I have a Windows 2012 Server running SharePoint 2010 using an SQL Server Express locally installed. Unfortunately my logs are currently flooding with message «An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about Windows NT group/user ‘DOMAIN\user’, error code 0x5.» It can be 20 such messages every second!
(…and the ‘DOMAIN\user’ happens to be my personal account.)
Are there a job running that has missing rights? «Qoute from https://serverfault.com/questions/277551/mssqlserver-exception-occurred-while-enqueueing-a-message-in-the-target-queue-e «Try to changing the owner of the jobs to the sa account, on the properties of the job.» If I’m correct the express version of SQL server cannot run jobs? Or is there someone/something that wants access to our AD? Why do that account wants to obtain information about my account 20 times every second?
I do find lot’s of blogs and hints about this task, but I just dont understand the solutions. One says «To repair this, login as one of the SA accounts and grant SA access for the account that needs it.» But what account needs sa access?
asked Sep 15, 2014 at 10:22
1
Change the owner to sa. Here are the steps I took to solve this issue:
-
Right-Click on the database and select properties
-
Click on Files under the
Select a page -
Under the
Owner, but just below the Database Name on the right-hand pane, selectsaas the owner.
ΩmegaMan
29.6k12 gold badges100 silver badges123 bronze badges
answered Aug 21, 2017 at 10:09
olasammyolasammy
6,7364 gold badges26 silver badges32 bronze badges
6
In my case, sa was not the owner of the DB, I was. When I tried to execute CLR configuration that required sa privileges, I got the error too.
The solution:
USE MyDB
GO
ALTER DATABASE MyDB set TRUSTWORTHY ON;
GO
EXEC dbo.sp_changedbowner @loginame = N'sa', @map = false
GO
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'clr enabled', 1;
GO
RECONFIGURE;
GO
I used help from the db team at work and this post to find the answer.
starball
22.1k8 gold badges47 silver badges285 bronze badges
answered Nov 17, 2014 at 21:46
Chaim EliyahChaim Eliyah
2,7734 gold badges24 silver badges37 bronze badges
7
In my case the owner of the database was a domain account Domain\Me.
The error message was
Error: 15404, State: 19. Could not obtain information about Windows NT
group/user ‘Domain\MyAccount’
The problem was that the database didn’t know what to do with the domain account — so the logical thing to do was to use a local account instead.
I tried changing the owner of the database, but things still wouldn’t work correctly.
In the end I dropped and recreated the entire database MAKING SURE THAT THE OWNER WAS SA
I also set the Broker to Enabled in the settings
Thing started magically working after this
answered May 6, 2015 at 11:38
2
No Domain Authentication
Failure was ultimately due to the fact that it was not able to authenticate when I was not vpn-ed into the corporate network.
For I was connecting to a local db on my work laptop, however the User ‘DOMAIN\user’ needed to be authenticated by AD on the corporate network.
Error was resolved as soon as I reconnected and refreshed; the error disappeared.
ΩmegaMan
29.6k12 gold badges100 silver badges123 bronze badges
answered Jun 26, 2020 at 7:59
Ameet BhatAmeet Bhat
911 silver badge1 bronze badge
1
to do a bulk update for all databases, run this script and then execute its output:
SELECT 'ALTER AUTHORIZATION ON DATABASE::' + QUOTENAME(name) + ' TO [sa];'
from sys.databases
where name not in ('master', 'model', 'tempdb')
answered Mar 26, 2018 at 17:05
avs099avs099
11k6 gold badges60 silver badges110 bronze badges
I had this error from a scheduled job in sql Server Agent, in my case, just after I changed the hostname of the Windows Server. I had also ran sp_dropserver and sp_addserver. My database was owned by «sa», not a Windows user.
I could login into SQL as the Windows user NEWHOSTNAME\username (I guess after a hostname change, the SID doesn’t change, that’s why it worked automatically?).
However, in SQL, in Security/Logins node, I had SQL logins defined as OLDHOSTNAME\username. I connected to SQL using «sa» instead of Windows Integrated, dropped the old logins, and create new ones with NEWHOSTNAME\username.
The error disappeared.
answered Jan 11, 2016 at 14:26
Thierry_SThierry_S
1,5361 gold badge16 silver badges25 bronze badges
I was having the same problem. In my case it was due to the fact that my machine was part of a domain, but I was not connected to the company VPN. The problem was solved after connecting to the VPN (so the domain user could be resolved by the SQLAgent).
answered Mar 1, 2021 at 13:41
erionpcerionpc
3783 silver badges16 bronze badges
I had the same issue where my domain login was not being recognized. All I did was go into the SQL Server configuration manager and start the services as Network Services instead of a local service. The sql server / agent was then able to recognize the AD logins for the jobs.
answered Jun 14, 2019 at 12:42
HaliHali
413 bronze badges
In my case, it was VPN issue. When I turned on the VPN to connect with my office network & then tried to start the snapshot agent again, it started successfully.
answered Oct 29, 2019 at 18:37
Ankush JainAnkush Jain
5,6944 gold badges32 silver badges57 bronze badges
2
I was facing the same issue.
