[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1061
  • Last Modified:

Accounts used by application pools or service identities are in the local machine Administrators group.

I am using sharepoint foundations 2010, and I'm getting this error message:

"Accounts used by application pools or service identities are in the local machine Administrators group."

I changed the user acount from local to a domain account for sharepoint, but after reanalyzing, it's still coming up with that error message.

Any ideas?
0
afacts
Asked:
afacts
  • 11
  • 6
  • 2
  • +1
3 Solutions
 
jessc7Commented:
This means either a local or domain account is a member of the local server's Administrators group. That is different than the Domain Administrators group, in that the local Administrators group only affects that specific server. Either local accounts or domain accounts can be members of that group.

http://technet.microsoft.com/en-us/library/hh344224.aspx
0
 
afactsAuthor Commented:
I changed the account it used and it's still giving me that error, I guess I will wait until tomorrow to see what happens.
0
 
jessc7Commented:
The Health Analyzer rules run on scheduled timer jobs. Some of them are daily, weekly, etc.

Open the error, click Reanalyze Now, click Close, wait a few minutes, and then refresh the Health Analyzer page. See if it disappears.
2011-10-10-2013.png
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
afactsAuthor Commented:
after making those changes yesterday, when I came in today, everyone in the organization CAN'T log in to the intranet.  It prompts for a username and password, and when you enter that, it doesn't except it.  I tried to restore from the backup I made yesterday before I made the changes, but it doesn't see or recognize the backup.   What do I do now?  This is insane, why doesn't it see the backup?????
The default location is:  C:\sharepointbackups
0
 
afactsAuthor Commented:
I set back all the accounts with the local service, which was the default before I made the change.
I even restarted the server and restarted the services, and it's still not working.  
How do I get sharepoint to run it's internal job for using the new accounts, as I can't wait until tonight..
0
 
Justin SmithSr. System EngineerCommented:
This error is more of a notification that it is a "break".  As Jesse noted, it means one of your web app pool accounts is in the local admins group on your server.

So, are your sites loading right now?  What account is running each of your web application pools?  Is this the original account?  If not, how did you change it exactly?  
0
 
afactsAuthor Commented:
yes, the sites are working fine. How can I tell what account is running each web app pool?
I believe I set them back to the original accounts, yes, but I have been reiving this error since it's been installed like 3 months ago.
0
 
Justin SmithSr. System EngineerCommented:
Either look in IIS under Application Pools (right click on the app pool, Properties, then the Identity tab), or in Central Admin - Security - Service Accounts.
0
 
afactsAuthor Commented:
ok, here's what i found:
application pool (sharepoint central admin v4), uses domain\sharepoint account ( a local account I created on the sharepoint server)

application pool (sharepoint-80), uses Networkservice account

I think that's the problem, so instead of using networkservice, what should I be using?
0
 
Justin SmithSr. System EngineerCommented:
Best practice is to use Active Directory accounts for everything.  
0
 
afactsAuthor Commented:
sorry, domain\sharepoint is not a local account, it's a domain account.
So you're saying just change the other application pool to that as well?
0
 
afactsAuthor Commented:
actually, perhaps what it's saying is that the domain\sharepoint account was part of the local administrators group, and it didn't like that.  So I removed that user from the local administrators group and we'll see what happens.
0
 
Justin SmithSr. System EngineerCommented:
Best practice is to have seperate domains accounts for Farm, Web App, and Svc App.  You could at a min, have three domain accounts:  domain\spfarm, domain\spwebapp, domain\spsvcapp.  All web apps use the web app pool account, all service applications use the svc app account,
0
 
afactsAuthor Commented:
So if I create 3 different accounts, how do I know what access to give them, like domain administrator, domain user, etc....?

Also, how do I run the sharepoint health analyzer manually, as I believe it runs once at night, but I would like to run it again now.  I clicked on the "reanalyze now" button it's then says it's disabled, so that didnt' work.  Is there a service to restart or a manual command to run, as I just restarted the server, but that didnt' do anything.
0
 
afactsAuthor Commented:
Also, do you know if there's a way to schedule a complete farm backup?  I now do it manually every few days, but it would be nice to schedule it somehow?
0
 
Justin SmithSr. System EngineerCommented:
Research my friend ;)  Or have a SP professional do your deployment.

0
 
afactsAuthor Commented:
By removing the domain\sharepoint account from the local administrators account on the server where sharepoint is installed, that cleared the error message.

So is there a way to schedule a complete farm backup of sharepoint automatically?
0
 
afactsAuthor Commented:
0
 
Justin SmithSr. System EngineerCommented:
Backups must be scripted if you want to automate.  But you would need to start another question on that.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 11
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now