Announcement

Collapse
No announcement yet.

Exchange services fail to start via dedicated Exch. Account

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange services fail to start via dedicated Exch. Account

    HI All!

    I've been trying to creat a dedicated user for exchange services to
    run (log on) with.
    As recomended in the "Implementing & Managing MS. Exchange 2003
    book by MS. Press.
    according to this recommendation I made this account a member of the
    Domain Admins, Schema Admins and Enterprize Admins groups.

    Dedicating such user for exchange should help monitoring security events of exchange.

    Unfortunately all exchange services but Microsoft Exchange Management
    fail to strat using the exchange account.
    The services start succesfully only with the system account.

    some of the services log in the event log:
    "The account specified for this service is different from the account specified for other services running in the same process. "

    The "Microsoft Exchange System Attendant" fail to start without logging an event.

    Note that i'm trying to start ALL of the Exchange services with the same dedicated account.
    I also gave that account the "Logon as service" and "Act as a part of the operationg system" user rights.

    System Details:
    Exchange server 2003 SP1
    Windows 2k server SP4
    Domain Controller Forest.
    (Global catalog, all operations master)


    Thanks, Amit.

  • #2
    try this...

    Exchange installation creates a few groups that are used for system purposes. try to make that user a memeber of these groups.
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert
    MCSA, MCSE, MCT

    Comment


    • #3
      Allready tried...

      Didn't work.

      It seems that that in order to change the account that Exchange services log on with you need to change other services log on account as well.
      when I configured the IIS services to log on with the same account as the exchange service account, some exchange services did start. (all but the Information store).

      But this is not mentiond in that book above. doing such a thing would miss it's purpose: dedicating a certain dedicated account ONLY to exchange services.

      Comment


      • #4
        Re-Install

        Hi mate,

        i did some reserach about your problem, and it seems that unless you are willing to do some (very) heavy registry digging, the only way to change the services account properly is to re-install.
        Yaniv Feldman
        Microsoft Security Regional Director
        Microsoft Management Expert
        MCSA, MCSE, MCT

        Comment


        • #5
          Apperantly It Cannot and should not be done!

          It's a (big) mistake the book.

          http://www.microsoft.com/exchange/co...amp;sloc=en-us

          Comment


          • #6
            Re: Apperantly It Cannot and should not be done!

            Originally posted by Amitw


            Hello, after an hour or two of searching (along side another hour or experimenting), I've come to my own conclusion that this can not be done. This is the only newsgroup that actually talks about this problem. I too have the MCSE exchange training book that advises to run the exchange services under a different service account (yourDomain/svc_xch).

            The link above no longer works. I am curious as to any improvements on this? I guess it doesn't matter (I can run the exchange services under the local account as usual), but I'd like to have a full understanding or an updated answer, if possible.

            (btw, this website is the best!)
            Last edited by Carbon_Filter; 27th September 2006, 04:04.
            Andre
            New York City

            Comment


            • #7
              Re: Exchange services fail to start via dedicated Exch. Account

              Check out this thread... same issue
              http://forums.petri.com/showthread.php?t=8402&goto=#9
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: Exchange services fail to start via dedicated Exch. Account

                Hi Amitw,

                I just happen to be reading this book, need to recertify and found the response to this dedicated account for exchange services, I also couldnt get it to work and below is the link and correction as per mspress. Hope this helps save hours for some other poor soul trying to make it work.

                Regards,

                Chetan.

                Link: http://support.microsoft.com/kb/837527/en-us

                Page 2-6: Correction To Creating A Service Account
                On page 2-6, under "Creating a Service Account", add the following note:

                "Note: It is not necessary to manually create a dedicated service account. A new Global group has been created called "Exchange Domain Servers." Exchange Server Setup adds its machine account to this group when you install the server and removes it when you uninstall the server. The "Exchange Domain Servers" group is added as a member to all necessary groups and Access Control Lists to allow Exchange services to read from and write all necessary information to Active Directory. You should not create a service account for Exchange 2003. All Exchange 2003 services run under the Local System account. Using any other account to start and run Exchange 2003 services can create problems that will not be supported by Microsoft."

                Comment

                Working...
                X