Hi,
I have browsed through a few threads about this error and the suggested answer(s) do help addressing the issue. However, I like someone to help me understand why this issue arised in our situation. Let me layout the situation out.
We are using sql 2012 enterprise edition and moved our databases from one datacenter to a different one six months ago using backup and restore method. The dbs are involving in SQL 2012 Always-On A push transaction replication
was set up after the move and replication has been working ever since. The logreader security is using SQL job agent service account to run on and for the connection to publisher we use 'By impersonating the process account'.
Out of the blue a couple days ago, we received replication error messages as follows:
"'The process could not execute 'sp_replcmds' on server xxx"
"Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission. (Source: MSSQLServer, Error number: 15517)".
For the above error, the 'exec sp_changedbowner' command on the db addresses the issue. However, the
puzzling thing is that if the db owner is the issue, it has been there since we moved six months ago, why this happened now? The log reader is using SQL agent service account to run the process. This account is a domain account which
has 'sa' permission. When I saw the error "'The process could not execute 'sp_replcmds' on server xxx", my iniital thought was that for some reason Logreader was
having difficulty using sQL agent service account to authenticate or having permission issue. This prompts me to the following questions:
1. If indeed SQL agent service account is having persmission issue, what would cause it since it has 'sa' permission already? Behind the scene, would it need to authenticate with the Active Directory before it proceeds with its process? If
so, when would this happen? If there is some networking or domain authentication issue, would it cause this 'sp_replcmds' error?
2. Say logreader is having permission issue to execute 'sp_replcmds', would it try other method(s) such as impersonating in other context( sicj as other domain login) to try to execute the command? I am trying to understand what route(or
process) logreader is trying bheind the scene to cause this error 'the principal "dbo" does not exist' to show up. Again, this so-call db owner issue has existed for six months. If it is the issue, why doesn't it happen
before?
It seems when things are working, logreader is working as normal but if something interrupted logreader process, logreader found some hidden problem from its behind the scene process. If someone can shred some light on this, it would be very
much appreciated.
OD
Ocean Deep