Link to home
Create AccountLog in
Avatar of denbosse
denbosseFlag for Ireland

asked on

SP 2010 Foundation - password generation timer job fails for Farm Account

I have a SharePoint 2010 Foundation Server running on Windows Server 2008 R2.
It's a setup on a single server in a workgroup. (no domain)
The Farm Account is not part of the Local Administrators group on the system.

I've set up the Farm Account as a Managed Account in SharePoint and I've set up automatic password change on the Managed account.


However when the "Password Generation" timer job runs, it fails. The error message is:

Access denied. Only machine administrators are allowed to create administration service job definitions of type: Microsoft.SharePoint.Administration.SPAdminAppPoolCredentialDeploymentJobDefinition, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c.

This in turn will prevent the Central Administration web application from coming up after for example a reboot. It complains about a password problem.


I've researched a bit and have disabled UAC by dragging the slider in Windows 2008 R2 all the way to the bottom. But this has not made a difference.

The "Password Generation" timer job works fine when adding the Farm Account to the local administrators group, but that's not really a solution.

Does anyone have any advice as to how to get this working?
Avatar of Justin Smith
Justin Smith
Flag of United States of America image

THe Farm Account is the service account that runs the timer job to reset passwords.  Since you are using local accounts, this account would need to be a local admin to change the passwords for other local accounts.
Avatar of denbosse

ASKER

Thanks ACH1LLES.
You say "this account would need to be a local admin to change the passwords for other local accounts". The thing is, the timer jobs to change the 2 other (local) managed service accounts I use are working fine. It's just the timer job to change the farm account that fails.
ASKER CERTIFIED SOLUTION
Avatar of Justin Smith
Justin Smith
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
ACH1LLES,

That seems to have done the trick. kb2405789 seems to have included a fix. So I applied the March 7, 2012 CU and now the "password generation" timer job is no longer failing for the farm account.
I do get an error event ID 5767 when the password update takes place, but it does not seem to have an adverse effect.