Skip site navigation (1) Skip section navigation (2)

Re: starting the database server

From: "Nefnifi, Kasem" <Kasem(dot)Nefnifi(at)atosorigin(dot)com>
To: "Richard Huxton" <dev(at)archonet(dot)com>
Cc: <pgsql-general(at)postgresql(dot)org>
Subject: Re: starting the database server
Date: 2004-11-30 15:55:24
Message-ID: 25D4919915CCF742A88EE3366D6D913D07E6701A@mailserver1 (view raw or flat)
Thread:
Lists: pgsql-general
Hi Richard,
bellow the text from the log file:

---------- start log file ----------

30/11/2004	16:45:08	PostgreSQL	Error	None	0	N/A	BAAN-AT-HOME	execution of PostgreSQL by a user with administrative permissions is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.
 
30/11/2004	16:42:52	SceCli	Warning	None	1202	N/A	BAAN-AT-HOME	"Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for ""troubleshooting 1202 events"".
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I ""Cannot find"" %SYSTEMROOT%\Security\Logs\winlogon.log 
The string following ""Cannot find"" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username ""JohnDough"" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. ""JohnDoe"").

2.Identify the GPOs that contain the unresolvable account name:
>From the command prompt type FIND /I ""JohnDough"" %SYSTEMROOT%\Security\templates\policies\gpt*.*
	The output of the FIND command will resemble the following:
	---------- GPT00000.DOM
	---------- GPT00001.DOM
	SeRemoteShutdownPrivilege=JohnDough
	This indicates that of all the GPO's being applied to this machine,  the unresolvable account exists only in one GPO.  Specifically, the cached GPO named GPT00001.DOM.
	Now we need to determine the friendly name of this GPO in the next step.

3. Locate the friendly names of each of the GPOs that contain an unresolvable account name.  These GPOs were identified in the previous step.
>From the command prompt, type: FIND /I ""[Mapping]"" %SYSTEMROOT%\Security\Logs\winlogon.log
	The string following ""[Mapping] gpt0000?.dom ="" in the FIND output identifies the friendly names for all GPO's being applied to this machine.
	Example: [Mapping] gpt00001.dom = User Rights Policy
	In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of ""User Rights Policy"".

4. Remove unresolved accounts from each GPO that contains an unresolvable account.
	a. Start -> Run -> MMC.EXE
	b. From the File menu select ""Add/Remove Snap-in...""
	c. From the ""Add/Remove Snap-in"" dialog box select ""Add...""
	d. In the ""Add Standalone Snap-in"" dialog box select ""Group Policy"" and click ""Add""
	e. In the ""Select Group Policy Object"" dialog box click the ""Browse"" button.
	f. On the ""Browse for a Group Policy Object"" dialog box choose the ""All"" tab
	g. Right click on the first policy identified in step 3 and choose edit
	h.	Review each setting under Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ User Rights
	 Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/ Restricted Groups for accounts identified in step 1.
	i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3. "

---------- end log file ----------

Best Regards / Vriendelijke Groeten / Salutations Distinguées / Freundliche Grüße !!! 
Kasem NEFNIFI 
AtosOrigin Belgium N.V. 
Minervastraat  7 
1930 Zaventem (Belgium) 
Tel      : +32(0)2 712 28 30 
Fax     : +32(0)2 712 28 63 
GSM   : +32 495 25 12 33 
Email : kasem(dot)nefnifi(at)atosorigin(dot)com <mailto:kasem(dot)nefnifi(at)atosorigin(dot)com>  
www.atosorigin.com <http://www.atosorigin.com>  



-----Original Message-----
From: Richard Huxton [mailto:dev(at)archonet(dot)com]
Sent: Tuesday, November 30, 2004 2:17 PM
To: Nefnifi, Kasem
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] starting the database server


Nefnifi, Kasem wrote:
> thanks Richard for the reaction,
> bellow a print screen of the error that I get when I try to start the 
> service from windows services control panel:
> ole0.bmp

Try and stick to cutting and pasting text rather than embedding images - 
lots of people on the lists will be reading/posting in plain text rather 
than HTML. Also images use a lot more bandwidth than text.

Anyway - "The service did not return an error". Seems unlikely that you 
wouldn't get some sort of error. Make sure your logging is turned on in 
postgresql.conf and then check your system logs for an error message - 
there should be something unless PG is failing *very* early in the startup.

If we still can't generate an error message, it might be worth trying to 
start the backend from the command-line.

The second error message you sent "Connection refused" just means the 
application couldn't contact the PG backend. We know it can't since the 
service isn't starting.

--
   Richard Huxton
   Archonet Ltd
****************************************************************************
Disclaimer: 
This electronic transmission and any files attached to it are strictly 
confidential and intended solely for the addressee. If you are not 
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this 
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages 
resulting from any virus transmitted. 
Thank You.
****************************************************************************

Responses

pgsql-general by date

Next:From: Pierre-Frédéric CaillaudDate: 2004-11-30 16:02:19
Subject: Re: VACUUM and ANALYZE Follow-Up
Previous:From: MarcDate: 2004-11-30 15:52:35
Subject: Re: [ANNOUNCE] USENET vs Mailing Lists Poll ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group