No mapping between account names and security IDs was done.[0x80070534]


Problem Description:
-------------------------------

When we try to change the sql server startup account from the SQL server configuration manager (SQL 2005) we get the following error message:
"No mapping between account names and security IDs was done.[0x80070534]"

Resolution:
-----------------
Execute the following procedure which will report the orphan SID's.
The procedure displays the Windows users and groups that no longer exist but are still granted access to an instance of SQL Server.

EXEC sp_validatelogins
GO

*****After executing the above procedure we will get the groups which had the above problem for example:

SQLServer2005MSFTEUser
SQLServer2005MSSQLUser
SQLServer2005SQLAgentUser

*****We then have to delete these groups from the Windows groups and SQL server logins.
*****We then have to recreate the groups in the Windows:

1. SQLServer2005MSSQLUser$XXXXX$YYYYY
2. SQLServer2005MSFTEUser$XXXXX$YYYYY
3. SQLServer2005SQLAgentUser$XXXXX$YYYYY

Here:
SQLServer2005MSSQLUser---------------------------The Group name.
XXXXX---------------------------------------------------Computer name.
YYYYY----------------------------------------------------Instance name.

*****We then have to recreate the groups in the SQL server logins:

1. XXXXX\SQLServer2005MSFTEUser$XXXXX$YYYYY
2. XXXXX\SQLServer2005MSSQLUser$XXXXX$YYYYY
3. XXXXX\SQLServer2005SQLAgentUser$XXXXX$YYYYY

*****We then have to find out the SID's for the newly created groups and then change the registry entries for the groups AGTGROUP,FTSGROUP,SQLGROUP from the following location:
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\Setup

*****You can get the new SID’s by executing the following procedure:

     select * from sys.server_principals

*****Once we are done with the above procedure we can change the startup account for the SQL server in the configuration manager.


Comments (3)
  1. Vitor Monteiro says:

    How about if your SQL Instances fail to start because the accounts are no longer existent and the error occurs?

  2. john brent says:

    the server has switched domains, so i'm trying to switch SQL login acct – get this error when adding the new acct – can't go back to old domain 🙁

Comments are closed.

Skip to main content