Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3281
  • Last Modified:

SharePoint 2013 Health Analyzer: The server farm account should not be used for other services.

Hi!

I have a warning in the SharePoint 2013 Health Analyzer - apparenty the farm account is not supposed to be used With other services.

I have the farm account running the User Profile Syncronization Service (which I thought was the only way to make it work). Is there any way to fix this?

Title 
 The server farm account should not be used for other services.  

Severity 
 1 - Error  

Category 
 Security  

Explanation 
 
DOMAIN\svc_sp2013farm, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm.  The following services were found to use this account: User Profile Synchronization Service(Windows Service)

 

Remedy 
 
Browse to http://domain-sp1:2013/_admin/FarmCredentialManagement.aspx and change the account used for the services listed in the explanation. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142685".
 

Failing Servers 
  

Failing Services 
 
SPTimerService (SPTimerV4)
 

Rule Settings 
 View  

Open in new window

0
cegeland
Asked:
cegeland
  • 2
2 Solutions
 
Carlo-GiulianiCommented:
You are correct that you must use the farm account for the User Profile Sync Service....or at least you did for SharePoint 2010.  I'm not certain about 2013.  

In  SharePoint 2010 I simply disabled the Health Analyzer check for this.
0
 
Mohit NairSenior AssociateCommented:
As per the best practice you must not use farm account for other service. Generally farm account should be used while configuring user profile service application in order to crawl users from AD. Even if it is not changed there is no harm. You can ignore the health analyser event as the service will continue to work as expected.
0
 
cegelandAuthor Commented:
In order to run everything as per the recommended practice it would be Nice to be able to change the service account from the farm account to a dedicated account.

I've tried to do this through the Central Admin - Security - Configure Service Accounts. This results in being unable to start the User Profile Sync Service.

So is there a correct way to change the service account?
0
 
Mohit NairSenior AssociateCommented:
Give replicate directory changes permission in AD to that user account which you recently added and then try starting the service again.

For more information check this link
http://technet.microsoft.com/en-us/library/ff182925(v=office.15).aspx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now