SUMMARY
This article contains guidelines and directions that you can use to troubleshoot an 8198 error. However, this article does not contain a complete list of what might cause an 8198 error. Also, some problems may be specific to your environment.
First, this article discusses when an 8198 error might occur. Next, the article provides some information about the xp_Logininfo system stored procedure. Then the article shows you how to troubleshoot an 8198 error.
back to the
topWhen an 8198 error might occur
When you perform an action on an instance of SQL Server that
requires SQL Server to resolve the credentials of a Microsoft Windows NT domain user
account, you may receive an error message that is similar to any one of the
following.
Error message 1
Server: Msg 8198, Level 16, State XX,
Procedure <Stored Procedure Name>, Line <line Number>
Could not
obtain information about Windows NT group/user '<Domain\Account Name>'.
Error message 2
ODBC error 8198
(42000) Could not obtain information about Windows NT group/user
'<Domain\Account Name>'.
Error message 3
The job failed. Unable to determine if the owner
(<Domain\Account Name>) of job <job name> has server access
(reason: Could not obtain information about Windows NT group/user
'<Domain\Account Name>'. [SQLSTATE 42000] (Error
8198)).
To resolve the credentials of a Windows NT domain
user account, SQL Server uses the
xp_logininfo system stored procedure. Here is a list of the common scenarios where you may notice that the
xp_logininfo system stored procedure fails and
causes the 8198 error.
- When you use an xp_sendmail extended stored
procedure.
- When you set up replication.
- When you run a SQL Server Agent job.
back to the
topInformation about the Xp_logininfo system stored procedure
Xp_logininfo is a system stored procedure. The
xp_logininfo system stored procedure is not a SQL
Server extended stored procedure, contrary to its name. The
xp_logininfo system stored procedure invokes several Microsoft Windows API calls to retrieve information about the Windows
domains and the Windows user accounts.
Based on the Windows API call that
caused the failure, the
xp_logininfo system stored procedure may return the 8198 error
with a relevant SQL Server state value. The SQL Server state value indicates the nature of the failure.
SQL
Server may run the
xp_logininfo system stored procedure to retrieve information about the Windows
domains and the user accounts, even if the user does not do so explicitly.
Therefore, if you receive an 8198 error message and the error message mentions
the
xp_logininfo system stored procedure as the procedure, you must use SQL Profiler to trace and
to troubleshoot the exact point of failure.
Every time the
xp_logininfo system stored procedure fails, the 8198 error is raised with a relevant SQL Server state.
Even if the user does not run the
xp_logininfo system stored procedure
explicitly, SQL Server may use the
xp_logininfo system stored procedure to retrieve information
about the Windows domains and the user accounts when it is required. In the following error
message, the
XX value indicates the SQL Server state at the time when the failure occurred.
Server: Msg 8198,
Level 16, State XX, Procedure <Stored Procedure Name>, Line <line
Number>
Could not obtain information about Windows NT group/user
'<Domain\Account Name>'.
The following table lists some of the common
SQL Server state values that you may notice in the error message when an 8198 error
occurs.
|
| 21 | The xp_logininfo extended stored procedure was not run on a
computer that is running a Microsoft Windows NT operating system.
The backslash ("\") character that separates the Windows domain name and the account
name in the Windows account name is missing. |
| 22 | An error occurred when SQL Server queried the Windows operating system to retrieve information about a Windows account name. |
| 24 | When the SQL Server engine queried the Windows operating system to retrieve information about a Windows account name, access was denied. |
| 25 | An error occurred when the SQL Server engine queried the Windows operating system to retrieve information about a Windows account name. |
| 26 | An error occurred when the SQL Server engine queried the Windows operating system to retrieve information about a local Windows group where the Windows user is a member. (Windows user refers to the security context account). |
| 27 | An error occurred when the SQL Server engine queried the Windows operating system to retrieve information about a local Windows group where the Windows user is a member. (Windows user refers to the security context account). |
back to the
topTroubleshooting the 8198 error message
Because the
xp_logininfo system stored procedure may be used
by SQL Server to resolve the credentials of a Windows NT domain user
account, Microsoft recommends that you use SQL Profiler to trace the actual cause
of the error message.
Here is a list of some of the issues that may cause
the 8198 error.
- Network issues.
- An issue with the name of a Windows Local Group or a Windows Global Group.
- A conflict with the EVERYONE group.
- An xp_sendmail extended stored procedure failure.
