$ndo$shadow trouble

Toddy_BoyToddy_Boy Member Posts: 217
edited 2012-02-08 in SQL General
After using the SQL 2008 Copy Database wizard I now have a Copy of the Live database for testing/training etc which will be refreshed every night. I can gain access to the database no problem but when non db owners try to access it using Nav 2009 R2 they get an error
Cannot set application role '$ndo$shadow' because it does not exist or the password is incorrect

The application role does exist and has a password according to SSMS.

Security is Standard in the Live and Copy databases, I've synchronised the logons and users have permissions to both databases.

I've read about changing the security model to Enhanced and back to Standard as this will be a scheduled job I don't want to be running extra commands that could lock the job as can happen when changing the security model.

Any ideas why an exact copy of the database shouldn't act in the same way as the source database?

Life is for enjoying ... if you find yourself frowning you're doing something wrong


  • David_SingletonDavid_Singleton Member Posts: 5,456
    Windows or SQL logins?
    David Singleton
  • Toddy_BoyToddy_Boy Member Posts: 217
    Windows authentication

    Life is for enjoying ... if you find yourself frowning you're doing something wrong
  • eYeeYe Member Posts: 152

    I am doing the exact same thing, have you guys found any solution to this?

    Synchronizing the logins doesn't work as it complains that a login (the owner of the db) already exists in the database...

    Kind Regards,

    Kind Regards,
    Ewald Venter
  • Toddy_BoyToddy_Boy Member Posts: 217
    No, sorry :cry:
    Life is for enjoying ... if you find yourself frowning you're doing something wrong
  • davmac1davmac1 Member Posts: 1,277
    Are you restoring to the same sql server instance?
    If not, you may have a mismatch between your instance security users and your database security users.

    Also, are you on the same Windows domain?
  • eYeeYe Member Posts: 152
    Same domain different servers/instances.

    It was running perfectly when the jobs were created to run on a Windows account, a month later suddenly started getting permission errors so the copy didn't happen and the client denies changing permissions for the login.

    So recreated the jobs using a db login with the same password in both instances, on both servers it has the sysadmin role.
    And it is set to copy the logins from source to destination server.
    Kind Regards,
    Ewald Venter
  • herrJonesherrJones Member Posts: 8
    You can use the sp_change_users_login stored procedure from SQL server.

    That did the trick for me...

    To report the 'unmapped' users: exec sp_change_users_login 'Report'

    Check the Microsoft Help page for more details.

Sign In or Register to comment.