locked
OCS 2007 & SQL Permissions Issue RRS feed

  • Question

  • Environment:

    SQL 2005 SP2

    OCS 2007 Enterprise

    Windows 2003 SP2 for host servers

     

    Issue:

    We have installed OCS 2007 in our environment, but the OCS software has stopped working.  Here's what I can piece together.  In our environment the OCS database is not stored on the OCS server; it is stored on one of our SQL clusters.  In order to install the database from my OCS server, our DBA had to add the service account to the SA role on the SQL cluster.  After installing the OCS database and finishing the installations, I verified that all OCS services were functioning normally - which they were.  After this verification our DBA removed the OCS service account from the SA role and no changes have been enacted since then.

     

    The services continued to run without issue until our monthly downtime when we patch and reboot all our servers.  After the reboot, OCS services start up but I cannot sign into Communicator.  The OCS event log shows the following:

     

    Connection to back-end database succeeded, but failed to execute registration stored procedure on the back-end. This error should not occur under normal operating conditions. Contact support services.

    Back-end Server: ho1dbc2 Database: rtc Sql native error: 916 Connection string of:

    driver={SQL Server};Trusted_Connection=yes;AutoTranslate=no;server=ho1dbc2;database=rtc;

    Cause: Possible issues with back-end database.

    Resolution:

    Ensure the back-end is functioning correctly.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    This seems to be a permissions issue.  I've verified with our DBA that no permissions were changed on the OCS databsaes, nor were any of the groups removed that the OCS installation adds to the SQL server.  Does OCS require SA rights in order to run properly?

    Tuesday, September 9, 2008 7:01 PM

All replies

  • When the pool is created in SQL a variety of RTC groups are given access to the 3 rtc databases.  These cannot be modified or you will experience exactly what has happened in your case.  The answer to your question is no - RTCService does not need the equivalent of SA rights, but it (and other accounts/groups) need appropriate permissions to the 3 rtc databases.

    Friday, September 12, 2008 7:56 PM
    Moderator