Using PrevRegRootPath: Software\Microsoft\Microsoft SQL Server\MSSQL.1
GetServiceUserGroup failed for MSSQLSERVER, 5
Error Code: 0x80070534 (1332)
Windows Error Text: No mapping between account names and security IDs was done
Source File Name: sqlca\sqlcax.cpp
Assuming that this is the case, please go to the next section
When you install SQL Server, mainly 3 groups are created on the server itself (We don't speak about Analysis Service or Reporting Service), these group are use in order to manage security on the SQL Server itself. The groups name are the following one (Where INSTANCE-NAME is the name of your instance)
Each of this group is known with of course its name and in the Windows Architecture with its SID. For various reasons it can appears that the SID stored in registry keys of SQL Server 2005 don't match with the SID of this account.
That the reason why the KB 948109 is failing with "No mapping between account names and security IDs was done”, because it cannot resolve the account associated with the SID.
In the next step we will see how to identified if the SID is correct or not, and how to get the real SID of the account to change the keys in the registry
You need to download a tool named psTools (http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx).
This tools allow to make a resolution and reverse resolution from a SID to the Account and vice-versa.
Open the registry on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup (Database Engine)
You will notice three keys named AGTGroup, FTSGroup and SQLGroup. Each of this key contains the SID value of the group associated with.
Now we need to make a reverse resolution of the SID value stored on these keys, to check if we can find the account associated.
In this sample, we assume that the SQLGROUP key contain the value S-1-5-21-4104542025-1320460399-2805875410-1005
Open a command prompt on perform these steps :
C:\>psGedSid S-1-5-21-4104542025-1320460399-2805875410-1005
=> If the SID can be resolved it will display the name of the group otherwise if will display an errorYou need to perform the previous step for the 3 keys in order to determine which SID cannot be resolved
Note : Usually, you will find out that the 3 SIDs are wrong :-)
Assuming that the SIDs are wrong, we need to fix that in the registry, and to do so, we need to get the good SID of each group. Therefore we will perform the reverse resolution in order to get the SID of each account. If you don't know the name of the group you can find the name in the Computer Management -> Local Users -> Groups, you will find these 3 groups :
Open a command prompt on perform these steps :
C:\>psGedSid SQLServer2005SQLAgentUsers$SERVER-NAME$INSTANCE-NAME
=> It will return a SID that is not the same as the one stored on the registry S-1-5-21-4104542025-1320460399-2805875410-1006So, perform these reverse resolution for each account and copy the SID in the corresponding key on the registry.
You should now be able to install KB 948109 for SQL Server 2005.