SQLServerWiki

“The Only Thing That Is Constant Is Change”

Another issue with applying patch for SQL Server 2005 on a cluster.

Posted by database-wiki on October 5, 2011

Issue:

=====

Action Done: applying KB953752 on a SQL Server 2005 clustered environment.

From Summary:
***********************************************************************************************************************************
Product Installation Status

Product : SQL Server Database Services 2005 (MSSQLSERVER)

Product Version (Previous): 3050

Product Version (Final) :

Status : Failure

Log File : C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB953752_sqlrun_sql.msp.log

Error Number : 29512

Error Description : MSP Error: 29512 SQL Server Setup was unable add user MBBS\SQLServ2005MCPDev to local group MBBS\SQL – DB Services- Admin.

***********************************************************************************************************************************

From SQL9_Hotfix_KB953752_sqlrun_sql.msp.log:

<Func Name=’Do_sqlGroupMember’>

Local group MBBS\SQL – DB Services – Admin doesn’t exist

Failure adding user MBBS\SQLServ2005MCPDev to local group MBBS\SQL – DB Services – Admin (5)

Error Code: 0x80070005 (5)

Windows Error Text: Access is denied.

Source File Name: sqlca\sqlsecurityca.cpp

Compiler Timestamp: Tue Aug 5 00:45:01 2008

Function Name: Do_sqlGroupMember

Source Line Number: 1145

The error is clear. We are install the patch logged in
using sql server startup account MBBS\SQLServ2005MCPDev. This account is not there in the group “MBBS\SQL – DB Services – Admin” which we checked. We added and logged off and logged in and the installation completed. We tried failover and it was also fine after the reboot.

Explanation:
=========

During the SQL server cluster installation after the screen “service account” we will be prompted with screen “Domain groups for clustered Services”.

Setup says:
========

The startup account for each clustered service will be added to the DomainName\GroupName to set its access control. Enter the name of
existing DomainName\GroupName for each clustered service being installed.

The Service Account dialog box is identical to the one you see when you install SQL Server 2005 on a non-cluster, and it is configured the same. Click Next to proceed.

In this dialog box, you must select pre-existing global domain groups that are used to contain the startup account for each
clustered service. You can choose to add all three services to the same global domain group, or to create separate global domain groups, one for each service, as has been done above. Once you have selected appropriate domain groups, click
Next to proceed.

We checked the function Do_sqlGroupMember in the code:
===========================================
Each and everytime we install a patch for sql server 2005 the installation will drop and re add the startup account of SQL server,
SQL server agent and full-text search. This is by design.
Do_sqlGroupMember will added the startup account to the group. Other function like Do_dropmember for removing the member… etc etc
are available in the main code.

NOTE:

=====

In the above issue the group existed in the Active Directory but the account was missing in the group, we added the account to the
group and ran gpupdate /force from the cmd prompt on all the nodes. Finally reapplied the patch.

This issue is applicable for all the patches of SQL Server 2005 on a cluster like GDR’s, SERVICE PACK’s, CUMULATIVE UPDATE’s.

In order to change the DomainName\GroupName we need to manipulate the registry and it’s not advisable.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: