VDI error 1000: Failed to create virtual device
DBA72
Posts: 19
I am trying to run the SQLBackup (5.2.0.2825) service with minimum permissions. Since I work at a bank it is not possible to give it local administrator rights. I am however able to give it sysadmin on the SQL Server. So here are the rights that I have given the service account:
Log on as a service
Log on locally
Sysadmin server role in SQL Server
Rights to the install directories of SQLBackup and SQLServer as well as the backup directory.
The above was done on recommendation of RedGate support. However, when trying to connnect to the server using the GUI I would still receive "Error opening mutex". After doing some monitoring with Process Monitor I was able to identify the SQL Registry keys that the service account also needed access to. I am now able to do a backup via command line but the following command via sql:
master..sqlbackup '-sql "BACKUP DATABASE model TO DISK = [d:\model.sqb] with init"'"
fails with error code:
VDI error 1000: Failed to create virtual device. Check that the SQL Server instance you are trying to connect to is running. Error code: (-2139684857: Failed to recognize the SQL Server instance name.)
I am still seeing audit failure permission events (560) errors in the eventlog so I know there must still be some missing permissions but I no longer see any "ACCESS DENIED" messages in Process Monitor. Can someone tell me what full list of permissions are required by the SQLBackup Service account? I have now had a case open for several months with Red Gate support about this and have gone throught 3 support technicians and my question has still not been answered.
Log on as a service
Log on locally
Sysadmin server role in SQL Server
Rights to the install directories of SQLBackup and SQLServer as well as the backup directory.
The above was done on recommendation of RedGate support. However, when trying to connnect to the server using the GUI I would still receive "Error opening mutex". After doing some monitoring with Process Monitor I was able to identify the SQL Registry keys that the service account also needed access to. I am now able to do a backup via command line but the following command via sql:
master..sqlbackup '-sql "BACKUP DATABASE model TO DISK = [d:\model.sqb] with init"'"
fails with error code:
VDI error 1000: Failed to create virtual device. Check that the SQL Server instance you are trying to connect to is running. Error code: (-2139684857: Failed to recognize the SQL Server instance name.)
I am still seeing audit failure permission events (560) errors in the eventlog so I know there must still be some missing permissions but I no longer see any "ACCESS DENIED" messages in Process Monitor. Can someone tell me what full list of permissions are required by the SQLBackup Service account? I have now had a case open for several months with Red Gate support about this and have gone throught 3 support technicians and my question has still not been answered.
Comments
SQL Backup Consultant Developer
Associate, Yohz Software
Beyond compression - SQL Backup goodies under the hood, updated for version 8
SQL Backup Consultant Developer
Associate, Yohz Software
Beyond compression - SQL Backup goodies under the hood, updated for version 8
After writing you the message I looked again at the event text and saw:
• Object Name: MSSQLSERVER
I realized that I had granted query service rights to the wrong service. I changed this to give access on MSSQLSERVER to authenticated users and this seems to have done the trick.
sc sdset MSSQLSERVER
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
It is probably not necessary to grant all these permissions to authenticated users but at least we have now identified the cause of the failures.
Red-Gate support