KB4039736 - FIX: SSIS package does not start when it's run by a CLR stored procedure whose user does not have SYSADMIN permissions

Symptoms

Assume that you launch Microsoft SQL Server 2016 or 2017 Integration Services (SSIS 2016) package by using the common language runtime (CLR) stored procedure. When you run the CLR stored procedure which calls the SQLContext.WindowsIdentity property, you may notice that the SQLContext.WindowsIdentity property returns a NULL value for impersonated calls in SQL Server due to which the SSIS package does not start. This issue occurs if the CLR procedure is owned by a user who has a Windows login (not a SQL Server login) that does not have the SYSADMIN permissions. Additionally, you may receive an error message that resembles the following:

The operation cannot be started by an account that uses SQL Server Authentication. Start the operation with an account that uses Windows Authentication.

Resolution

This issue is fixed in the following cumulative updates for SQL Server:

      Cumulative Update 1 for SQL Server 2017 

      Cumulative Update 5 for SQL Server 2016 SP1

Note: To fix this issue, Trace flag (TF) 4637 must be enabled.

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

Latest cumulative update for SQL Server 2017

Latest cumulative update for SQL Server 2016

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

Learn about the terminologythat Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×