Igor,
Our network security policy requires that such database services run under a dedicated domain account. (Postgresql does run successfully under local system account and the default NETWORK SERVICE account.) Thanks, John From: Igor Neyman [via PostgreSQL] [mailto:ml-node+s1045698n5807004...@n5.nabble.com] Sent: Thursday, June 12, 2014 10:06 AM To: boca2608 Subject: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account > -----Original Message----- > From: [hidden email] [mailto:pgsql-general- > [hidden email]] On Behalf Of boca2608 > Sent: Thursday, June 12, 2014 10:00 AM > To: [hidden email] > Subject: [GENERAL] Re: Cannot start Postgresql 9.3 as a service in Windows > 2012 Server with a domain account > > Krystian Bigaj replied this in a separate email, which led to some interesting > information that I would like to share in this mailing list. > > He suggested the use of the "Process Monitor" app to log the process events > during the startup of the service and look for "ACCESS DENIED" errors. Here > is what I found. During the startup, there were indeed several ACCESS > DENIED errors: > > Date & Time: 6/12/2014 9:27:41 AM > Event Class: Registry > Operation: RegOpenKey > Result: ACCESS DENIED > Path: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File > Execution Options > TID: 1964 > Duration: 0.0000451 > Desired Access: Query Value, Enumerate Sub Keys > > > Date & Time: 6/12/2014 9:27:41 AM > Event Class: Registry > Operation: RegOpenKey > Result: ACCESS DENIED > Path: HKLM\System\CurrentControlSet\Control\Session Manager > TID: 1964 > Duration: 0.0000364 > Desired Access: Read > > Date & Time: 6/12/2014 9:27:41 AM > Event Class: File System > Operation: CreateFile > Result: ACCESS DENIED > Path: C:\Windows\System32 > TID: 1964 > Duration: 0.0000409 > Desired Access: Execute/Traverse, Synchronize > Disposition: Open > Options: Directory, Synchronous IO Non-Alert > Attributes: n/a > ShareMode: Read, Write > AllocationSize: n/a > > > Date & Time: 6/12/2014 9:27:41 AM > Event Class: File System > Operation: QueryOpen > Result: ACCESS DENIED > Path: D:\PostgreSQL\9.3\bin\ssleay32.dll > TID: 1964 > Duration: 0.0000270 > > I do not know how to give someone permission to a particular registry entry. > But I suspect that the inability to access system32 might be the cause of the > failure to start the service. But when I tried to add the domain user to the > permission for system32 (READ & EXECUTE), Windows would not allow me to > proceed. Has anybody seen such issues? Any help would be greatly > appreciated. > > Thanks, > John > I missed the beginning of this thread. Is there a specific reason NOT to use local account for Postgres service? Regards, Igor Neyman -- Sent via pgsql-general mailing list ([hidden email]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general _____ If you reply to this email, your message will be added to the discussion below: http://postgresql.1045698.n5.nabble.com/Cannot-start-Postgresql-9-3-as-a-ser vice-in-Windows-2012-Server-with-a-domain-account-tp5806847p5807004.html To unsubscribe from Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account, click here <http://postgresql.1045698.n5.nabble.com/template/NamlServlet.jtp?macro=unsu bscribe_by_code&node=5806847&code=Ym9jYTI2MDhAZ21haWwuY29tfDU4MDY4NDd8LTM4MT MwNzE4MA==> . <http://postgresql.1045698.n5.nabble.com/template/NamlServlet.jtp?macro=macr o_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.B asicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.templ ate.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-insta nt_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML -- View this message in context: http://postgresql.1045698.n5.nabble.com/Cannot-start-Postgresql-9-3-as-a-service-in-Windows-2012-Server-with-a-domain-account-tp5806847p5807022.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
