Re: starting the database server - Mailing list pgsql-general

Hi Richard,
bellow the text from the log file:

---------- start log file ----------

30/11/2004    16:45:08    PostgreSQL    Error    None    0    N/A    BAAN-AT-HOME    execution of PostgreSQL by a user
withadministrative permissions is not permitted. 
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.

30/11/2004    16:42:52    SceCli    Warning    None    1202    N/A    BAAN-AT-HOME    "Security policies are propagated
withwarning. 0x534 : No mapping between account names and security IDs was done. 

For best results in resolving this event, log on with a non-administrative account and search
http://support.microsoft.comfor ""troubleshooting 1202 events"". 
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused
bya mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To
resolvethis event, contact an administrator in the domain to perform the following actions: 

1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I ""Cannot find""
%SYSTEMROOT%\Security\Logs\winlogon.log 
The string following ""Cannot find"" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username ""JohnDough"" could not be determined. This most likely occurs because the account
wasdeleted, renamed, or is spelled differently (e.g. ""JohnDoe""). 

2.Identify the GPOs that contain the unresolvable account name:
From the command prompt type FIND /I ""JohnDough"" %SYSTEMROOT%\Security\templates\policies\gpt*.*
    The output of the FIND command will resemble the following:
    ---------- GPT00000.DOM
    ---------- GPT00001.DOM
    SeRemoteShutdownPrivilege=JohnDough
    This indicates that of all the GPO's being applied to this machine,  the unresolvable account exists only in one
GPO. Specifically, the cached GPO named GPT00001.DOM. 
    Now we need to determine the friendly name of this GPO in the next step.

3. Locate the friendly names of each of the GPOs that contain an unresolvable account name.  These GPOs were identified
inthe previous step. 
From the command prompt, type: FIND /I ""[Mapping]"" %SYSTEMROOT%\Security\Logs\winlogon.log
    The string following ""[Mapping] gpt0000?.dom ="" in the FIND output identifies the friendly names for all GPO's
beingapplied to this machine. 
    Example: [Mapping] gpt00001.dom = User Rights Policy
    In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of ""User Rights
Policy"".

4. Remove unresolved accounts from each GPO that contains an unresolvable account.
    a. Start -> Run -> MMC.EXE
    b. From the File menu select ""Add/Remove Snap-in...""
    c. From the ""Add/Remove Snap-in"" dialog box select ""Add...""
    d. In the ""Add Standalone Snap-in"" dialog box select ""Group Policy"" and click ""Add""
    e. In the ""Select Group Policy Object"" dialog box click the ""Browse"" button.
    f. On the ""Browse for a Group Policy Object"" dialog box choose the ""All"" tab
    g. Right click on the first policy identified in step 3 and choose edit
    h.    Review each setting under Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ User
Rights
     Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/ Restricted Groups for accounts
identifiedin step 1. 
    i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3. "

---------- end log file ----------

Best Regards / Vriendelijke Groeten / Salutations Distinguées / Freundliche Grüße !!!
Kasem NEFNIFI
AtosOrigin Belgium N.V.
Minervastraat  7
1930 Zaventem (Belgium)
Tel      : +32(0)2 712 28 30
Fax     : +32(0)2 712 28 63
GSM   : +32 495 25 12 33
Email : kasem.nefnifi@atosorigin.com <mailto:kasem.nefnifi@atosorigin.com>
www.atosorigin.com <http://www.atosorigin.com>



-----Original Message-----
From: Richard Huxton [mailto:dev@archonet.com]
Sent: Tuesday, November 30, 2004 2:17 PM
To: Nefnifi, Kasem
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] starting the database server


Nefnifi, Kasem wrote:
> thanks Richard for the reaction,
> bellow a print screen of the error that I get when I try to start the
> service from windows services control panel:
> ole0.bmp

Try and stick to cutting and pasting text rather than embedding images -
lots of people on the lists will be reading/posting in plain text rather
than HTML. Also images use a lot more bandwidth than text.

Anyway - "The service did not return an error". Seems unlikely that you
wouldn't get some sort of error. Make sure your logging is turned on in
postgresql.conf and then check your system logs for an error message -
there should be something unless PG is failing *very* early in the startup.

If we still can't generate an error message, it might be worth trying to
start the backend from the command-line.

The second error message you sent "Connection refused" just means the
application couldn't contact the PG backend. We know it can't since the
service isn't starting.

--
   Richard Huxton
   Archonet Ltd
****************************************************************************
Disclaimer:
This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee. If you are not
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted.
Thank You.
****************************************************************************