Fix for me was changing the log-on from NT User to global user in Sql Server Configuration Manager => Sql Server Service => Sql Server Agent => Properties => Account name.
answered Apr 4, 2020 at 9:10
Jitan GuptaJitan Gupta
4646 silver badges18 bronze badges
You should be connected with your domain. (VPN)
answered Feb 8, 2022 at 8:53
WouterWouter
2,56019 silver badges31 bronze badges
May 6, 2020 by Kenneth Fisher
This is an interesting error that you’ll occasionally get when accessing an AD/Windows ID.
Msg 15404, Level 16, State 11, Line 6
Could not obtain information about Windows NT group/user ‘SQL2019TESTENV\Dopey’, error code 0x534.
Pretty simple reason here. The AD/Windows group/user no longer exists (or is inaccessible) but the entry for it exists inside of SQL.
Now what do I mean by “accessing”? Well the easiest way to get the error is to try to impersonate the id.
EXECUTE AS LOGIN = 'SQL2019TESTENV\Dopey'; EXECUTE AS USER = 'SQL2019TESTENV\Dopey';
I’ve most frequently seen this happen when someone has left the company (or a service account is removed for whatever reason) and the corresponding SQL principals (logins & users) have not been removed.
When this can get really interesting when you go to look up the name in AD/Windows and it’s still there!?! Basically what’s happened is that the SID has changed at the AD/Windows level. I believe this can happen when removing/re-adding an id but when I tested in Windows dropping and re-creating the Id gave me the same SID. I could be missing something though. Regardless the SID in SQL no longer has a match in AD/Windows.
Now that we have the error what do we use to fix it? Well, if the Id is gone and is supposed to be gone drop your associated logins and users. If on the other hand the Id still exists but the SID doesn’t match anymore it’s a bit more complicated.
First script the login (server principal) and all of it’s server level role memberships and permissions then drop and re-create it. Generally I use my sp_SrvPermissions stored procedure for this. You do not have drop any users (database principals). You will have to do the following in each of the databases were a related user exists.
ALTER USER Dopey WITH LOGIN = 'Dopey'
This will change the SID of the user to match the login.
To the best of my knowledge this can also happen with Azure SQL databases and AAD although I haven’t tested it yet.
Category: Microsoft SQL Server, Security, SQLServerPedia Syndication
| Tags: Microsoft SQL Server, security
I have a Windows 2012 Server running SharePoint 2010 using an SQL Server Express locally installed. Unfortunately my logs are currently flooding with message «An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about Windows NT group/user ‘DOMAIN\user’, error code 0x5.» It can be 20 such messages every second!
(…and the ‘DOMAIN\user’ happens to be my personal account.)
Are there a job running that has missing rights? «Qoute from https://serverfault.com/questions/277551/mssqlserver-exception-occurred-while-enqueueing-a-message-in-the-target-queue-e «Try to changing the owner of the jobs to the sa account, on the properties of the job.» If I’m correct the express version of SQL server cannot run jobs? Or is there someone/something that wants access to our AD? Why do that account wants to obtain information about my account 20 times every second?
I do find lot’s of blogs and hints about this task, but I just dont understand the solutions. One says «To repair this, login as one of the SA accounts and grant SA access for the account that needs it.» But what account needs sa access?
asked Sep 15, 2014 at 10:22
1
Change the owner to sa. Here are the steps I took to solve this issue:
-
Right-Click on the database and select properties
-
Click on Files under the
Select a page -
Under the
Owner, but just below the Database Name on the right-hand pane, selectsaas the owner.
ΩmegaMan
29.6k12 gold badges100 silver badges123 bronze badges
answered Aug 21, 2017 at 10:09
olasammyolasammy
6,7364 gold badges26 silver badges32 bronze badges
6
In my case, sa was not the owner of the DB, I was. When I tried to execute CLR configuration that required sa privileges, I got the error too.
