I am trying to setup replication but am having the following issues
Publisher:
SQL 2005 SP1 Enterprise Cluster (Active, Passive)
Subscriber:
SQL 2005 SP1 Enterprise
When trying to create a publication or subsubscription running under a Windows Domain account the following error message appears:
Replication-Replication Distribution Subsystem: agent ECHO\ECHO-InsDB-INS_CMS_PUB-HARPO-58 failed. Unable to start execution of step 2 (reason: Error authenticating proxy DETINI\srvRep_user, system error: Logon failure: unknown user name or bad password.). The step failed.
Further in the SQL logs we find that the above message is due to:
[298] SQLServer Error: 22046, Encryption error using CryptProtectData. [SQLSTATE 42000]
It appears that when Credentials for the agent proxy are being created that this message occurs. So when the SP that tries to run the agent (snapshot or distrobution) is called it always returns incorrect password details.
The Credentials do appear to be created, they are visible via SQL Studio, but you can't see the password. Changing the password via SQL Studio does not work as the Credentials are recreated every time.
I have checked the following:
MSDTC is running correctly
The Domain Account has the correct privileges to run these services
Regenerated the Service Master Key
Created Master Keys in each database effected by replication
Ensure SQL Service accounts have access to decrypt the Service Master Key
I can create a Publication and Subscription using the local system account on the cluster
Does anyone have any idea ?
Chris
Chirs,
My testing environment is the same as yours - the publisher/distributer is clustered SQL2005 enterprise with SP1 on windows 2003, and the subscriber is SQL2005 enterprise on 2003 server, and I have got the same error when I was trying to run the creating snapshot job. The only workaround I found was to put the distributor on the same server as the publisher, and use a local directory for shapshot folder, which was not ideal, but at least I could continue with my test. Then I had the same error again when I ran the push distribution job using a domain ammount. I had to change the security to use SQL agent account, which is a domain admin account.
I would like to know how to avoid the error too, since I want the distributor to be on a different machine than the publisher, and limit the rights of the credentials on the production environments.
Ying
No comments:
Post a Comment