Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

MOSS 2007 Setup Accounts

  Asked By: Ronald    Date: Apr 12    Category: Sharepoint    Views: 1844

I'm installing MOSS 2007 Beta2 on a squeaky-clean fully-patched W2K3 server in our one-forest AD native domain. Everything's on one box except SQL Server 2000 SP3a which is on a separate W2K machine. I'm trying to set everything up with security set properly in the first place so I don't have to go back and tighten it down afterwards.

The MS document MOSSPlanSecurity.doc gives some guidelines for setting up accounts to use, and I've carefully followed those (including setting up groups, nesting the accounts in the groups, and granting resource permissions to the groups rather than directly to the users). The installation fails, however, on the creation of the Admin database. The first error in PSCDiagnosticsxxx.log is:

ERR Exception: System.Data.SqlClient.SqlException: CREATE DATABASE permission denied in database 'master'.
The MOSS server and the SQL server are on the same network segment. We don't have named instances on the SQL Server - it just goes by it's netbios name. The SQL Login is a security group that has master as the default database, and is a member of the Security Administrators and Database Creators roles. The login itself is a member of the administrators group on the W2K3 box and the SQL Server box. I'm using NTLM authentication.

There's a great help document that displays when you click on the question mark inside the MOSS setup screen when you're on the 'Specify Configuration Database Settings' page of the configuration wizard. It says:

"The account that you specify for database access must have, at minimum:

The ability to read from and write to the configuration database.
Server-wide permissions (security administrator) in SQL Server.
During creation and adding schema, the account must have DBO permissions.
Additionally, if the configuration wizard is creating a new configuration database, the database access account must have the following permissions:

Create Database
Create Procedure"

I believe that dbo permissions are not explicitly granted, but are assigned during the db creation process. I think the same would apply to Create Procedure. Is this right?

I've even tried granting the group explicit 'create_db' permissions on master, but it had no effect.

There's another entry further down in the log about the server collation. The default collation for the server is SQL_Latin1_General_CP1_C1_AS.



4 Answers Found

Answer #1    Answered By: Kalyan Pujari     Answered On: Apr 12

Make sure that you are logged into the MOSS2007 installation
computer as an account that would have rights to the SQL Server,
i.e. make sure that the account you are putting in for the database
creation is the account you are logged into the machine as.

I ran into this problem, and it wasn't until we ran a SQL Profile
that we could discern what was happening. For some reason, the
local system account was needing access to SQL. It definitely
shouldn't work that way, but it does for some reason.

Answer #2    Answered By: Damon Garner     Answered On: Apr 12

I don't see where you state that
you are using a domain account.

Have you had a look at Bill's excellent install instructions?

Answer #3    Answered By: Alisha Holmes     Answered On: Apr 12

Yes, I've been carefully reviewing instructions. Especially "The database access account will need to be a member of the local admins group on each SharePoint server along with having db_creator and db_security permissions in SQL. I would suggest you have an account setup  just for this purpose in your Active Directory and that you have a strong password associated with this account."

I'm using a domain account to run the setup. It's a member of the local administrator's group on the install server.

I'm also specifying a domain account for the SQL Server account in setup. It's a member of a security group that is a member of a SQL Server roles 'Security Administrators' and 'Database Creators' on the target SQL Server. It's also a member of the local administrator's group on the install server and on the target SQL Server.

Answer #4    Answered By: Laura Walker     Answered On: Apr 12

The setup  account does seem to need access to SQL. I dropped my setup account into my SQLAdmin group (which belongs to the 'Security Administrators' and 'Database Creators' roles), and it was able to create the farm configuration database. That's not in any of the documentation I've seen!

Didn't find what you were looking for? Find more on MOSS 2007 Setup Accounts Or get search suggestion and latest updates.