| john.sinclair@gmail.com 2005-09-13, 3:23 am |
| I've got a VERY perplexing problem....
We noticed a SQL process on our development SQL server (SQL 2k, SP4 on
win2003 sp1) that was connected as "moelocal", which is a local admin
account on the server. The app was query analyser.
I asked the user to use integrated security and not the local account -
turns out he WAS selecting integrated security when he connected.
Query analyser reports in the title bar connected as
moetest.master.& #91;DOMAIN]\moelocal
, NOT the domain users account.
I tried firing up a .Net app from the users PC that connects to the DB
(which uses integrated security), then I executed sp_who. They are
connected as the local user.
The moelocal account is NOT the default administrator account, and it
is not the account SQL server is running as.
The domain user who is connecting is a member of a local group on the
SQL box that is in the system admin role. Just to make sure I
explicitly added the users domain account to the SQL logins and granted
the system admin priviledges.
We turned on auditing and there is an logon success event reporting the
moelocal user connecting from the users PC. We disabled the moelocal
account, and this time query analyser reported "login failed for
MOETest\Guest"
In the event log a failed login showed up for the moelocal account,
followed by the failed login for the guest account.
Why will integrated security not work for this user? Everyone else has
no problems! I tried rebooting their PC, logging on from a different
PC, but they always connect with the moelocal account.
And just to compound things even further, there is another SQL instance
on that server, and the user can connect to the second instance with
integrated security just find.
In desperation I even checked the SID of the domain account, and the
moelocal account. No, they are not the same.
AHHH! What could cause this!!
Any suggestions greatfully recieved.
Cheers,
John
|