Tuesday, June 17, 2014

SharePoint 2013: Login failed for user 'DOMAIN\SERVER$'

Our DBAs kept seeing error messages in their SQL Server log as follows:

Login failed for user 'DOMAIN\SERVER$'. Reason: Could not find a login matching the name provided. [CLIENT: xx.255.222.22]
There was an entry for almost all of the SharePoint servers in the farm. It seemed to occur three times per day at the same times: 5:32am, 1:32pm, and 9:32pm.

I looked in the Event Viewer of one of the servers and located the error there too:

SQL database login for 'SPS_SharePointConfig' on instance 'SPSQLSERVER' failed. Additional error information from SQL Server is included below.
Login failed for user 'DOMAIN\SERVER$'.


Using the Correlation ID in the Event Viewer item , I searched through the ULS Logs.

 
 
I found several items in the SharePoint ULS logs:

SQL database login for 'SPS_SharePointConfig' on instance 'SPSQLSERVER' failed.
powershell (0x03AC) 0x1324 SharePoint Foundation Upgrade SPUpgradeSession ajxme ERROR CanUpgrade [SPConfigurationDatabase] failed.

Essentially, the timer job attempts to run an upgrade check using a PowerShell call. For some reason, the PowerShell call does not run as the timer job account but yet the local system account (hence the DOMAIN\SERVER$).

Those local accounts do not have permissions to run PowerShell commands against the SharePoint farm. Therefore one must allow access to these local accounts by adding them as "Shell Admins":

Get-SPDatabase | Add-SPShellAdmin -UserName DOMAIN\SERVER$


This allows the local system account to run shell commands against each SharePoint database.

Once I issued this for each server in the farm, there were no more SQL Server log entries! The DBAs were very happy!



 

3 comments:

  1. Thank you. This resolved an upgrade problem we had been experiencing for a week!

    ReplyDelete
  2. Thanks for sharing this!

    ReplyDelete
  3. get-spdatabase | where {$_.name -match "config"} | add-spshelladmin -username "$env:USERDNSDOMAIN\$env:computername$"

    ReplyDelete

Matched Content