The solution:
USE MyDB
GO
ALTER DATABASE MyDB set TRUSTWORTHY ON;
GO
EXEC dbo.sp_changedbowner @loginame = N'sa', @map = false
GO
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'clr enabled', 1;
GO
RECONFIGURE;
GO
I used help from the db team at work and this post to find the answer.
starball
22.1k8 gold badges47 silver badges285 bronze badges
answered Nov 17, 2014 at 21:46
Chaim EliyahChaim Eliyah
2,7734 gold badges24 silver badges37 bronze badges
7
In my case the owner of the database was a domain account Domain\Me.
The error message was
Error: 15404, State: 19. Could not obtain information about Windows NT
group/user ‘Domain\MyAccount’
The problem was that the database didn’t know what to do with the domain account — so the logical thing to do was to use a local account instead.
I tried changing the owner of the database, but things still wouldn’t work correctly.
In the end I dropped and recreated the entire database MAKING SURE THAT THE OWNER WAS SA
I also set the Broker to Enabled in the settings
Thing started magically working after this
answered May 6, 2015 at 11:38
2
No Domain Authentication
Failure was ultimately due to the fact that it was not able to authenticate when I was not vpn-ed into the corporate network.
For I was connecting to a local db on my work laptop, however the User ‘DOMAIN\user’ needed to be authenticated by AD on the corporate network.
Error was resolved as soon as I reconnected and refreshed; the error disappeared.
ΩmegaMan
29.6k12 gold badges100 silver badges123 bronze badges
answered Jun 26, 2020 at 7:59
Ameet BhatAmeet Bhat
911 silver badge1 bronze badge
1
to do a bulk update for all databases, run this script and then execute its output:
SELECT 'ALTER AUTHORIZATION ON DATABASE::' + QUOTENAME(name) + ' TO [sa];'
from sys.databases
where name not in ('master', 'model', 'tempdb')
answered Mar 26, 2018 at 17:05
avs099avs099
11k6 gold badges60 silver badges110 bronze badges
I had this error from a scheduled job in sql Server Agent, in my case, just after I changed the hostname of the Windows Server. I had also ran sp_dropserver and sp_addserver. My database was owned by «sa», not a Windows user.
I could login into SQL as the Windows user NEWHOSTNAME\username (I guess after a hostname change, the SID doesn’t change, that’s why it worked automatically?).
However, in SQL, in Security/Logins node, I had SQL logins defined as OLDHOSTNAME\username. I connected to SQL using «sa» instead of Windows Integrated, dropped the old logins, and create new ones with NEWHOSTNAME\username.
The error disappeared.
answered Jan 11, 2016 at 14:26
Thierry_SThierry_S
1,5361 gold badge16 silver badges25 bronze badges
I was having the same problem. In my case it was due to the fact that my machine was part of a domain, but I was not connected to the company VPN. The problem was solved after connecting to the VPN (so the domain user could be resolved by the SQLAgent).
answered Mar 1, 2021 at 13:41
erionpcerionpc
3783 silver badges16 bronze badges
I had the same issue where my domain login was not being recognized. All I did was go into the SQL Server configuration manager and start the services as Network Services instead of a local service. The sql server / agent was then able to recognize the AD logins for the jobs.
answered Jun 14, 2019 at 12:42
HaliHali
413 bronze badges
In my case, it was VPN issue. When I turned on the VPN to connect with my office network & then tried to start the snapshot agent again, it started successfully.
answered Oct 29, 2019 at 18:37
Ankush JainAnkush Jain
5,6944 gold badges32 silver badges57 bronze badges
2
I was facing the same issue.
Fix for me was changing the log-on from NT User to global user in Sql Server Configuration Manager => Sql Server Service => Sql Server Agent => Properties => Account name.
answered Apr 4, 2020 at 9:10
Jitan GuptaJitan Gupta
4646 silver badges18 bronze badges
You should be connected with your domain. (VPN)
answered Feb 8, 2022 at 8:53
WouterWouter
2,56019 silver badges31 bronze badges
Have you ever changed Server name on which SQL Server instance is installed? One of my friends changed the hostname of a Windows server with SQL Server already installed. After this, the SQL Server maintenance plan jobs started to fail. As we know, internally SQL Server still shows the old hostname this must be dropped manually. Otherwise your SQL Server maintenance plan jobs fail with this error.
The Job failed: Could not obtain information about Windows NT group/user 'XXXXXX\Administrator', error code 0x534. [SQLSTATE 42000] (Error 15404))
In this post, I will show you the procedure to resolve the errors and execute the SQL Server Agent Maintenance Plan jobs successfully. Below is the error screenshot showing job failure in the SQL Server agent logs. The error is highlighted in the image in red.
First, connect to your SQL Server instance with SQL Server Management Studio and run the below queries to check SQL Server name:
use master
select @@SERVERNAME -- The current hostname SQL Server recorded
select SERVERPROPERTY('machinename') -- The hostname the operating system recorded
In the below screenshot, the server name and machine name are different.
