SBS 2011 System user rights

Hi

New SBS2011 installed just under 1 month ago, migration from 2003 SBS.

I think I have screwed the rights on some of the system users (SPFARM, SPSEARCH, etc) when I tried to bring the users into the SBS console.  Not 100% but think I may have chosen to reset the rights rather than add new attributes.

Anyway, there are some strange network issues happening but my current issue is I cannot start services relying on SPFARM user due to "logon failure".

As it is about a month since they went in I am wondering if it is something to do with a password expiry and not letting me unlock because of complexity now required for this user.

I hope that makes sense.
LVL 1
George-Asked:
Who is Participating?
 
David AtkinTechnical DirectorCommented:
Hello,

The problem will probably be due to you adding the SPFARM account into the SBS Console as you suggested.

Have you tried to reset the password of the SharePoint Farm account and then re-entering it into the logon properties in the service?

Check the SharePoint Farm Account to make sure that it is a member of the following groups:

IID_IUSRS
Performance Log Users
Performance Monitor Users
WSS_ADMIN_WPG
WSS_RESTRICTED_WPG_V4
WSS_WPG

The SharePoint Search Service Account needs to be a member of the following groups:

WSS_WPG
0
 
Haresh NikumbhSr. Tech leadCommented:
i am not sure if this will work or not but just give one try..

Start Registry Editor (Regedit.exe).Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

Locate the ObjectName value in the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName

check if you those services having system account or user accounts..

if any one of service is created with user account then you need to change it back to system account

you can refer below link
http://support.microsoft.com/kb/259733
0
 
George-Author Commented:
Hi

These services do need the SPFARM user as it is set to that on another healthy server.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
George-Author Commented:
Can I just set the password to anything complex as long as I then match it in the service?
0
 
George-Author Commented:
I have started the services now by running

Repair-SPManagedAccountDeployment
 
from the sharepoint management shell.

as per:
http://blogs.technet.com/b/sbs/archive/2011/08/17/http-error-503-accessing-company-web-on-sbs-2011-standard.aspx

Thanks for your help all.
0
 
David AtkinTechnical DirectorCommented:
Thank's for letting us know
0
 
George-Author Commented:
My commands fixed it
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.