- A SQL Server Agent Job failure.
- A replication configuration failure.
More information about each issue follows. A suggested resolution for each issue is also provided.
Network issues
You may receive the 8198 error if the SQL Server logon account is in a different Windows domain
than the Windows account that is used to run the stored procedure. To resolve the problem, make sure that the following conditions are true:
- There is a trust relationship between the two Windows
domains.
- The TCP/IP ports that are required to establish the trust are enabled on the two Windows domains.
Note If the relevant ports on the Windows domains are not enabled,
you may still receive the 8198 error, even when a trust relationship exists
between the two domains.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
179442
How to configure a firewall for domains and trusts
To verify whether the conditions that are mentioned earlier are true, test whether you can assign folder permissions on a
computer that is in the domain to users of another domain. If you cannot assign the permissions, the
issue may be network related.
Note If you use Windows Explorer to assign the folder permission to a
user on another domain, make sure that you explicitly select the other domain's
name from the list of domains.
An issue with the name of a Windows Local Group or a Windows Global Group
You may receive the 8198 error when you run the stored procedure by using a Windows user of the Windows Local Group or the Windows Global Group if the Windows Local Group or the Windows Global Group has the same name as any one of the following:
- The Windows domain name.
- The computer name.
- Another Windows domain that has a trusted relationship with
the domain.
To work around this
problem, perform one of the following tasks.
- Change the Windows Local Group name or the Windows Global Group name.
- Remove the user from the Windows Local Group or the Windows Global Group that has the
same name as the Windows domain.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
233161
BUG: Xp_logininfo returns error 8198
You may receive the 8198 error if there is a Windows Local Group or a Windows Global Group that was created by a user who has the same name as the reserved group EVERYONE. The name conflict may cause the authentication of the Windows account to fail.
The reserved group EVERYONE does not appear in the list of
groups that is in the
User Manager for Domains or in the
Computer
Management Windows administration tools. However, if
you manually create a Local group or a Global Domain group and you name it EVERYONE, the EVERYONE group will be in the list of groups in
User Manager for Domains.
To resolve this problem, delete the EVERYONE group that you created manually.
An xp_sendmail extended stored procedure failure
The
xp_sendmail extended stored procedure may fail and return the 8198 error if the client computer that is running the
xp_sendmail extended stored procedure is not in the same domain as the SQL Server computer, and the two domains do not have a trust relationship.
To resolve this problem, perform one of the
following tasks.
- In the client's Windows domain, create a domain user with
the same user name and the same password as that of the SQL Server startup account.
- Add the SQL Server startup account to the Pre-Windows 2000 compatible access groupin the SQL Server clients Windows domain.
For additional information about how to use the
Pre-Windows 2000 Compatible Access group, click the following article number to view the article in the Microsoft Knowledge Base:
303973
HOW
TO: Add users to the Pre-Windows 2000 Compatible Access Group
SQL Server Agent Job failure
You may receive the 8198 error if a SQL Server Agent job that is owned by a Microsoft Windows NT authenticated user fails. This problem may occur when SQL Server is running on a Microsoft Windows 2000 operating system computer, and the computer's domain does not have a
Pre-Windows 2000 Compatible Access Group.
For additional information about this problem and for a suggested workaround, click the following article number to view the article in the Microsoft Knowledge Base:
241643
PRB: 8198 error message returned
from job owned by Windows NT Authenticated User
A replication configuration failure
When you configure replication on an instance of SQL Server, the replication agent may not start. You may receive the 8198 error.
If the replication agent does not start, examine the history of the
SQL Server Agent job that was created for the replication agent job. You may be
able to find the 8198 error logged in the job history.
The following list describes two possible causes for this problem.
- The SQL Server service uses an account that does
not have sufficient administrative credentials on the Windows domain. In this situation,
the xp_logininfo system stored procedure is run by using the security context of the SQL Server service.
Because the account does not have sufficient administrative credentials to enumerate the properties
of the user in the domain, the xp_logininfo system stored procedure fails, and you receive the 8198 error.
To
resolve this problem, change the startup account of the SQL Server service to a
Windows domain account. - The SQL Server services and the SQL Server Agent services on the
Publisher and on the Subscriber use security contexts of different Windows
domains.
To resolve this problem, use either of the following two methods.
- Use the same Windows domain user account to run the SQL Server services and the SQL Server Agent services.
- Create a Windows domain user account on the Publisher and on the Subscriber that have identical user names and passwords.
back to the
top