SQL Server升级失败并返回错误 15173 或 15559
本文可帮助你排查安装适用于 Microsoft SQL Server 的累积更新 (CU) 或 Service Pack (SP) 时发生的错误 15173 或 15559。 运行数据库升级脚本时发生错误。
症状
为SQL Server应用 CU 或 SP 时,安装程序将报告以下错误:
等待数据库引擎恢复句柄失败。 检查SQL Server错误日志中的潜在原因。
检查SQL Server错误日志时,会注意到以下错误条目之一。
错误消息集 1:
Error: 15173, Severity: 16, State: 1.
Server principal '##MS_PolicyEventProcessingLogin##' has granted one or more permission(s). Revoke the permission(s) before dropping the server principal.
Error: 912, Severity: 21, State: 2.
Script level upgrade for database 'master' failed because upgrade step 'msdb110_upgrade.sql' encountered error 15173, state 1, severity 16. This is a serious error condition which might interfere with regular operation and the database will be taken offline. If the error happened during upgrade of the 'master' database, it will prevent the entire SQL Server instance from starting. Examine the previous errorlog entries for errors, take the appropriate corrective actions and re-start the database so that the script upgrade steps run to completion.
EventID 3417
Cannot recover the master database. SQL Server is unable to run. Restore master from a full backup, repair it, or rebuild it. For more information about how to rebuild the master database, see SQL Server Books Online.
错误消息集 2:
Dropping existing Agent certificate ...
Error: 15559, Severity: 16, State: 1.
Cannot drop certificate '##MS_AgentSigningCertificate##' because there is a user mapped to it.
Error: 912, Severity: 21, State: 2.
Script level upgrade for database 'master' failed because upgrade step 'sqlagent100_msdb_upgrade.sql' encountered error 15559, state 1, severity 16. This is a serious error condition which might interfere with regular operation and the database will be taken offline. If the error happened during upgrade of the 'master'database, it will prevent the entire SQL Server instance from starting.Examine the previous errorlog entries for errors, take the appropriate corrective actions and re-start the database so that the script upgrade steps run to completion.
Error: 3417, Severity: 21, State: 3.
Cannot recover the master database. SQL Server is unable to run. Restore master from a full backup, repair it, or rebuild it. For more information about how to rebuild the master database, see SQL Server Books Online.</br>
SQL Trace was stopped due to server shutdown. Trace ID = '1'. This is an informational message only; no user action is required.
原因
出现此问题的原因是升级脚本停止运行,因为它无法删除服务器主体 (##MS_PolicyEventProcessingLogin## 或 ##MS_AgentSigningCertificate##) 。 发生此错误的原因是用户已映射到服务器主体。
有关在 CU 或 SP 安装期间运行的数据库升级脚本的详细信息,请参阅 排查应用更新时升级脚本失败的问题。
解决方案
若要解决 15173 或 15559 错误,请执行以下步骤:
(TF) 902 一起启动SQL Server跟踪标志。 有关详细信息,请参阅 使用跟踪标志 902 启动 SQL 的步骤。
连接到SQL Server,并运行以下查询之一,具体取决于错误消息中提到的服务器主体:
SELECT a.name, b.permission_name FROM sys.server_principals a INNER JOIN sys.server_permissions b ON a.principal_id = b.grantee_principal_id INNER JOIN sys.server_principals c ON b.grantor_principal_id = c.principal_id WHERE c.name = '##MS_PolicyEventProcessingLogin##'SELECT a.name, b.permission_name FROM sys.server_principals a INNER JOIN sys.server_permissions b ON a.principal_id = b.grantee_principal_id INNER JOIN sys.server_principals c ON b.grantor_principal_id = c.principal_id WHERE c.name = '##MS_AgentSigningCertificate##'对于查询结果中显示的每个登录名,请运行如下所示的 语句来撤销这些权限。
例如,如果任一查询返回以下结果:
名称:权限名称 NT SERVICE\MSSQL$TEST: CONTROL
在这种情况下,请运行以下任一语句:
REVOKE CONTROL ON LOGIN::[##MS_PolicyEventProcessingLogin##] TO [NT SERVICE\MSSQL$TEST] AS [##MS_PolicyEventProcessingLogin##]REVOKE CONTROL ON LOGIN::[##MS_AgentSigningCertificate##] TO [NT SERVICE\MSSQL$TEST] AS [##MS_AgentSigningCertificate]从启动参数中删除 TF 902,然后重启SQL Server。 在没有 TF 902 的情况下启动SQL Server后,升级脚本将再次运行。
如果升级脚本成功完成,则 SP 或 CU 升级已完成。 可以检查SQL Server错误日志和启动文件夹,以验证已完成的安装。
如果升级脚本再次失败,检查SQL Server错误日志以获取其他错误条目,然后排查新错误。