I've logged onto my SQLSharepoint machine using domain account sharepointAdmin (which I used to install SP2010). When I start Central Admin from the START program menu with the goal of launching the Farm Configuration Wizard, I immediately get a message:
SharePoint Health Analyzer has detected some critical issues that require your attention so I click "View These Issues" and get this explanation:
"Accounts used by application pools or service identities are in the local machine Administrators group"
Failing ServicesSPTimerService (SPTimerV4)
- I checked and indeed this SPTimerV4 was configured to run with my "Farm" account called sharepointFarm.
- sharepointFarm was a member of the Administrators group on the machine
- so I removed sharepointFarm from the Administrators group and rebooted the machine
- I went back into Central Admin from the Start Menu and I get the same exact complaints about SPTimerV4.
What is wrong here? Other places confirm SPTimerV4 should be run by the "Farm" account (in my case, sharepointFarm) but should this important account be a member of the local Admin group (Yes or No) and how does this bear on this error message from this "Health Analyzer"?
- Edited by John.J.Adams Tuesday, June 21, 2011 9:13 PM clarify
No, it shouldn't be a member of the local administrators group, but depending on what other services you're running with that account (e.g. Claims to Windows Token) it may have to be a member of the local admins group.
You can also just ignore the error.
Thanks for the reply but I don't understand your answer:
- (as I said in original question) I get this message when my domain\sharepointFarm account is a member of Local Administrators group
- I get this message when my domain\sharepointFarm account is NOT a member of Local Administrators group
- I don't understand what you mean by "claims to windows token"
- Here are the other Sharepoint 2010 services from Services.msc display (all prefixed by "Sharepoint 2010"):
- Administration (as Local System)
- Timer (as domainname\sharepointFarm)
- Tracing (as Local Service)
- User Code Host (as domainname\sharepointFarm (currently DISABLED))
- VSS Writer (as Local System (currently MANUAL and not started))
- Foundation Search V4 (as Local Service (currently DISABLED))
- Server Search 14 (as domainname\sharepointFarm)
I suppose ignoring the error can work because the Timer service is running in all cases but I'm wondering how to fix it so I do not get this message about "critical issues".
- Edited by John.J.Adams Wednesday, June 22, 2011 9:39 PM clarify
Thanks Wahid. Sorry I don't understand. I am asking how to configure my domain\sharepointFarm account so Timer service does not get this message. I took the account OUT of the Local Administrators group and I still get the same message.
I guess I have to know how / where to "re-run that specific health rule". Have no idea but I will look around some more.
What the error above means is some of the application pool are using SharePoint Farm Administrator Credentials. Can you check if any of your web application's app pools is using it, if yes then can you create a more generic account and then associate the app pool to the generic account.
Thanks, Mayur Joshi
I've tried doing this but I've encountered IIS 7.5 for the first time. Trying to "learn it" too fast, I found something saying:
- Click on the Web Site
- In Action panel under Edit Site, click Basic Settings…
I see no Action panel nor any Edit Site, etc.
I see a left pane listing application pools and sites but I am otherwise lost. Until I learn IIS 7.5, perhaps you would be willing to list a few key things to do with this new GUI of IIS 7.5 for this thread problem ?
On the other hand, your overall explanation above made some sense to me but examining the properties is a mystery with this new IIS. I am stuck for a while unless you can bootstrap me on this.
If you haven't given it enough time, you may have to re-run that specific health rule.
Wahid Saleemi Sr. Consultant, Avanade http://www.wahidsaleemi.com
Very strangely, tonight the problem "health" message disappeared. Therefore, your note about "giving it enough time" seemed to be very related to fixing this.
Someday, I hope to learn more about why "time" affects the health of Sharepoint....
At this point:
- sharepointFarm is NOT in the local admin group
- sharepointFarm is the identity for the Timer service of Sharepoint
- I am NOT getting the message when Central Admin starts ("clean bill of health")
Thanks very much.