Setting Farm Accounts as ProfileDB DBO

Sep 19, 2010 at 8:38 PM

Hi,

First thanks for the great script!

When I run the script I recieve the following error:

- Fixing SQL ownership for profile database: sp.domain.local\test_ProfileDB.
..
Exception calling "ExecuteNonQuery" with "0" argument(s): "Cannot find the prin
cipal 'Domain\sp_farm', because it does not exist or you do not have permissio
n."
At C:\SP2010\Scripted\AutoSPInstaller.ps1:1089 char:43
+                       $sqlCmd.ExecuteNonQuery <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

 

After this has run, I am unable to start the User Profile Synchronization Service.

The script is being run as a setup account which has SecurityAdmin and DBCreator rights on the SQL server. All of the databases are being created fine.

The SQL server is running on the same server where SP2010 is being installed, the setup account is a local administrator of this server too.

Do you have any thoughts on why the AutoSPInstaller script would be causing this issue?

Kind Regards,

James

Sep 22, 2010 at 3:05 PM

same situation here:

script run as spinstall user with securityadmin and dbcreator rights on the remote sql server

rest of the script with all services enabled runs fine

#####################################################################################################

- Fixing SQL ownership for profile database: DEVDB05\SHAREPOINT\DEVSP01_UserProfile_ProfileDB...
Exception calling "ExecuteNonQuery" with "0" argument(s): "Cannot find the principal 'dev\spadmin', because it does not exis
t or you do not have permission."
At D:\Temp\AutoSPInstaller\SP2010\Scripted\AutoSPInstaller.ps1:1089 char:43
+                       $sqlCmd.ExecuteNonQuery <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

- Checking User Profile Synchronization Service...

 - Starting User Profile Synchronization Service...Started!
 - Provisioning User Profile Sync Service, please wait (up to 15 minutes).........................................................
..................................................................................................................................
- User Profile Synchronization Service could not be started!
- Creating State Service Application...

#####################################################################################################

does the install user require more rights on the sql box?

 

Update:

tested with granting spinstall the sysadmin role

the output of the function changed to

#############################################################

- Fixing SQL ownership for profile database: DEVDB05\SHAREPOINT\DEVSP01_UserProfile_ProfileDB...
-1
- Checking User Profile Synchronization Service...

#############################################################

checking the sql ownership of the profile db it says

user: dbo

default schema: dbo

 

any ideas?

kind regards,

dreamkp

 

Coordinator
Sep 22, 2010 at 4:24 PM

Hey guys, have a look at these requirements from http://technet.microsoft.com/en-us/library/ee662513.aspx for the Installation Account:

  • Domain user account.
  • Member of the Administrators group on each server on which Setup is run.
  • SQL Server login on the computer that runs SQL Server.
  • Member of the following SQL Server security roles:
  •   securityadmin fixed server role
  •   dbcreator fixed server role
  • If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.

It's this last one that's crucial I think - since we are running powershell against the DB to change the schema for the Farm Account. So granting the Install Account sysadmin for the SQL instance would take care of this. We could probably get away with less but...

Cheers

Brian