What are the challenges you face when working across database platforms? Take the survey
Options

VDI error 1000: Failed to create virtual device

DBA72DBA72 Posts: 19
edited November 19, 2007 3:51PM in SQL Backup Previous Versions
I am trying to run the SQLBackup (5.2.0.2825) service with minimum permissions. Since I work at a bank it is not possible to give it local administrator rights. I am however able to give it sysadmin on the SQL Server. So here are the rights that I have given the service account:

Log on as a service
Log on locally
Sysadmin server role in SQL Server
Rights to the install directories of SQLBackup and SQLServer as well as the backup directory.

The above was done on recommendation of RedGate support. However, when trying to connnect to the server using the GUI I would still receive "Error opening mutex". After doing some monitoring with Process Monitor I was able to identify the SQL Registry keys that the service account also needed access to. I am now able to do a backup via command line but the following command via sql:

master..sqlbackup '-sql "BACKUP DATABASE model TO DISK = [d:\model.sqb] with init"'"

fails with error code:

VDI error 1000: Failed to create virtual device. Check that the SQL Server instance you are trying to connect to is running. Error code: (-2139684857: Failed to recognize the SQL Server instance name.)

I am still seeing audit failure permission events (560) errors in the eventlog so I know there must still be some missing permissions but I no longer see any "ACCESS DENIED" messages in Process Monitor. Can someone tell me what full list of permissions are required by the SQLBackup Service account? I have now had a case open for several months with Red Gate support about this and have gone throught 3 support technicians and my question has still not been answered.

Comments

  • Options
    peteypetey Posts: 2,358 New member
    I've sent you via a private message some instructions to trace the sequence of events leading up to the failure. Could you please send me the resulting log file? Thank you.
    Peter Yeoh
    SQL Backup Consultant Developer
    Associate, Yohz Software
    Beyond compression - SQL Backup goodies under the hood, updated for version 8
  • Options
    We resolved this problem by granting "Query Service" rights on the MSSQLSERVER service to the SQLBackup agent account.
  • Options
    peteypetey Posts: 2,358 New member
    Thanks for the update. And the rights were granted using the sc sdset command.
    Peter Yeoh
    SQL Backup Consultant Developer
    Associate, Yohz Software
    Beyond compression - SQL Backup goodies under the hood, updated for version 8
  • Options
    Peter

    After writing you the message I looked again at the event text and saw:
    • Object Name: MSSQLSERVER
    I realized that I had granted query service rights to the wrong service. I changed this to give access on MSSQLSERVER to authenticated users and this seems to have done the trick.
    sc sdset MSSQLSERVER D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
    (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
    (A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
    S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
    It is probably not necessary to grant all these permissions to authenticated users but at least we have now identified the cause of the failures.
    Chris Buckingham
    Red-Gate support
Sign In or Register to comment.