Solved

SharePoint 2013 Health Analyzer: The server farm account should not be used for other services.

Posted on 2014-04-14
4
2,769 Views
Last Modified: 2014-04-28
Hi!

I have a warning in the SharePoint 2013 Health Analyzer - apparenty the farm account is not supposed to be used With other services.

I have the farm account running the User Profile Syncronization Service (which I thought was the only way to make it work). Is there any way to fix this?

Title 
 The server farm account should not be used for other services.  

Severity 
 1 - Error  

Category 
 Security  

Explanation 
 
DOMAIN\svc_sp2013farm, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm.  The following services were found to use this account: User Profile Synchronization Service(Windows Service)

 

Remedy 
 
Browse to http://domain-sp1:2013/_admin/FarmCredentialManagement.aspx and change the account used for the services listed in the explanation. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142685".
 

Failing Servers 
  

Failing Services 
 
SPTimerService (SPTimerV4)
 

Rule Settings 
 View  

Open in new window

0
Comment
Question by:cegeland
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Carlo-Giuliani earned 250 total points
ID: 40000810
You are correct that you must use the farm account for the User Profile Sync Service....or at least you did for SharePoint 2010.  I'm not certain about 2013.  

In  SharePoint 2010 I simply disabled the Health Analyzer check for this.
0
 
LVL 9

Expert Comment

by:Mohit Nair
ID: 40000869
As per the best practice you must not use farm account for other service. Generally farm account should be used while configuring user profile service application in order to crawl users from AD. Even if it is not changed there is no harm. You can ignore the health analyser event as the service will continue to work as expected.
0
 

Author Comment

by:cegeland
ID: 40002370
In order to run everything as per the recommended practice it would be Nice to be able to change the service account from the farm account to a dedicated account.

I've tried to do this through the Central Admin - Security - Configure Service Accounts. This results in being unable to start the User Profile Sync Service.

So is there a correct way to change the service account?
0
 
LVL 9

Assisted Solution

by:Mohit Nair
Mohit Nair earned 250 total points
ID: 40003283
Give replicate directory changes permission in AD to that user account which you recently added and then try starting the service again.

For more information check this link
http://technet.microsoft.com/en-us/library/ff182925(v=office.15).aspx
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Summary In SharePoint 2010 it is easy to create custom color themes to jazz up a site. Theme colors can also be created in PowerPoint 2010 with a few clicks. But how do the chosen colors actually look in the SharePoint site? The attached PowerPoint…
Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now