Search Postgresql Archives

Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Igor,

 

Our network security policy requires that such database services run under a dedicated domain account.  (Postgresql does run successfully under local system account and the default NETWORK SERVICE account.)

 

Thanks,
John

 

From: Igor Neyman [via PostgreSQL] [mailto:[hidden email]]
Sent: Thursday, June 12, 2014 10:06 AM
To: boca2608
Subject: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account

 

> -----Original Message-----


> From: [hidden email] [mailto:pgsql-general-
> [hidden email]] On Behalf Of boca2608
> Sent: Thursday, June 12, 2014 10:00 AM
> To: [hidden email]
> Subject: [GENERAL] Re: Cannot start Postgresql 9.3 as a service in Windows
> 2012 Server with a domain account
>
> Krystian Bigaj replied this in a separate email, which led to some interesting
> information that I would like to share in this mailing list.
>
> He suggested the use of the "Process Monitor" app to log the process events
> during the startup of the service and look for "ACCESS DENIED" errors.  Here
> is what I found.  During the startup, there were indeed several ACCESS
> DENIED errors:
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File
> Execution Options
> TID: 1964
> Duration: 0.0000451
> Desired Access: Query Value, Enumerate Sub Keys
>
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\System\CurrentControlSet\Control\Session Manager
> TID: 1964
> Duration: 0.0000364
> Desired Access: Read
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: File System
> Operation: CreateFile
> Result: ACCESS DENIED
> Path: C:\Windows\System32
> TID: 1964
> Duration: 0.0000409
> Desired Access: Execute/Traverse, Synchronize
> Disposition: Open
> Options: Directory, Synchronous IO Non-Alert
> Attributes: n/a
> ShareMode: Read, Write
> AllocationSize: n/a
>
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: File System
> Operation: QueryOpen
> Result: ACCESS DENIED
> Path: D:\PostgreSQL\9.3\bin\ssleay32.dll
> TID: 1964
> Duration: 0.0000270
>
> I do not know how to give someone permission to a particular registry entry.
> But I suspect that the inability to access system32 might be the cause of the
> failure to start the service.  But when I tried to add the domain user to the
> permission for system32 (READ & EXECUTE), Windows would not allow me to
> proceed.  Has anybody seen such issues?  Any help would be greatly
> appreciated.
>
> Thanks,
> John
>

I missed the beginning of this thread.
Is there a specific reason NOT to use local account for Postgres service?

Regards,
Igor Neyman


--
Sent via pgsql-general mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


If you reply to this email, your message will be added to the discussion below:

http://postgresql.1045698.n5.nabble.com/Cannot-start-Postgresql-9-3-as-a-service-in-Windows-2012-Server-with-a-domain-account-tp5806847p5807004.html

To unsubscribe from Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account, click here.
NAML



View this message in context: RE: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account
Sent from the PostgreSQL - general mailing list archive at Nabble.com.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux