Igor,
Our network security policy requires that such database services run under a dedicated domain account. (Postgresql does run successfully under local system account and the default NETWORK SERVICE account.)
Thanks,
John
From: Igor Neyman [via PostgreSQL] [mailto:[hidden email]]
Sent: Thursday, June 12, 2014 10:06 AM
To: boca2608
Subject: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account
> -----Original Message-----
> From: [hidden email] [mailto:pgsql-general-
> [hidden email]] On Behalf Of boca2608
> Sent: Thursday, June 12, 2014 10:00 AM
> To: [hidden email]
> Subject: [GENERAL] Re: Cannot start Postgresql 9.3 as a service in Windows
> 2012 Server with a domain account
>
> Krystian Bigaj replied this in a separate email, which led to some interesting
> information that I would like to share in this mailing list.
>
> He suggested the use of the "Process Monitor" app to log the process events
> during the startup of the service and look for "ACCESS DENIED" errors. Here
> is what I found. During the startup, there were indeed several ACCESS
> DENIED errors:
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File
> Execution Options
> TID: 1964
> Duration: 0.0000451
> Desired Access: Query Value, Enumerate Sub Keys
>
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\System\CurrentControlSet\Control\Session Manager
> TID: 1964
> Duration: 0.0000364
> Desired Access: Read
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: File System
> Operation: CreateFile
> Result: ACCESS DENIED
> Path: C:\Windows\System32
> TID: 1964
> Duration: 0.0000409
> Desired Access: Execute/Traverse, Synchronize
> Disposition: Open
> Options: Directory, Synchronous IO Non-Alert
> Attributes: n/a
> ShareMode: Read, Write
> AllocationSize: n/a
>
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: File System
> Operation: QueryOpen
> Result: ACCESS DENIED
> Path: D:\PostgreSQL\9.3\bin\ssleay32.dll
> TID: 1964
> Duration: 0.0000270
>
> I do not know how to give someone permission to a particular registry entry.
> But I suspect that the inability to access system32 might be the cause of the
> failure to start the service. But when I tried to add the domain user to the
> permission for system32 (READ & EXECUTE), Windows would not allow me to
> proceed. Has anybody seen such issues? Any help would be greatly
> appreciated.
>
> Thanks,
> John
>
Is there a specific reason NOT to use local account for Postgres service?
Regards,
Igor Neyman
--
Sent via pgsql-general mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
If you reply to this email, your message will be added to the discussion below:
To unsubscribe from Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account, click here.
NAML
View this message in context: RE: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account
Sent from the PostgreSQL - general mailing list archive at Nabble.com.