{"id":304,"date":"2025-07-10T10:30:19","date_gmt":"2025-07-10T08:30:19","guid":{"rendered":"http:\/\/mariospavlidis.site\/?p=304"},"modified":"2025-07-10T10:40:32","modified_gmt":"2025-07-10T08:40:32","slug":"configuring-tempdb-folder-ownership-on-ephemeral-disks-for-sql-server-on-azure-vms-msa-support","status":"publish","type":"post","link":"http:\/\/130.61.57.200\/index.php\/2025\/07\/10\/configuring-tempdb-folder-ownership-on-ephemeral-disks-for-sql-server-on-azure-vms-msa-support\/","title":{"rendered":"Configuring tempdb on Ephemeral Disks for SQL Server on Azure VMs"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Introduction<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When deploying SQL Server on <strong>Azure VMs<\/strong>, you can boost <code>tempdb<\/code> performance by storing it on <strong>ephemeral (temporary) storage<\/strong>. Microsoft recommends using the local SSD (often <code>D:<\/code> drive) for <code>tempdb<\/code>. However, if your SQL Server runs under a <strong>Managed Service Account (MSA)<\/strong>, it may not have permission to access this folder after a reboot.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This post walks you through <strong>automatically assigning folder permissions to your SQL Server MSA<\/strong> on startup, ensuring <code>tempdb<\/code> always initializes successfully.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Problem<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When using <strong>ephemeral storage<\/strong> for <code>tempdb<\/code>, folder and its permissions must be recreated and reset <strong>after every VM reboot<\/strong> since the <code>D:<\/code> drive is <strong>reprovisioned<\/strong> on every boot.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a result, SQL Server <strong>fails to start<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Solution<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Automate the <strong>creation and permission assignment<\/strong> of the <code>tempdb<\/code> folder during <strong>VM startup<\/strong> using a <strong>PowerShell script<\/strong> executed by <strong>Task Scheduler<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step-by-Step Guide<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Create the PowerShell Script<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Save this script as <code>C:\\Scripts\\SQLTempDB.ps1<\/code>:<\/p>\n\n\n\n<p class=\"has-palette-color-4-color has-palette-color-5-background-color has-text-color has-background has-link-color has-small-font-size wp-elements-13c7d65895b8e36e89e14af06acfc266 wp-block-paragraph\" style=\"border-width:1px\">$FolderPath = &#8220;D:\\SQLTEMP&#8221;<br>$Account = &#8220;DOMAIN\\USER&#8221;<br>$SQLService=&#8221;SQL Server (MSSQLSERVER)&#8221;<br>$SQLAgentService=&#8221;SQL Server Agent (MSSQLSERVER)&#8221;<br><br># Recreate folder if it doesn&#8217;t exist<br>if (!(Test-Path $FolderPath)) {<br>    New-Item -Path $FolderPath -ItemType Directory | Out-Null<br>}<br><br># Assign full control to SQL Server service account<br>$acl = Get-Acl $FolderPath<br>$permission = &#8220;$Account&#8221;,&#8221;FullControl&#8221;,&#8221;ContainerInherit,ObjectInherit&#8221;,&#8221;None&#8221;,&#8221;Allow&#8221;<br>$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission<br>$acl.SetAccessRule($accessRule)<br>Set-Acl -Path $FolderPath -AclObject $acl<br><br>Start-Service $SQLService<br>Start-Service $SQLAgentService<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Create a Scheduled Task to Run the Script on Startup Via Task Scheduler<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Create Task<\/strong> \u2192 General tab:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Name: <code>Initialize SQL TempDB Folder with privileges<\/code><\/li>\n\n\n\n<li>Run as: <code>SYSTEM<\/code><\/li>\n\n\n\n<li>Check <strong>&#8220;Run with highest privileges&#8221;<\/strong><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Triggers<\/strong> \u2192 New:\n<ul class=\"wp-block-list\">\n<li>Begin the task: <code>At startup<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Actions<\/strong> \u2192 New:\n<ul class=\"wp-block-list\">\n<li>Action: <code>Start a program<\/code><\/li>\n\n\n\n<li>Program\/script: <code>powershell.exe<\/code><\/li>\n\n\n\n<li>Add arguments: <code>-ExecutionPolicy Bypass -File &quot;C:\\Scripts\\SQLTempDB.ps1&quot;<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-start-mode\">3. Configure start mode for SQL Server<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Since you want the script to create the folder to run before SQL Server starts, you need to set the SQL Server and SQL Agent services to start manually. To do this, follow these steps:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open&nbsp;<strong>SQL Server Configuration Manager<\/strong>.<\/li>\n\n\n\n<li>Select&nbsp;<strong>SQL Server Services<\/strong>&nbsp;in the left pane.<\/li>\n\n\n\n<li>Right-click on the&nbsp;<strong>SQL Server<\/strong>&nbsp;service and select&nbsp;<strong>Properties<\/strong>&nbsp;to open the&nbsp;<strong>Properties<\/strong>&nbsp;window.<\/li>\n\n\n\n<li>On the&nbsp;<strong>Properties<\/strong>&nbsp;window, select the&nbsp;<strong>Service<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>On the&nbsp;<strong>Service<\/strong>&nbsp;tab, use the dropdown list to change the&nbsp;<strong>Start Mode<\/strong>&nbsp;to&nbsp;<strong>Manual<\/strong>:<\/li>\n\n\n\n<li>Use&nbsp;<strong>Apply<\/strong>&nbsp;to save your changes and then&nbsp;<strong>OK<\/strong>&nbsp;to close the window.<\/li>\n\n\n\n<li>Repeat these steps for the&nbsp;<strong>SQL Server Agent<\/strong>&nbsp;service.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">4. Test<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You can first test by stopping SQL Server instance and deleting TempDB folder from D:. Then execute the job manually. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Final test is a server reboot.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction When deploying SQL Server on Azure VMs, you can boost tempdb performance by storing it on ephemeral (temporary) storage. Microsoft recommends using the local SSD (often D: drive) for tempdb. However, if your SQL Server runs under a Managed Service Account (MSA), it may not have permission to access this folder after a reboot. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,2],"tags":[75],"class_list":["post-304","post","type-post","status-publish","format-standard","hentry","category-azure","category-mssql","tag-tempdb"],"blocksy_meta":[],"_links":{"self":[{"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/posts\/304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/comments?post=304"}],"version-history":[{"count":9,"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/posts\/304\/revisions"}],"predecessor-version":[{"id":314,"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/posts\/304\/revisions\/314"}],"wp:attachment":[{"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/media?parent=304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/categories?post=304"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/130.61.57.200\/index.php\/wp-json\/wp\/v2\/tags?post=304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}