Thread: starting the database server

starting the database server

From
"Nefnifi, Kasem"
Date:
Hello,
 
I'm using a windows 2000 advanced server, postgresql was installed and working fine, and I'm using pgadminIII. the database server cannot start and get error "is the postmaster running with -i on localhost 127.0.0.1 and accepting tcp/ip connection on the port 5432...."
 
the last time, before this error, I've imported a data from a flat file into a table with the command copy. it was fine and I can see my data, after that I've closed the pgadmin and the application that I'm using. this application is via a web browser and you've a logout button, but I've closed the web browser without logging out. can that be the reason?  I don't know.
restarting the server also didn't help, because the pgsql starts automatically when windows starts, it was always fine.
after looking, I find that it was a space problem on the drive where is installed windows and not the drive where is installed the pgsql and the database and also the application that I'm using by the pgsql.
make some free spaces and increasing the virtual memory don't help.
now I've enough free space on all drives and the virtual memory is 2 times the physique memory of 1024. but still can't start the database.
when trying to start it via the services of windows, get an internal error that error in windows or in the service...
 
any idea why I cannot start the database and the service ?
 
thx   
****************************************************************************
Disclaimer: 
This electronic transmission and any files attached to it are strictly 
confidential and intended solely for the addressee. If you are not 
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this 
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages 
resulting from any virus transmitted. 
Thank You.
****************************************************************************

Re: starting the database server

From
Richard Huxton
Date:
Nefnifi, Kasem wrote:
> when trying to start it via the services of windows, get an internal
> error that error in windows or in the service...

What error? What do your system logs say?

--
   Richard Huxton
   Archonet Ltd

Re: starting the database server

From
Richard Huxton
Date:
Nefnifi, Kasem wrote:
> thanks Richard for the reaction,
> bellow a print screen of the error that I get when I try to start the
> service from windows services control panel:
> ole0.bmp

Try and stick to cutting and pasting text rather than embedding images -
lots of people on the lists will be reading/posting in plain text rather
than HTML. Also images use a lot more bandwidth than text.

Anyway - "The service did not return an error". Seems unlikely that you
wouldn't get some sort of error. Make sure your logging is turned on in
postgresql.conf and then check your system logs for an error message -
there should be something unless PG is failing *very* early in the startup.

If we still can't generate an error message, it might be worth trying to
start the backend from the command-line.

The second error message you sent "Connection refused" just means the
application couldn't contact the PG backend. We know it can't since the
service isn't starting.

--
   Richard Huxton
   Archonet Ltd

Re: starting the database server

From
"Nefnifi, Kasem"
Date:
Hi Richard,
bellow the text from the log file:

---------- start log file ----------

30/11/2004    16:45:08    PostgreSQL    Error    None    0    N/A    BAAN-AT-HOME    execution of PostgreSQL by a user
withadministrative permissions is not permitted. 
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.

30/11/2004    16:42:52    SceCli    Warning    None    1202    N/A    BAAN-AT-HOME    "Security policies are propagated
withwarning. 0x534 : No mapping between account names and security IDs was done. 

For best results in resolving this event, log on with a non-administrative account and search
http://support.microsoft.comfor ""troubleshooting 1202 events"". 
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused
bya mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To
resolvethis event, contact an administrator in the domain to perform the following actions: 

1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I ""Cannot find""
%SYSTEMROOT%\Security\Logs\winlogon.log 
The string following ""Cannot find"" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username ""JohnDough"" could not be determined. This most likely occurs because the account
wasdeleted, renamed, or is spelled differently (e.g. ""JohnDoe""). 

2.Identify the GPOs that contain the unresolvable account name:
From the command prompt type FIND /I ""JohnDough"" %SYSTEMROOT%\Security\templates\policies\gpt*.*
    The output of the FIND command will resemble the following:
    ---------- GPT00000.DOM
    ---------- GPT00001.DOM
    SeRemoteShutdownPrivilege=JohnDough
    This indicates that of all the GPO's being applied to this machine,  the unresolvable account exists only in one
GPO. Specifically, the cached GPO named GPT00001.DOM. 
    Now we need to determine the friendly name of this GPO in the next step.

