Unable to determine if the owner (Domain\UserName) of job JOB_NAME has server access

早上巡检的的时候，发现一数据库的作业报如下错误（作业名等敏感信息已经替换），该作业的OWNER为一个域账号： JOB RUN: 'JOB_NAME' was run on 2016-6-1 at 7:00:00 DURATION: 0 hours, 0 minutes, 1 seconds STATUS: Failed MESSAGES: The job failed. Unable to determine if the owner (Domain\UserName) of job JOB_NAME has server access (reason: Could not obtain information about Windows NT group/user 'Domain\UserName', error code 0x2095. [SQLSTATE 42000] (Error 15404)). 在SQL Server Agent错误日志里面，你会看到如下错误信息：

Date 2016/6/1 7:10:01 Log SQL Server Agent (Current - 2016/6/1 8:40:00) Message [298] SQLServer Error: 15404, Could not obtain information about Windows NT group/user 'Domain\UserName', error code 0x2095. [SQLSTATE 42000] (ConnIsLoginSysAdmin) 关于15404的错误的官方介绍如下所示。具体参考下面链接信息 [align=left]

Details[/align]

Product Name	SQL Server
Event ID	15404
Event Source	MSSQLSERVER
Component	SQLEngine
Symbolic Name	SEC_NTGRP_ERROR
Message Text	Could not obtain information about Windows NT group/user 'user', error code code.

[align=left]

[/align] Explanation

15404 is used in authentication when an invalid principal is specified. Or, impersonation of a Windows account fails because there is no full trust relationship between the SQL Server service account and the domain of the Windows account.

[align=left]

User Action[/align]

Check that the Windows principal exists and is not misspelled.

If this error is the result of a lack of a full trust relationship between the SQL Server service account and the domain of the Windows account, one of the following actions can resolve the error:

Use an account from the same domain as the Windows user for the SQL Server service.

If SQL Server is using a machine account such as Network Service or Local System, the machine must be trusted by the domain containing the Windows User.

Use a SQL Server account.

具体来说，是因为当SQL Server实例不能访问AD Server，因为AD Server出现了异常，导致SQL Server服务（本地Windows用户帐户）试图验证AD中的用户“域\用户名”，但是无法验证，因为它没有正确的/权限访问AD资源。 The SQL Server service (a local Windows user account) was trying to authenticate the user "domain\userName" in AD, which it could not do because it does not have the right/permission to access AD resources. 另外关于15404错误，其实有多种可能性，根据具体的代码有所不同（error code 0x5、error code 0x2095 等），以前我遇到一个error code为0x5的案例，总结在这一篇MS SQL Could not obtain information about Windows NT group/user 'domain\login', error code 0x5. [SQLSTATE 42000] (Error 15404)。 15404 is the exception when EXECUTE AS context cannot be impersonated. Reasons for these error are plenty. The most common reasons are: when the SQL Server instance does not have access to the AD server because is running as a local user or as 'local service' (this would have an error code 0x5,

ACCESS_DENIED

) when the SQL Server is asked to impersonate an unknown user, like an user from a domain the SQL Server has not idea about (this would have the error code 0x54b,

ERROR_NO_SUCH_DOMAIN

)
The proper solution is always dependent on the error code, which is the OS error when trying to obtain the impersonated user identity token: one searches first for the error code in the System Error Codes table (or fires up windbg, does a loopback non-invasive kernel debug connection and goes !error, which is what I prefer cause is faster...). 解决方法一般也很简单，将作业的ower改为sa或将SQL Agent服务改为拥有sysadmin角色的账号即可解决问题。 参考资料： https://msdn.microsoft.com/en-us/library/dn205134(v=sql.110).aspx http://stackoverflow.com/questions/1905172/ssrs-unable-to-determine-if-the-owner-of-job-has-server-access-sqlstate-42000