Solved

Service accounts suddenly stopped working.   Only work when you add DomainAdmin privileges....

Posted on 2008-09-29
4
273 Views
Last Modified: 2012-05-05
Last week I was called in to client with SBS2003 server.  Quickbooks, SQLserver, BackupExec (which uses SQL server) services had all stopped and would not restart.  I reset the passwords for each system account.  No luck.  They appeared to not have adequate permission >> I tried to do a Runas for each account to start a CMD shell and it failed.  So I added DomainAdmin to each account and it works fine now.  

Today, I was called and Outlook Web Access was not working.  Error, Login timeout 440.  Again, I added DomainAdmin privileges to IUSR_STS1 and OWA started working again.

Any clues?  
0
Comment
Question by:ButlerTechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Paka
ID: 22598328
Did you check to see if the accounts had expired or were locked out?  Are these service accounts members of the local admins?  Adding IUSR_ to domain admins is not a good idea!
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 22598800
-none of the accounts were locked out or expired.
-none of the accounts were member of local admin
-domainadmin is a temp workaround to get them working while I find a solution

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 22599167
Follow the steps outlined here and your problem should be resloved:
http://msmvps.com/blogs/cgross/archive/2004/08/08/11472.aspx

Jeff
TechSoEasy
0
 
LVL 6

Accepted Solution

by:
ButlerTechnology earned 0 total points
ID: 22620393
Thanks TechSoEasy...but it turns out the problem was one of permissions.

Someone (the onsite admin?) had removed the users from the Users group.   This had a pernicious effect on all but the domain admin accounts.  
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question