none
What "Configure service accounts" accounts should I register, when it comes to Project Server 2010 RRS feed

  • Question

  • I know many have probably seen the following error, on their Central Administration Health Analyzer in SharePoint 2010, at one time or another:

    Title

    The server farm account should not be used for other services.

    Severity

    1 - Error

    Category

    Security

    Explanation

    DOMAIN\Account, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm.  The following services were found to use this account: Microsoft Project Server Events Service executes events triggered by changes to entities on the ProjectServer.(Windows Service)
    User Profile Synchronization Service(Windows Service)
    Microsoft Project Server Queuing Service executes project related jobs asynchronously. Example queue jobs: Save project, publish project, submit timesheet.(Windows Service) 

    Okay--so in services under the SharePoint Server housing the Project Server 2010 install, i've changed the service under the Windows .msc applet. Now, accoring to this link (http://technet.microsoft.com/en-us/library/ff805056.aspx), I need to go in and "register" the account  i'm changing to under Central Administration-->Security-->General Security-->Configure service accounts,in the Credential Management drop down menu of services at the top as well as the drop-down menu of account at the bottom... pretty straight forward so far.
    My question comes with the services listed under the top drop-down: which one of the (i'm assuming) app pools manages these two aforementioned Project Server services? When reading what they affect, the most pertinent app pool seems to be "SharedServices_V14," since it has repurcussons on the following:
    Search Administration Web Service for SharedServices1 - Search Service (Search Administration Web Service Application) 
    SharedServices1 - Search Service (Search Service Application) 
    SharedServices1_BusinessDataConnectivity (Business Data Connectivity Service Application) 
    SharedServices1_ExcelCalculationServices (Excel Services Application Web Service Application) 
    SharedServices1_PsiServiceApplication (Project Server PSI Service Application) 
    SharedServices1_Taxonomy (Managed Metadata Service) 
    SharedServices1_UserProfile (User Profile Service Application) 

    Note the "PsiServiceApplication (Project Server PSI Service Application)" component. If I am correct in my assumption, wouldn't I have to changes all the other above pasted-components' accounts as well, to whatever Project Server is using? I can't pick just one SharedService in this regard--my decision would have repurcussions on the other ones as well. Somebody please tell me if I am in error, or making this harder than need be...
    Thanks in advance for any replies!

     


    Thursday, September 1, 2011 6:56 PM

Answers

All replies

  • I'd have done this the other way around if that makes sense.  You could have added a new managed account, then assigned that account in place of the farm admin for the Queue and Event service - which would show in the top drop down of the service accounts management page.  Also I assume from the naming that this was an upgraded 2007 system?  I'm not sure I'm seeing exactly the same as you are.

    Best regards,

    Brian.


    Blog | Facebook | Twitter | Posting is provided "AS IS" with no warranties, and confers no rights.
    Project Server TechCenter | Project Developer Center | Project Server Help | Project Product Page
    • Marked as answer by R. Callahan Thursday, December 1, 2011 7:55 PM
    Tuesday, September 6, 2011 10:57 PM
    Owner
  • Yes, I am told that this was an upgrade from 2007. I have just "inherited" this deployment, with being just hired on as the server admin over the SharePoint environment. Thus, I'm trying to clean and tune up the various little "messes" that are remnant on the server...

    I guess since I wasn't the one who originally configured this (they have since left the company, before my start), I was trying to make sure that the SharedServices_V14 app pool was the corresponding pool to the services mentioned in the error explanation, if I'm making sense?? That way, I could correspond both the "service accounts managment page" account, and the "Windows Services" account, to be the same and hopefuly clear the error, once and for all.

    Any additional thoughts, one and all, are welcome. Thank you, Brian!

    Wednesday, September 7, 2011 2:36 PM