Recover access to SL 2015 without an existing user

(0) Share

Report

Posted on by daverodgers

hi everyone

I am new to MS SL and ive been given the task of trying to get access to an SL instance which we dont have any existing user id login details for.

I have full access to the servers and sql so creating new domain accounts / sql accounts is not a problem.

I have already tried manually creating my Ad user in sql and giving it SA server permissions and SL app/system database dbo access aswell as the "msdynamicsSL" role.

If i run the SL client app while logged in to the server as my AD account. i get a prompt asking me to "find the database" , whatever i select here i get the system message 5003 "unable to open the specified server database". I have found the MS help page for this error and tried all resolutions, but as yet i havent found anything that fixes this error.

If i try and run the windows admin tools > database maint application, i can connect to the sql server and it lists the available databases.

I have tried the "reset sysadmin user" option, but when i enter my AD account as the new windows auth'd account, I get the error "<user> could not be authenticated, please enter a valid windows user name with priveleges to the domain SQL server is running.

I found the MS solution page for this error. which suggests "The SQL Server Service user does not have READ permissions to the Domain User Account objects in Active Directory."

but ive checked and the sql server account is a domain user and should be able to read the user OU. We even tried temp setting it to domain admin but still got the same error.

Has anyone ever had this situation and been able to gain access to SL without an existing SL user id?

or does anyone know what else to try to fix the other issues around message 5003 or changing the sysadmin user?

thanks!

All responses (9)

Answers (1)

daverodgers 15 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

hi brian

i have managed to recover access.

It turns out the AD user that the sql server service runs as needed to be domain admin.

when i set to it be D.A and then restarted the sql server , when i next ran the db main as mysefl i didnt get the auth error, i got a successful sysadmin reset message.

i then checked the userrec table and my ad account was on the sysadmin userid row.

I could then run the SL client and select a database and login to SL ok.

thanks for the pointers.

Dave
Verified answer

Brian_IL 715 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

Try running the DB Maintenance program again using the SQL sa account rather than your Windows account. Since you have admin rights in SQL you should be able to update the databases. Since you are also the domain admin, another approach would be to change the password of a previous SL user, then login as that user to Windows and to SL.
daverodgers 15 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

just to add, i event ried creating a brand new empty database using the db maint program, but at the last step where it asks for the AD account , i get the same error "could not be authenticated..." ,

does the AD account which is used to run the sql service need to be a domain admin?
daverodgers 15 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

hi brian

if i try and run the SL db maint program to change the sysadmin user i get the following error:

"domain\user could not be authenticated. Please enter a valid Windows User Name with priveleges to the domain SQL server is running."

If i try and run a client from one of the servers , i do get the "find database" form, but if i select any of the system databases nothing happens. i dont get an error, the form just flashes briefly and nothing actually changes. if i try and change the database to one of the app databases i get error 5003 unable to open the specified server database.

So i guess i maybe need to try and resolve the error from the db maint program that is not allowing me to change the AD account to my own account in the system database.
Brian_IL 715 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

Since you already have admin access to the environment and databases, remapping the SYSADMIN user in SL to associate it with your AD account should work for the SL login. Running the SL Database Maintenance program with the sa credentials would have also allowed changing the AD user associated with that user ID.

The initial login from a working SL client will prompt you for the SQL Server or server instance name, and the SL System database. Those values will be cached in your user profile on that computer for future logins. After completing those values the opening SL login screen will return. The default company ID and the user ID must be entered, but the password field is left blank for a Windows authenticated installation. The <F3> key will give a lookup window of the possible values for the available company IDs.

After logging into the company, other SL users may be specified from the Administration - User Maintenance screen. Additional admin info may be found in the User Guides folder - System Manager PDF.
daverodgers 15 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

hi brian thanks so much for replying, its greatly appreciated.

unfortunately we have no reseller/partner agreement covering this install. its abit complicated but basically we bought another company and this is their SL install. however everyone who looked after it no longer works here. however the powers that be realised we still need access to this system for audit purposes , hence the slight panic now to try and get it working.

I admin a dynamics AX install so was asked to take a look, however as we know theres very little similarities between AX and SL, hence me posting here hoping for some help.

I did look into the UserRec table in the system database and i can see the old AD account that has the userid "SYSADMIN" attached to it.

have you got any advice on where to start?

I did think about updating the "WindowsUserAcct" field in userrec , and replace the domain\accnt with my AD account to see if i can trick it into thinking im the admin, but im not sure if thats a good idea or not?

thanks.

Dave
Brian_IL 715 on at

Like (1)

Report

RE: Recover access to SL 2015 without an existing user

Hi Dave, your reseller should be able to assist with getting access. You can update the relevant System DB tables to get access, there are several methods to connect through the SL interface.
daverodgers 15 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

I found the capicom.dll in the install files , tried copying and registering it on the app server but the client still doesnt work with error 5003.
daverodgers 15 on at

Like (0)

Report

RE: Recover access to SL 2015 without an existing user

Just one thing i have noticed. I cant find the capicom.dll file on the win 2012 server where the app is installed, or on the sql server.

is this file required in all version of SL and why would it be missing?

Recover access to SL 2015 without an existing user

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Leaderboard

Featured topics

Product updates

Recover access to SL 2015 without an existing user

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Subscribe to

Leaderboard

Featured topics

Product updates