none
Managed account for Project Server 2010 events and queue service RRS feed

  • Question

  • Hi all,
    My SharePoint central administration is complaining about the Project Server 2010 events and queue service. Both are using the farmadmin account.

    I know about registering a new service account and using it for these two services. But what I don’t know is what permissions this service account needs. I guess there are special permissions needed for Project Server?!

    There is already a Project Server Service Application with a Project Server App Pool in place that is using the Farm AppPool Service Account.

    Is there a best practice for these two services and the corresponding service account?

    Thanks in advance!

    Regards
    Andreas

    Friday, March 2, 2012 8:17 AM

All replies

  • Hi Andreas,

    You can create a new managed account for these two serverices so that they do not run under the farm account. See this post with Brian's answer:

    http://social.technet.microsoft.com/Forums/nl/projserv2010setup/thread/d9730c66-d0e0-4cb3-9610-71648f766048

    Thanks

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com

    Friday, March 2, 2012 8:56 AM
    Moderator
  • Hi Paul,

    Thanks for your answer. I know about creating a new account.
    My question was more, if there are any special persmisson for this service Account in Project Server and/or SharePoint Server needed.

    Kind Regards
    Andreas

    Friday, March 2, 2012 9:00 AM
  • Hi Andreas,

    No, just a normal domain user will work. You will need to give the account access to SQL AS though for the cube build... I would test this on a test / staging system before production.

    Thanks

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com


    Friday, March 2, 2012 9:18 AM
    Moderator
  • Hello Andreas,

    I guess you are looking for this article

    Plan for administrative and service accounts (Project Server 2010

    http://technet.microsoft.com/en-us/library/cc197607.aspx


    Hrushikesh Deshpande – Senior EPM Infrastructure Consultant, www.DeltaBahn.com

    Friday, March 2, 2012 6:22 PM
    Moderator
  • Hi Hrushikesh,

    thanks for the link. I had a look at it. Unfortunately the page does not say anything about these two services. Or did I misunderstand something?

    Kind Regards,
    Andreas

    Friday, March 2, 2012 8:40 PM
  •  Hello Andreas,

    When we talk about service account for project, its actually for both the services. You should use same service account for queue and Eventing service.

    On SQL server this account should be DBO on all 4 project databases + content database on which PWA has been provisioned.

    In addition to that service account must be granted interactive logon permissions for the computer where the service is running


    Hrushikesh Deshpande – Senior EPM Infrastructure Consultant, www.DeltaBahn.com

    Friday, March 2, 2012 8:46 PM
    Moderator
  • Hi Hrushikesh,

    that's a good point. Thanks!

    I did some further investigations in my environment. I found two SQL databases for the project server (I did not provision a PWA site yet). The PWA_Content DB and a WSS_Contend DB for the Project Server web application. My domain account that runs the Project Sever application (the SharePoint AppPool Account) is DBO on these DBs.

    So from my understanding I would say that the best practice would be using this service account (in my case SVCSPAppPool) for the Project Server Events and Queue Service. This account does have logon as service permission to the server.

    Am I correct?

    Kind Regards,
    Andreas


    Friday, March 2, 2012 9:00 PM
  • Yes,

    What is the SQL server role this account has?


    Hrushikesh Deshpande – Senior EPM Infrastructure Consultant, www.DeltaBahn.com

    Friday, March 2, 2012 9:02 PM
    Moderator
  • Hi,

    the app pool account does only have the SQL Server role "public". Is this ok?

    Kind Regard,
    Andreas



    Friday, March 2, 2012 9:04 PM
  • I second Hrishi.

    You need to give DBadmin permission for this app pool account to that Content Dbs.

    At the same time, I would recommend to provide "security admin" and "db creator" permissions in SQL for this Project Service Account and app pool account. So that it will help you to create future PWA instances.


    Cheers. Happy troubleshooting !!! Sriram E - MSFT Enterprise Project Management

    Sunday, March 4, 2012 3:08 AM
    Moderator