How can we help you today? How can we help you today?

Can not backup using the GUI, VDI error 1000

I am trying to use the GUI to back up my databases. The user I am running under is a Local Admin of the machine. I keep getting the error below when I try to run a backup:

VDI error 1000: Failed to create virtual device. Check that the SQL Server instance you are trying to connect to is running.
Error code: (-2139684859: Failed to create security environment.)

If I change the service account to Domain Admin it runs fine. I looked under all directories to verify Domain Admins does not have elevated permissions over Local Admins. I also looked into the Local Security Policy to verify that Domain Admins was not granted any extra privleges. What can I do? Are there other permissions I need to check?
tonycara
0

Comments

5 comments

Sort by
  • petey
    The user I am running under is a Local Admin of the machine.
    Are you referring to the user who is currently logged in to the desktop, or the SQL Backup Agent service user?
    If I change the service account to Domain Admin it runs fine.

    By service account, are you referring to the SQL Backup Agent service account? This service's startup account needs to be an account that has the SQL Server sysadmin fixed server role assigned to it.
    petey
    0
  • tonycara
    The user I am running as is a local admin of the machine. If I log in to the Desktop as Domain Admin, I can run it from the command line but not from the GUI.

    By Service Account I am refering to the SQL Backup Agent Service. This account does have Sys admin to SQL.
    tonycara
    0
  • petey
    Which account is the SQL Server service running under?
    petey
    0
  • tonycara
    I have tried running this under the same account as SQL Server but that does not work. We have SQL running under a domain account that is a local admin of the server. I have created an identical account to test with that has the same permissions as the SQLServices account. Both are local admins of the box.
    tonycara
    0
  • petey
    The error you encounter happens when the Microsoft backup library needs to create a Windows object, and grant, to both itself and the SQL Server service account, rights to access it.

    The backup library runs under the priviliges of the logged-on user (if using the cmd line app) or the SQL Backup Agent service user (if using the extended stored procedure).

    I don't know the details of how the backup library determines the SQL Server service startup user.

    Running regmon shows that SQL Backup accesses the following keys:

    HKLM\Software\Microsoft\MSSQLServer\Setup\SQLDataRoot
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAMLIB.dll
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAMLIB.dll

    The last 2 entries were not found on my workstation, but the backup proceeds.

    Running a filemon at the point of your error indicates that SQL Backup accesses the following files:

    C:\Windows\system32\samlib.dll
    C:\Windows\system32\ntmarta.dll
    petey
    0

Add comment

Please sign in to leave a comment.