本文可帮助你排查安装 Microsoft SQL Server 累积更新(CU)或 Service Pack(SP)时出现的错误 15173 或 15559。 运行数据库升级脚本时发生错误。
现象
为 SQL Server 应用 CU 或 SP 时,安装程序将报告以下错误:
等待数据库引擎恢复句柄失败。 有关可能的原因,请查看 SQL Server 错误日志。
检查 SQL Server 错误日志时,会注意到以下错误条目之一。
错误消息集 1:
Error: 15173, Severity: 16, State: 1.
Server principal '##MS_PolicyEventProcessingLogin##' has granted one or more permission(s). Revoke the permission(s) before dropping the server principal.
Error: 912, Severity: 21, State: 2.
Script level upgrade for database 'master' failed because upgrade step 'msdb110_upgrade.sql' encountered error 15173, state 1, severity 16. This is a serious error condition which might interfere with regular operation and the database will be taken offline. If the error happened during upgrade of the 'master' database, it will prevent the entire SQL Server instance from starting. Examine the previous errorlog entries for errors, take the appropriate corrective actions and re-start the database so that the script upgrade steps run to completion.
EventID 3417
Cannot recover the master database. SQL Server is unable to run. Restore master from a full backup, repair it, or rebuild it. For more information about how to rebuild the master database, see SQL Server Books Online.
错误消息集 2:
Dropping existing Agent certificate ...
Error: 15559, Severity: 16, State: 1.
Cannot drop certificate '##MS_AgentSigningCertificate##' because there is a user mapped to it.
Error: 912, Severity: 21, State: 2.
Script level upgrade for database 'master' failed because upgrade step 'sqlagent100_msdb_upgrade.sql' encountered error 15559, state 1, severity 16. This is a serious error condition which might interfere with regular operation and the database will be taken offline. If the error happened during upgrade of the 'master'database, it will prevent the entire SQL Server instance from starting.Examine the previous errorlog entries for errors, take the appropriate corrective actions and re-start the database so that the script upgrade steps run to completion.
Error: 3417, Severity: 21, State: 3.
Cannot recover the master database. SQL Server is unable to run. Restore master from a full backup, repair it, or rebuild it. For more information about how to rebuild the master database, see SQL Server Books Online.</br>
SQL Trace was stopped due to server shutdown. Trace ID = '1'. This is an informational message only; no user action is required.
原因
出现此问题的原因是升级脚本停止运行,因为它无法删除服务器主体(或##MS_PolicyEventProcessingLogin####MS_AgentSigningCertificate##)。 发生此错误的原因是用户映射到服务器主体。
有关在 CU 或 SP 安装过程中运行的数据库升级脚本的详细信息,请参阅 在应用更新时排查升级脚本失败问题。
解决方法
若要解决 15173 或 15559 错误,请执行以下步骤:
将 SQL Server 与跟踪标志 (TF) 902 一起启动。 有关详细信息,请参阅 使用跟踪标志 902 启动 SQL 的步骤。
连接到 SQL Server,并运行以下查询之一,具体取决于错误消息中提到的服务器主体:
SELECT a.name, b.permission_name FROM sys.server_principals a INNER JOIN sys.server_permissions b ON a.principal_id = b.grantee_principal_id INNER JOIN sys.server_principals c ON b.grantor_principal_id = c.principal_id WHERE c.name = '##MS_PolicyEventProcessingLogin##'SELECT a.name, b.permission_name FROM sys.server_principals a INNER JOIN sys.server_permissions b ON a.principal_id = b.grantee_principal_id INNER JOIN sys.server_principals c ON b.grantor_principal_id = c.principal_id WHERE c.name = '##MS_AgentSigningCertificate##'对于查询结果中显示的每个登录名,请运行如下语句来撤销这些权限。
例如,如果任一查询返回以下结果:
名称:权限名称 NT SERVICE\MSSQL$TEST: CONTROL
在这种情况下,请运行以下任一语句:
REVOKE CONTROL ON LOGIN::[##MS_PolicyEventProcessingLogin##] TO [NT SERVICE\MSSQL$TEST] AS [##MS_PolicyEventProcessingLogin##]REVOKE CONTROL ON LOGIN::[##MS_AgentSigningCertificate##] TO [NT SERVICE\MSSQL$TEST] AS [##MS_AgentSigningCertificate]从启动参数中删除 TF 902,然后重启 SQL Server。 SQL Server 在不使用 TF 902 启动后,升级脚本将再次运行。
如果升级脚本成功完成,SP 或 CU 升级已完成。 可以检查 SQL Server 错误日志和启动文件夹以验证已完成的安装。
如果升级脚本再次失败,请检查 SQL Server 错误日志中是否有其他错误条目,然后排查新错误。