Using a domain account for SPTraceV4 service

Do you recognize this? When starting Central Administration the Health Analyzer detected some issues, especially this one:

BuiltInAccountsUsedAsApplicationPoolOrServiceIdentity_1

SharePoint 2010 tells you to use a domain account for its services and application pools. Do not use Local System or Local Service. Now most of the mentioned services can be changed by going to Security, Configure Service Accounts.

BuiltInAccountsUsedAsApplicationPoolOrServiceIdentity_2

Now, what about the Windows Services like SPTraceV4? There are two ways to do this:

  • Administration Tools, Services on every SharePoint server
  • PowerShell script

Make an educated guess what I prefer… Glimlach

Here’s the PowerShell script I used:

# Get the tracing service.
$farm = Get-SPFarm
$tracingService = $farm.Services | where {$_.Name -eq "SPTraceV4"}
# Get the "svc_sp_services" managed account.
$managedAccount = Get-SPManagedAccount "Domainaccount"
# Set the tracing service to run under the managed account.
$tracingService.ProcessIdentity.CurrentIdentityType = "SpecificUser"
$tracingService.ProcessIdentity.ManagedAccount = $managedAccount
$tracingService.ProcessIdentity.Update()
# This actually changes the "Run As" account of the Windows service.
$tracingService.ProcessIdentity.Deploy()

 

The cool thing is that every SharePoint server is now updated!

At this moment when you Reanalyze the issue in the Health Analyzer the issue will disappear. Great!

The next day

I thought I was done. Apparently not. SharePoint does not tell you when changing the built-in account to a domain account, that you also need to do some additional settings for that account. What did I notice? All my log files were 0 bytes! Oops…

Do I need to set SharePoint Trace service back to Local Service or do I need to change the NTFS permissions to that folder? Well… the latter one comes close. After some Bing moments I found the answer. The domain account needs to be a member of the group Performance Log Users on all SharePoint servers. So I did. W00t!

BuiltInAccountsUsedAsApplicationPoolOrServiceIdentity_3

Another lesson learned… Have a nice day!

Share