(05) 2021-01-18 15:36:44 Slp: Sco: Attempting to check if user account xxxx\xxxx exists
(05) 2021-01-18 15:36:44 Slp: Sco: Attempting to look up AD entry for user xxxx\xxxx
(05) 2021-01-18 15:36:44 Slp: Sco.User.OpenRoot - root DirectoryEntry object already opened for this computer for this object
(05) 2021-01-18 15:36:44 Slp: Sco.User.LookupADEntry - Attempting to find user account xxxx\xxxx
(05) 2021-01-18 15:36:44 Slp: Sco: Attempting to check if container 'WinNT://xxxx' of user account exists
(05) 2021-01-18 15:36:44 Slp: Prompting user if they want to retry this action due to the following failure:
(05) 2021-01-18 15:36:44 Slp: ----------------------------------------
(05) 2021-01-18 15:36:44 Slp: The following is an exception stack listing the exceptions in outermost to innermost order
(05) 2021-01-18 15:36:44 Slp: Inner exceptions are being indented
(05) 2021-01-18 15:36:44 Slp:
(05) 2021-01-18 15:36:44 Slp: Exception type: Microsoft.SqlServer.Configuration.Sco.ScoException
(05) 2021-01-18 15:36:44 Slp: Message:
(05) 2021-01-18 15:36:44 Slp: Access is denied.
(05) 2021-01-18 15:36:44 Slp:
(05) 2021-01-18 15:36:44 Slp: HResult : 0x84bb0001
(05) 2021-01-18 15:36:44 Slp: FacilityCode : 1211 (4bb)
(05) 2021-01-18 15:36:44 Slp: ErrorCode : 1 (0001)
(05) 2021-01-18 15:36:44 Slp: Data:
(05) 2021-01-18 15:36:44 Slp: WatsonData = Domain
(05) 2021-01-18 15:36:44 Slp: DisableRetry = true
(05) 2021-01-18 15:36:44 Slp: Inner exception type: System.UnauthorizedAccessException
(05) 2021-01-18 15:36:44 Slp: Message:
(05) 2021-01-18 15:36:44 Slp: Access is denied.
(05) 2021-01-18 15:36:44 Slp:
(05) 2021-01-18 15:36:44 Slp: HResult : 0x80070005
(05) 2021-01-18 15:36:44 Slp: Stack:
(05) 2021-01-18 15:36:44 Slp: at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsContainer.GetObject(String className, String relativeName)
(05) 2021-01-18 15:36:44 Slp: at System.DirectoryServices.DirectoryEntries.Find(String name, String schemaClassName)
(05) 2021-01-18 15:36:44 Slp: at Microsoft.SqlServer.Configuration.Sco.User.LookupADEntry()
Root Cause:
=========
Incorrect GPO setting: Customer configured RPC restriction permission to two groups in GPO: Default Domain Controller Policy, but GPO security filtering is empty hence every DC will be rejected to apply settings in this GPO, and finally used default policy value: Administrators group only, caused user SAMR query “Access is denied” error, and SQL installation failed with same error.
Solution:
=======
Add back “Authentication Users” group under Default Domain Controller Policy – Security Filtering, run: gpupdate /force on DCs and issue resolved.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.