BUG: IsAlive check does not run under the context of the BUILTIN\Administrators account in SQL Server 2000 Enterprise Edition (291255)
The information in this article applies to:
- Microsoft SQL Server 2000 Enterprise Edition
This article was previously published under Q291255
BUG #: 352513 (SHILOH_BUGS)
SYMPTOMS
In SQL Server 2000 Books Online, under the "Usage Considerations" heading in the "Creating a Failover Cluster" topic, the following is mentioned:
You should not remove the BUILTIN\Administrators account from SQL Server. The IsAlive thread runs under the context of the cluster service account, and not the SQL Server service account. The cluster service must be part of the administrator group on each node of the cluster. If you remove the BUILTIN\Administrators account, the IsAlive thread will no longer be able to create a trusted connection, and you will lose access to the virtual server.
In SQL Server 2000, the IsAlive check will still succeed if you remove the BUILTIN\Administrators account. This is true if the service account that the cluster service runs under can log on to a computer that is running SQL Server for the IsAlive check. The SQL Server resource DLL (Sqsrvres.dll) runs in the context of the Microsoft Cluster Server (MSCS) service account, not the BUILTIN\Administrators account. If the service cannot log on to a computer that is running SQL Server, the IsAlive check fails and causes a failover to occur. For additional information on how the BUILTIN\Administrator group and cluster service account are utilized in a cluster, click the article number below
to view the article in the Microsoft Knowledge Base:
263712 INF: How To Prevent Windows NT Administrators From Administering a Clustered SQL Server
STATUS
Microsoft has confirmed this to be a problem in SQL Server 2000.
| Modification Type: | Minor | Last Reviewed: | 4/6/2006 |
|---|
| Keywords: | kbtshoot kbBug kbpending KB291255 kbAudITPRO kbAudDeveloper |
|---|
|