Troubleshooting
Problem
Data Protection for Microsoft SQL is configured with "SQLAUTHentication SQLuserid". A Data Protection scheduler is configured to run under the LocalSystem account. The schedule fails with the ACO5424E error.
Symptom
The following errors are logged in the Data Protection for MS SQL log file :
02/17/2014 10:39:58 Error trying to obtain registry information. The default values for/SQLUSer and /SQLPassword will be used.
02/17/2014 10:39:58 ACO5424E Could not connect to SQL server; SQL server returned:
02/17/2014 10:39:58 Failed to connect to server <SQL SERVER NAME>.
02/17/2014 10:39:58 Login failed for user 'sa'. (HRESULT:0x80131501)
Cause
The encryption/decryption of the password is based on the currently logged in windows account. The scheduler will need to decrypt the password using the same Windows Account that stored the password (the account the MMC GUI ran under when setting the SQL Login value).
Resolving The Problem
With Data Protection for Microsoft SQL V5, the SQL User name and Password credentials were saved in the Windows registry, allowing for scheduler to run under the LocalSystem account when using either Windows authentication or SQLUSERID authentication mode.
Starting with Data Protection for Microsoft SQL V6, the SQL User name and Password credentials are no longer saved in the Windows registry. To provide a deeper encryption of the SQL User name and Password, credentials are configured in the DP for SQL Management Console and are saved in the C:\Program Files\Tivoli\FlashCopyManager\SqlLoginSettings.xml file.
The Windows account that is used when configuring the SQL User name and Password credentials must be the same account that is used to run the Data Protection for Microsoft SQL schedule. See example below.
1. Logon with the "tsmadmin" Windows account. Start the DP for SQL Management Console
2. In the console, select the SQL server and click on "Properties...". For example :
3. From the "Data Protection Properties - SQL Server - <name>" window, select the "SQL Login" page and configure the SQL User name and Password. For example :
4. In this example, the SQL user name is "sqladmin"
5. Access the Data Protection for Microsoft SQL scheduler service properties and select "This account" radio button and specify the same Windows account that was used to save the SQL User name and Password from the DP for SQL Management console. In this example, the user was logged on as "tsmadmin" when the DP for SQL Management console was used to save the SQL credentials. Therefore the scheduler service must also be run under "tsmadmin". For example :
Note that for any scheduled task with the Data Protection for SQL that uses SQLUSERID authentication mode, it is necessary to run the schedule (Run As) using the same Windows account that was used with the MMC. This includes the Tivoli Storage Manager scheduler service, a schedule configured within the FlashCopy Manager MMC (which uses the Windows Task Scheduler), or the SQL Agent scheduler, etc.
When using Windows Authentication, the Data Protection for SQL connects to the SQL server as the local system account unless the Run As option is specified in the FlashCopy Manager scheduler wizard. Thus, this problem can be avoid by using Windows Authentication without the "Run As" option for the schedule.
Related Information
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21665077