQL Cluster nodes.

Click Start, type mmc in the Search programs and files box, and then press ENTER.

On the File menu, click Add/Remove Snap-in.

Under Available snap-ins, double-click WMI Controls, and then:

  • Select the computer that you manage. Connect to: select Local Computer, click Finish. Click OK.
  • On Console Root tree, select WMI Controls, right click, select Properties, then go to Security tab, locate root\Microsoft\SqlServer\ ComputerManagement10 (or 11 for SQL Server 2012) namespace then click Security.
  • Add new domain user to Group or Users Names
  • Select new domain user in Group or Users Names and Allow Read Security for the Permissions of new account, click OK.

 

Belkis