Microsoft KB Archive/159792

= BUG: Non-SA CmdExec Task Run on Domain Controller Causes Error =

Article ID: 159792

Article Last Modified on 6/30/2006

-

APPLIES TO


 * Microsoft SQL Server 6.5 Standard Edition

-



This article was previously published under Q159792



BUG #: 17065 (6.5)



SYMPTOMS
If a non-system administrator (SA) login creates and runs a CmdExec task on a domain controller, the following error will occur in both the task history and the Application log of Windows NT's Event Viewer:

A problem occurred while attempting to logon as the Windows NT user

'SQLExecutiveCmdExec': Logon failure: unknown user name or bad password.



WORKAROUND
To work around this problem, do one of the following:


 * 1) Rename the machine name of the domain controller to match the domain name. Note that this solution will only work for one SQL Server on a domain.
 * 2) Reinstall Windows NT Server as a server in the domain, instead of as a domain controller.
 * 3) Run a Transact-SQL task that runs xp_cmdshell after installing Service Pack 5a for Microsoft SQL Server 6.5.



STATUS
Microsoft has confirmed this to be a problem in Microsoft SQL Server version 6.5. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.



MORE INFORMATION
Microsoft SQL Server version 6.5 is not recommended for installation on a primary domain controller (PDC) or a backup domain controller (BDC), because these computers perform the resource-intensive tasks of maintaining and replicating the domain's security accounts database and performing network login authentications.

If you enable security auditing for logon or logoff failures, you will see event 529, indicating a logon failure, for the SQLExecutiveCmdExec account, as in the following example:

Logon Failure:

Reason: Unknown user name or bad password

User Name: SQLExecutiveCmdExec

Domain: NTServerName

Logon Type: 4

Logon Process: Advapi

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Workstation Name: NTServerName

Additionally, a similar error occurs when xp_cmdshell is run by non-system administrator (SA) logins.

Additional query words: 1326 privilege tsql t-sql trans-sql

Keywords: kbbug kbother KB159792

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.