Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-23320

Allow Couchbase Service run on Windows Server as Service without using Local System account

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • feature-backlog
    • 4.5.1, 4.6.0
    • ns_server
    • Couchbase Server Enterprise 4.5.1
      Couchbase Server Enterprise 4.6

    Description

      On Windows 2008 (r2) / 2012 (r2), Couchbase Service start up using Local System account otherwise it will result error.

      What have done

      • tested with build in virtual account, network service account, and local service account.
      • * All return error and no log in Couchbase logs

      See Windows Event logs

      Windows_Couchbase_Crash_Events.evtx


      Different Windows Account Type

      Virtual accounts - Started in Windows Server 2008 R2 and Windows 7 are "managed local accounts" that provide the following features to simplify service administration:

      No password management is required.

      The ability to access the network with a computer identity in a domain environment.

      Network Service – The NetworkService account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem. It has minimum privileges on the local computer and acts as the computer on the network. The NetworkService account has the following privileges:
      • SE_CHANGE_NOTIFY_NAME
      • SE_CREATE_GLOBAL_NAME
      • SE_IMPERSONATE_NAME
      • Any privileges assigned to users and authenticated users

      Local Service – The LocalService account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem. It has minimum privileges on the local computer and presents anonymous credentials on the network. The LocalService account has the following privileges:
      • SE_CHANGE_NOTIFY_NAME
      • SE_CREATE_GLOBAL_NAME
      • SE_IMPERSONATE_NAME
      • Any privileges assigned to users and authenticated users

      Local System – The LocalSystem account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem. It has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .\LocalSystem. The name, LocalSystem or ComputerName\LocalSystem can also be used. The LocalSystem account has the following privileges:
      • SE_AUDIT_NAME
      • SE_CHANGE_NOTIFY_NAME
      • SE_CREATE_GLOBAL_NAME
      • SE_CREATE_PAGEFILE_NAME
      • SE_CREATE_PERMANENT_NAME
      • SE_DEBUG_NAME
      • SE_IMPERSONATE_NAME
      • SE_INC_BASE_PRIORITY_NAME
      • SE_LOCK_MEMORY_NAME
      • SE_PROF_SINGLE_PROCESS_NAME
      • SE_TCB_NAME

      Reference:

      Attachments

        Issue Links

          is triggering

          Bug - A problem which impairs or prevents the functions of the product. DOC-2183 [Documentation] Run Couchbase on Windows Server as Service using Windows Service Account or Virtual Account

          • Major - Major loss of function.
          • Resolved
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              krishna.doddi Krishna Doddi
              gary.wong Gary Wong (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty