locked
Cant log in with Farm Admin account but local admin account OK....... RRS feed

  • Question

  • Hello,

    I can log into my SP2010 farm using the local admin account of a web front end server, but not with the dedicated domain Farm Admin account.

    The Farm Admin account is used to run everything on the farm, so I know the account works.

    When I go to another server ( not a web front end server ), I can log in over the network to Central Administration using the WFE local admin account.

    The Farm Admin account is a member of the WFE server local admins ( I have checked ) and is a member of the Farm Admins group inside SP2010.

    Can anyone please advise what the cause might be? I'm mystified as the Farm Admin is the highest level account in the farm yet it cant log in.

    Any thoughts appreciated.

    Cheers

    Steve

    Friday, November 12, 2010 3:48 AM

Answers

  • Hi,

    Could you please tell me which site the farm account cannot access, the Central Administration site or a site collection under a web application?

     

    If you cannot access the CA, please try to check the permission for the account. By default, the server farm account is used as the application pool identity for Central Administration, and as the process account for the Microsoft SharePoint Foundation 2010 Timer service. The server farm account requires the following permissions: It must have domain user account permissions. Additional permissions are automatically granted to the server farm account on Web servers and application servers that are joined to a server farm, more information, please refer to: http://technet.microsoft.com/en-us/library/cc678863.aspx#Section2

    If you cannot access a site collection, by default, Farm account doesn’t have admin or even read privileges on the content in a site collection.
    You can either add yourself to site collection admin through central administration and access the site. Or you can add yourself to the Policy for web application and give yourself privileges on the web app level which overwrites any other permission on the site collection or the site or the list level.

    Hope it helps.


    Xue-Mei Chang
    Monday, November 15, 2010 8:18 AM

All replies

  • When you are logged in as a local admin account ensure that the following permissions are set for the Farm Admin:

    Farm Administrator

    Site Collection Administrator

     


    Giles Hamson MCTS, MCITP SharePoint 2010 | Blog: http://ghamson.wordpress.com | Twitter: @ghamson
    Sunday, November 14, 2010 12:52 PM
  • Hi,

    Could you please tell me which site the farm account cannot access, the Central Administration site or a site collection under a web application?

     

    If you cannot access the CA, please try to check the permission for the account. By default, the server farm account is used as the application pool identity for Central Administration, and as the process account for the Microsoft SharePoint Foundation 2010 Timer service. The server farm account requires the following permissions: It must have domain user account permissions. Additional permissions are automatically granted to the server farm account on Web servers and application servers that are joined to a server farm, more information, please refer to: http://technet.microsoft.com/en-us/library/cc678863.aspx#Section2

    If you cannot access a site collection, by default, Farm account doesn’t have admin or even read privileges on the content in a site collection.
    You can either add yourself to site collection admin through central administration and access the site. Or you can add yourself to the Policy for web application and give yourself privileges on the web app level which overwrites any other permission on the site collection or the site or the list level.

    Hope it helps.


    Xue-Mei Chang
    Monday, November 15, 2010 8:18 AM