Re: starting the database server

From: "Nefnifi, Kasem" <Kasem(dot)Nefnifi(at)atosorigin(dot)com>
To: "Richard Huxton" <dev(at)archonet(dot)com>
Cc: <pgsql-general(at)postgresql(dot)org>
Subject: Re: starting the database server
Date: 2004-11-30 15:55:24
Message-ID: 25D4919915CCF742A88EE3366D6D913D07E6701A@mailserver1
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi Richard,
bellow the text from the log file:

---------- start log file ----------

30/11/2004 16:45:08 PostgreSQL Error None 0 N/A BAAN-AT-HOME execution of PostgreSQL by a user with administrative permissions is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise. See the documentation for
more information on how to properly start the server.

30/11/2004 16:42:52 SceCli Warning None 1202 N/A BAAN-AT-HOME "Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for ""troubleshooting 1202 events"".
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:

1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I ""Cannot find"" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following ""Cannot find"" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username ""JohnDough"" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. ""JohnDoe"").

2.Identify the GPOs that contain the unresolvable account name:
>From the command prompt type FIND /I ""JohnDough"" %SYSTEMROOT%\Security\templates\policies\gpt*.*
The output of the FIND command will resemble the following:
---------- GPT00000.DOM
---------- GPT00001.DOM
SeRemoteShutdownPrivilege=JohnDough
This indicates that of all the GPO's being applied to this machine, the unresolvable account exists only in one GPO. Specifically, the cached GPO named GPT00001.DOM.
Now we need to determine the friendly name of this GPO in the next step.

3. Locate the friendly names of each of the GPOs that contain an unresolvable account name. These GPOs were identified in the previous step.
>From the command prompt, type: FIND /I ""[Mapping]"" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following ""[Mapping] gpt0000?.dom ="" in the FIND output identifies the friendly names for all GPO's being applied to this machine.
Example: [Mapping] gpt00001.dom = User Rights Policy
In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of ""User Rights Policy"".

4. Remove unresolved accounts from each GPO that contains an unresolvable account.
a. Start -> Run -> MMC.EXE
b. From the File menu select ""Add/Remove Snap-in...""
c. From the ""Add/Remove Snap-in"" dialog box select ""Add...""
d. In the ""Add Standalone Snap-in"" dialog box select ""Group Policy"" and click ""Add""
e. In the ""Select Group Policy Object"" dialog box click the ""Browse"" button.
f. On the ""Browse for a Group Policy Object"" dialog box choose the ""All"" tab
g. Right click on the first policy identified in step 3 and choose edit
h. Review each setting under Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ User Rights
Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/ Restricted Groups for accounts identified in step 1.
i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3. "

---------- end log file ----------

Best Regards / Vriendelijke Groeten / Salutations Distinguées / Freundliche Grüße !!!
Kasem NEFNIFI
AtosOrigin Belgium N.V.
Minervastraat 7
1930 Zaventem (Belgium)
Tel : +32(0)2 712 28 30
Fax : +32(0)2 712 28 63
GSM : +32 495 25 12 33
Email : kasem(dot)nefnifi(at)atosorigin(dot)com <mailto:kasem(dot)nefnifi(at)atosorigin(dot)com>
www.atosorigin.com <http://www.atosorigin.com>

-----Original Message-----
From: Richard Huxton [mailto:dev(at)archonet(dot)com]
Sent: Tuesday, November 30, 2004 2:17 PM
To: Nefnifi, Kasem
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] starting the database server

Nefnifi, Kasem wrote:
> thanks Richard for the reaction,
> bellow a print screen of the error that I get when I try to start the
> service from windows services control panel:
> ole0.bmp

Try and stick to cutting and pasting text rather than embedding images -
lots of people on the lists will be reading/posting in plain text rather
than HTML. Also images use a lot more bandwidth than text.

Anyway - "The service did not return an error". Seems unlikely that you
wouldn't get some sort of error. Make sure your logging is turned on in
postgresql.conf and then check your system logs for an error message -
there should be something unless PG is failing *very* early in the startup.

If we still can't generate an error message, it might be worth trying to
start the backend from the command-line.

The second error message you sent "Connection refused" just means the
application couldn't contact the PG backend. We know it can't since the
service isn't starting.

--
Richard Huxton
Archonet Ltd
****************************************************************************
Disclaimer:
This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee. If you are not
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this
transmission in error, please notify the sender by return and delete
the transmission. Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted.
Thank You.
****************************************************************************

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Pierre-Frédéric Caillaud 2004-11-30 16:02:19 Re: VACUUM and ANALYZE Follow-Up
Previous Message Marc 2004-11-30 15:52:35 Re: [ANNOUNCE] USENET vs Mailing Lists Poll ...