Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SharePoint 2013 Health Analyzer: The server farm account should not be used for other services.

Posted on 2014-04-14
4
Medium Priority
?
3,083 Views
Last Modified: 2014-04-28
Hi!

I have a warning in the SharePoint 2013 Health Analyzer - apparenty the farm account is not supposed to be used With other services.

I have the farm account running the User Profile Syncronization Service (which I thought was the only way to make it work). Is there any way to fix this?

Title 
 The server farm account should not be used for other services.  

Severity 
 1 - Error  

Category 
 Security  

Explanation 
 
DOMAIN\svc_sp2013farm, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm.  The following services were found to use this account: User Profile Synchronization Service(Windows Service)

 

Remedy 
 
Browse to http://domain-sp1:2013/_admin/FarmCredentialManagement.aspx and change the account used for the services listed in the explanation. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142685".
 

Failing Servers 
  

Failing Services 
 
SPTimerService (SPTimerV4)
 

Rule Settings 
 View  

Open in new window

0
Comment
Question by:cegeland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Carlo-Giuliani earned 1000 total points
ID: 40000810
You are correct that you must use the farm account for the User Profile Sync Service....or at least you did for SharePoint 2010.  I'm not certain about 2013.  

In  SharePoint 2010 I simply disabled the Health Analyzer check for this.
0
 
LVL 10

Expert Comment

by:Mohit Nair
ID: 40000869
As per the best practice you must not use farm account for other service. Generally farm account should be used while configuring user profile service application in order to crawl users from AD. Even if it is not changed there is no harm. You can ignore the health analyser event as the service will continue to work as expected.
0
 

Author Comment

by:cegeland
ID: 40002370
In order to run everything as per the recommended practice it would be Nice to be able to change the service account from the farm account to a dedicated account.

I've tried to do this through the Central Admin - Security - Configure Service Accounts. This results in being unable to start the User Profile Sync Service.

So is there a correct way to change the service account?
0
 
LVL 10

Assisted Solution

by:Mohit Nair
Mohit Nair earned 1000 total points
ID: 40003283
Give replicate directory changes permission in AD to that user account which you recently added and then try starting the service again.

For more information check this link
http://technet.microsoft.com/en-us/library/ff182925(v=office.15).aspx
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question