The TRITON Settings Database Service, service runs using a local postgres_eip user, which is created during installation. This user account must have the "Log on as a service" right within the Windows Local Security Policy in order for the service to start.
The "Log on as a service" right is automatically granted to the postgres_eip user during installation. However, if this right is overwritten by local or group policy, it will be stripped when the policy is applied (typically at login or reboot.)
If the TRITON Settings Database service is stopped after the right to log on as a service has been stripped, it will then fail to re-start with a "logon failure" error.
Temporary Workaround:
As a temporary workaround, you can manually enter the postgres_eip credentials into the service properties Log On tab within Windows Services Manager:
The "Log on as a service" right is automatically granted to the postgres_eip user during installation. However, if this right is overwritten by local or group policy, it will be stripped when the policy is applied (typically at login or reboot.)
If the TRITON Settings Database service is stopped after the right to log on as a service has been stripped, it will then fail to re-start with a "logon failure" error.
Temporary Workaround:
As a temporary workaround, you can manually enter the postgres_eip credentials into the service properties Log On tab within Windows Services Manager:
- If you know the postgres_eip password, go to step 2. If you do not know the password for the postgres_eip account, you will first need to reset it. Go to Start > Run > and type lusrmgr.msc to launch the Local Users and Groups console. Right click on the postgres_eip user and use the Set Password option to reset the password.
- Add the password into Windows Services Manager. Go to Start > Run > and type Services.msc. Right click on the Websense TRITON Settings Database service and select Properties. In the Log On tab, ensure the service is configured to run using the local postgres_eip user and enter the credentials.
- The service should now start.
When the password is manually entered back into the service properties, the postgres_eip user account is automatically granted the right to log on as a service. This will allow the service to start and run until the "Log on as a service" right is again stripped by local or group Policy.
Permanent Solution:
By default, Windows 2008 R2 does not allow local accounts to have "Log on as a service" or "Log on locally" rights. On other platforms, this right may be restricted by the Local Security Policy or Group Policy.
To assign this right within the Local Security Policy:
Permanent Solution:
By default, Windows 2008 R2 does not allow local accounts to have "Log on as a service" or "Log on locally" rights. On other platforms, this right may be restricted by the Local Security Policy or Group Policy.
To assign this right within the Local Security Policy:
- Select Start > Run > secpol.msc.
- Expand Local Policies > User rights assignment.
- In the right pane, right click on "Log on as service", select Properties, and ensure the postgres_eip user is listed in the Local Security Settings tab.
- Return to Local Policies > User rights assignment. Right click on "Allow log on locally" and ensure the postgres_eip user is listed in the Local Security Settings tab.
