Symptoms

The adTempus service fails to start as described in article K00000222. The adTempus diagnostic log contains a line with the following error message:

Database error -2147217843: Login failed for user 'NT AUTHORITY\SYSTEM'. (source=Microsoft OLE DB Provider for SQL Server; native error=18456; SQL state=42000)

Cause

adTempus is trying to connect to the SQL Server database using integrated (Windows) security. The SYSTEM account under which the adTempus service is running does not have the necessary permissions for the database. There are two common causes for this:

• A. SQL Server is on a different computer from adTempus
• B. The Administrators group no longer has permissions in SQL Server

Resolution

Scenario A

If SQL Server is on a different computer from adTempus, the SYSTEM account under which adTempus is running does not have any authority on that computer, and therefore cannot connect to the database. To resolve this issue you must either:

• Reconfigure adTempus (and the database) to use SQL Server (password) security instead of Windows security (see article K00000216).
• Grant permission in SQL Server to the machine account for the computer where adTempus is running (see article K00000397).

Scenario B

By default, the NT AUTHORITY\SYSTEM account is a member of the BUILTIN\ADMINISTRATORS security group on the computer, and the BUILTIN\ADMINISTRATORS security group has System Administrator authority in SQL Server.

If the SYSTEM account has been removed from the ADMINISTRATORS group, or the permissions for the ADMINISTRATORS group have been removed from SQL Server, adTempus will not be able to connect to the database. To resolve this issue you must either:

• Return the SYSTEM account to the ADMINISTRATORS group and make sure the ADMINISTRATORS group has System Administrator privileges in SQL Server, or
• Grant permission to the SYSTEM account in SQL Server