-
Title
VIEW SERVER STATE permission was denied on object 'server', database 'master' -
Description
When attempting to start the Active Roles Administration Service, the following error is received:
Critical error occurred upon starting Active Roles Administration Service.Details: VIEW SERVER STATE permission was denied on object 'server', database 'master'.The user does not have permission to perform this action
Active Roles Event Viewer logs may show the following:
Event ID 2501: The user does not have permission to perform this action.
Active Roles Verbose Logging may show the following:
The user does not have permission to perform this action.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()at System.Data.SqlClient.SqlDataReader.get_MetaData()at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted)at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)at System.Data.SqlClient.SqlCommand.RunExecuteReader... -
Cause
The service account does not have View Server State permissions on the SQL Server.
Due to changes implemented in Active Roles Public Hotfix 250838, the View Server State SQL permission is now required.
-
Resolution
Provide the View Server State permission to the Active Roles service account.
From the SQL Server Management Studio via GUI:
- Connect to the SQL instance
- Navigate to Security | Logins
- Right Click the ARS Service Account | Select Properties
- Select the Securables page
- In the bottom pane, scroll to the bottom and Grant - View Server State
From the SQL Server Management Studio via statement:
- Connect to the SQL instance
- Select New Query
- Use the following statement
- GRANT VIEW SERVER STATE TO "AccountName"