I cannot start SQL Server 2005 transactional replication after I promoted my 2008 Server to a DC.
A required privilege is not held by the client.
This site suggests that I need to change the SQL Server service from my domain account to a local account then back again to the domain account:
http://support.microsoft.com/kb/911305
However I am getting an error upon changing:
Error Code: 0x80070534 No mapping between account names and security IDs was done.
I found this http://social.msdn.microsoft.com/forums/en-US/sqlsetupandupgrade/thread/bf0c1eae-a1fa-4a63-b6a8-c18e81498780/ that suggests I am to delete some registry entries -- however I don't want to delete willy-nilly if I am not sure it will work (also that is part of a Service Pack install). Any ideas?
Interesting problem. I haven't spun up a test instance to reproduce this on my own box, but it looks like there are three registry values stored at the key below that refer to SIDs of groups created by the SQL Server 2005 install:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\Setup
The values are AGTGROUP, FTSGROUP, and SQLGROUP. The groups that had the SIDs used to populate these values were (substituting in your server computer's name and SQL instance name):
SQLServer2005MSSQLUser$SERVER-NAME$INSTANCE-NAME
SQLServer2005MSFTEUsers$SERVER-NAME$INSTANCE-NAME
SQLServer2005SQLAgentUsers$SERVER-NAME$INSTANCE-NAME
I'm guessing that you promoted this box to being a domain controller in an existing domain, rather than creating a brand new domain seeded from this box's own Local Users and Groups (SAM) database.
From what I can see (again, w/o repro'ing this myself), you need to create new groups in the domain for this server, then obtain the SIDs for the new groups and put them into the registry. It looks like a "repair" of the SQL Server install would do this. Have a look at this article from Microsoft Connect: http://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=202561
Search that article for the phrase "One or more SQL security groups were somehow deleted" and read thru the workaround there. It looks like clearing out the old groups and running setup in repair mode will do what you want. I'd trust that better than trying to re-create them by hand like some blog posts and forum posts I've found suggest.
Having said all that, backup, at minimum, that portion of the registry and your databases before you start changing things. Having good backups makes things "just work"... <smile>
User contributions licensed under CC BY-SA 3.0