SQL Backups fail with permission related errors

Article ID: SQL0003 The account specified may not have correct permission to access the SQL databases

Symptom

For all SQL server versions permissions errors trigger following:

30:302 AutoDiscover Failed, please check if SQL services are running and connectivity between CommServe and client.

30:329 Failed to impersonate Error: […].

Logon failure: user account restriction.  Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

30:332 Unable to get the SQL Version for the server […]. Please check if the SQL Services are running.

"SQL Instance"

30:325 Error encountered during backup. Error: [...]

Error :[…] from the SQL Logs shows the following message:

SQL Error populating the string value [The server principal "NT AUTHORITY\SYSTEM" is not able to access the database"…" under the current security context

For SQL 2012 the error may be related to the new way SQL 2012 handles access/permissions.

Cause

The SQL Server login has insufficient authority.  Membership of the sysadmin role is required to use VIRTUAL_DEVICE with BACKUP or RESTORE.  BACKUP DATABASE is terminating abnormally. An exception occurred while executing a Transact-SQL statement or batch.

Resolution

The backup account used to backup SQL databases must be configured as follows:

  1. Configure the Authentication correctly from the properties of SQL iDA agent.
    Note: The Local System Account may not have SQL privileges by default depending on the SQL version
  2. Authentication can be further configured on the properties of the instance. By default the authentication is inherited from the iDA level.
    Note: The Local System Account may not have SQL privileges by default depending on the SQL version
  3. Ensure that the account specified has the correct permissions in SQL.
    From within SQL management studio, access Logins -> Properties of Specified account -> Server Roles. Ensure that the account has the sysadmin role assigned.
  4. As an alternative you can also configure the Commvault services to run under an account with sufficient privileges to perform the backup.