Run the below shown T-SQL scripts to drop the old server name, and then it add back the SERVERNAME to match the operating system’s hostname.
In the below screenshot, first we dropped old server name.
In the below screenshot, we have added new server name using T-SQL.
Now, log into the SQL Server with a “sysadmin” privileged user. Go to SQL Server logins, and you can still see the oldServername\administrator login bound with the SQL Server engine.
Drop the login “OldServername\administrator” and create a new windows login as “NewServername\administrator”, adding the sysadmin Server role.
CREATE LOGIN [NewServername\administrator] FROM WINDOWS; GO EXEC sp_addsrvrolemember N'NewServername\administrator', N'sysadmin';
In the below screenshot, we have added “DB01\administrator” login.
The owner of the job associated with maintenance plan is OldServername\administrator. We need to reset the ownerid using the below T-SQL Update query.
Now, We need to reset the owner of the job associated with the maintenance plan by running the below T-SQL query. In below screenshot, reset the owner of the job.
Right click on SQL Server job and select properties and change the owner of job to “sa” login.
Delete old maintenance plan and re-create the maintenance plan. Right click and click execute maintenance plan. You can see maintenance plan executed successfully. J
Regards,
Ganapathi varma
Senior SQL Engineer, MCP
Email: Gana20m@gmail.com
== I asked this question directly to Remus and wanted to share the response to all of those people using this forum ==
We recently moved our database server from SQL Server 2000 to SQL Server 2005. All applications on our intranet development server stay the same [VS.NET 2003], but recently resources in our Dev DB server ran out of space. While doing a thorough investigation, I noticed ERRORLOG file was occupying about 35 Gig of HDD space. I immediately checked SQL Server error log and noticed an entry which says –
===========================================================================================
Date 7/7/2006 4:45:37 PM
Log SQL Server (Current — 7/7/2006 4:45:00 PM)
Source spid77s
Message
The activated proc [dbo].[SqlQueryNotificationStoredProcedure-5eaf8465-d0cb-4be7-93b6-44bb979dd41c] running on queue BW_Content.dbo.SqlQueryNotificationService-5eaf8465-d0cb-4be7-93b6-44bb979dd41c output the following: ‘Could not obtain information about Windows NT group/user ‘BWCINC\HoffK’, error code 0x534.’
===========================================================================================
What is this SqlQueryNotificationService in my database? Is it a SQL Server 2005 thing? Why the same kind of stored procedure does not exist in other databases, but BW_Content? This error is getting repeated most probably every second and is filling up our server.
I believe our corporate IT people removed our domain accounts from BWCINC domain to BWCORP domain and probably some application which is using BWCINC\HoffK credential is getting errored out. I tried to locate this application and was not successful.
Is there anyway that I can stop this ERRORLOG from growing? How can I delete these log entries so that I can make space on our Hard Drive? Is there an easy way in SQL Server 2005 to locate which application is creating this error?
Response from Remus:
The ‘SqlQueryNotificationService-…’ is the service created by SqlDependency when you call SqlDependency.Start (). The problem you describe appears because the ‘dbo’ user of the database is mapped to the login that originally created this database. The SqlDependency created queue has an EXECUTE AS OWNER clause, owner is ‘dbo’ and therefore this is equivalent to an EXECUTE AS USER = ‘dbo’. The error you see is reported by the domain controller when asked to give information about the original account ‘dbo’ mapps to (that is, BWCINC\HoffK’): Error code: (Win32) 0x534 (1332) — No mapping between account names and security IDs was done.
To find the databases that have this problem, run this query:
select name, suser_sname(owner_sid) from sys.databases
The databses that have the problem will show NULL on the second column.
To remove the entries, use sp_cycle_errorlog to force a new errorlog file, then delete the huge log file.
—————————————
I got this error in SQL Error Log once and the growth of ERRORLOG was stopped.
===============================================================
Date 7/10/2006 1:16:55 PM
Log SQL Server (Current — 7/10/2006 1:17:00 PM)
Source spid20s
Message
The query notification dialog on conversation handle ‘{6BDE95F7-0EFB-DA11-9064-000C2921B41B}.’ closed due to the following error: ‘<?xml version=»1.0″?><Error xmlns=»http://schemas.microsoft.com/SQL/ServiceBroker/Error»><Code>-8490</Code><Description>Cannot find the remote service 'SqlQueryNotificationService-c15bb868-ed56-47d2-bf91-ce18b320989a' because it does not exist.</Description></Error>’.
===============================================================
Should I be concerned about this error?
Thanks
-Binoy