Solved

SharePoint 2013 Health Analyzer: The server farm account should not be used for other services.

Posted on 2014-04-14
4
2,826 Views
Last Modified: 2014-04-28
Hi!

I have a warning in the SharePoint 2013 Health Analyzer - apparenty the farm account is not supposed to be used With other services.

I have the farm account running the User Profile Syncronization Service (which I thought was the only way to make it work). Is there any way to fix this?

Title 
 The server farm account should not be used for other services.  

Severity 
 1 - Error  

Category 
 Security  

Explanation 
 
DOMAIN\svc_sp2013farm, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm.  The following services were found to use this account: User Profile Synchronization Service(Windows Service)

 

Remedy 
 
Browse to http://domain-sp1:2013/_admin/FarmCredentialManagement.aspx and change the account used for the services listed in the explanation. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142685".
 

Failing Servers 
  

Failing Services 
 
SPTimerService (SPTimerV4)
 

Rule Settings 
 View  

Open in new window

0
Comment
Question by:cegeland
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Carlo-Giuliani earned 250 total points
ID: 40000810
You are correct that you must use the farm account for the User Profile Sync Service....or at least you did for SharePoint 2010.  I'm not certain about 2013.  

In  SharePoint 2010 I simply disabled the Health Analyzer check for this.
0
 
LVL 9

Expert Comment

by:Mohit Nair
ID: 40000869
As per the best practice you must not use farm account for other service. Generally farm account should be used while configuring user profile service application in order to crawl users from AD. Even if it is not changed there is no harm. You can ignore the health analyser event as the service will continue to work as expected.
0
 

Author Comment

by:cegeland
ID: 40002370
In order to run everything as per the recommended practice it would be Nice to be able to change the service account from the farm account to a dedicated account.

I've tried to do this through the Central Admin - Security - Configure Service Accounts. This results in being unable to start the User Profile Sync Service.

So is there a correct way to change the service account?
0
 
LVL 9

Assisted Solution

by:Mohit Nair
Mohit Nair earned 250 total points
ID: 40003283
Give replicate directory changes permission in AD to that user account which you recently added and then try starting the service again.

For more information check this link
http://technet.microsoft.com/en-us/library/ff182925(v=office.15).aspx
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is one common problem that all we SharePoint developers share: custom solution deployment. This topic can't be covered fully in this short article, so all I want to do in this one is to review it from a development-to-operations perspectiv…
SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question