Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account

Igor,

Our network security policy requires that such database services run under a
dedicated domain account. (Postgresql does run successfully under local
system account and the default NETWORK SERVICE account.)

Thanks,
John

From: Igor Neyman [via PostgreSQL]
[mailto:ml-node+s1045698n5807004h89(at)n5(dot)nabble(dot)com]
Sent: Thursday, June 12, 2014 10:06 AM
To: boca2608
Subject: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server
with a domain account

> -----Original Message-----
> From: [hidden email] [mailto:pgsql-general-
> [hidden email]] On Behalf Of boca2608
> Sent: Thursday, June 12, 2014 10:00 AM
> To: [hidden email]
> Subject: [GENERAL] Re: Cannot start Postgresql 9.3 as a service in Windows

> 2012 Server with a domain account
>
> Krystian Bigaj replied this in a separate email, which led to some
interesting
> information that I would like to share in this mailing list.
>
> He suggested the use of the "Process Monitor" app to log the process
events
> during the startup of the service and look for "ACCESS DENIED" errors.
Here
> is what I found. During the startup, there were indeed several ACCESS
> DENIED errors:
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File
> Execution Options
> TID: 1964
> Duration: 0.0000451
> Desired Access: Query Value, Enumerate Sub Keys
>
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\System\CurrentControlSet\Control\Session Manager
> TID: 1964
> Duration: 0.0000364
> Desired Access: Read
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: File System
> Operation: CreateFile
> Result: ACCESS DENIED
> Path: C:\Windows\System32
> TID: 1964
> Duration: 0.0000409
> Desired Access: Execute/Traverse, Synchronize
> Disposition: Open
> Options: Directory, Synchronous IO Non-Alert
> Attributes: n/a
> ShareMode: Read, Write
> AllocationSize: n/a
>
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: File System
> Operation: QueryOpen
> Result: ACCESS DENIED
> Path: D:\PostgreSQL\9.3\bin\ssleay32.dll
> TID: 1964
> Duration: 0.0000270
>
> I do not know how to give someone permission to a particular registry
entry.
> But I suspect that the inability to access system32 might be the cause of
the
> failure to start the service. But when I tried to add the domain user to
the
> permission for system32 (READ & EXECUTE), Windows would not allow me to
> proceed. Has anybody seen such issues? Any help would be greatly
> appreciated.
>
> Thanks,
> John
>

I missed the beginning of this thread.
Is there a specific reason NOT to use local account for Postgres service?

Regards,
Igor Neyman

--
Sent via pgsql-general mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

_____

If you reply to this email, your message will be added to the discussion
below:

http://postgresql.1045698.n5.nabble.com/Cannot-start-Postgresql-9-3-as-a-ser
vice-in-Windows-2012-Server-with-a-domain-account-tp5806847p5807004.html

To unsubscribe from Cannot start Postgresql 9.3 as a service in Windows 2012
Server with a domain account, click here
<http://postgresql.1045698.n5.nabble.com/template/NamlServlet.jtp?macro=unsu
bscribe_by_code&node=5806847&code=Ym9jYTI2MDhAZ21haWwuY29tfDU4MDY4NDd8LTM4MT
MwNzE4MA==> .

<http://postgresql.1045698.n5.nabble.com/template/NamlServlet.jtp?macro=macr
o_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.B
asicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.templ
ate.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-insta
nt_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
NAML

--
View this message in context: http://postgresql.1045698.n5.nabble.com/Cannot-start-Postgresql-9-3-as-a-service-in-Windows-2012-Server-with-a-domain-account-tp5806847p5807022.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.