3. Locate the friendly names of each of the GPOs that contain an unresolvable account name.  These GPOs were identified
inthe previous step. 
From the command prompt, type: FIND /I ""[Mapping]"" %SYSTEMROOT%\Security\Logs\winlogon.log
    The string following ""[Mapping] gpt0000?.dom ="" in the FIND output identifies the friendly names for all GPO's
beingapplied to this machine. 
    Example: [Mapping] gpt00001.dom = User Rights Policy
    In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of ""User Rights
Policy"".

4. Remove unresolved accounts from each GPO that contains an unresolvable account.
    a. Start -> Run -> MMC.EXE
    b. From the File menu select ""Add/Remove Snap-in...""
    c. From the ""Add/Remove Snap-in"" dialog box select ""Add...""
    d. In the ""Add Standalone Snap-in"" dialog box select ""Group Policy"" and click ""Add""
    e. In the ""Select Group Policy Object"" dialog box click the ""Browse"" button.
    f. On the ""Browse for a Group Policy Object"" dialog box choose the ""All"" tab
    g. Right click on the first policy identified in step 3 and choose edit
    h.    Review each setting under Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ User
Rights
     Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/ Restricted Groups for accounts
identifiedin step 1. 
    i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3. "

---------- end log file ----------

Best Regards / Vriendelijke Groeten / Salutations Distinguées / Freundliche Grüße !!!
Kasem NEFNIFI
AtosOrigin Belgium N.V.
Minervastraat  7
1930 Zaventem (Belgium)
Tel      : +32(0)2 712 28 30
Fax     : +32(0)2 712 28 63
GSM   : +32 495 25 12 33
Email : kasem.nefnifi@atosorigin.com <mailto:kasem.nefnifi@atosorigin.com>
www.atosorigin.com <http://www.atosorigin.com>



-----Original Message-----
From: Richard Huxton [mailto:dev@archonet.com]
Sent: Tuesday, November 30, 2004 2:17 PM
To: Nefnifi, Kasem
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] starting the database server


Nefnifi, Kasem wrote:
> thanks Richard for the reaction,
> bellow a print screen of the error that I get when I try to start the
> service from windows services control panel:
> ole0.bmp

Try and stick to cutting and pasting text rather than embedding images -
lots of people on the lists will be reading/posting in plain text rather
than HTML. Also images use a lot more bandwidth than text.

Anyway - "The service did not return an error". Seems unlikely that you
wouldn't get some sort of error. Make sure your logging is turned on in
postgresql.conf and then check your system logs for an error message -
there should be something unless PG is failing *very* early in the startup.

If we still can't generate an error message, it might be worth trying to
start the backend from the command-line.

The second error message you sent "Connection refused" just means the
application couldn't contact the PG backend. We know it can't since the
service isn't starting.

--
   Richard Huxton
   Archonet Ltd
****************************************************************************
Disclaimer:
This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee. If you are not
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted.
Thank You.
****************************************************************************

Re: starting the database server

From
Richard Huxton
Date:
Nefnifi, Kasem wrote:
> Hi Richard, bellow the text from the log file:
>
> ---------- start log file ----------
>
> 30/11/2004    16:45:08    PostgreSQL    Error    None    0    N/A    BAAN-AT-HOME
> execution of PostgreSQL by a user with administrative permissions is
> not permitted. The server must be started under an unprivileged user
> ID to prevent possible system security compromise.  See the
> documentation for more information on how to properly start the
> server.

There you go - the user PostgreSQL tries to run under has administrative
permissions. This isn't allowed for security purposes.

> 30/11/2004    16:42:52    SceCli    Warning    None    1202    N/A    BAAN-AT-HOME
> "Security policies are propagated with warning. 0x534 : No mapping
> between account names and security IDs was done.
>
> For best results in resolving this event, log on with a
> non-administrative account and search http://support.microsoft.com
> for ""troubleshooting 1202 events"". A user account in one or more
> Group policy objects (GPOs) could not be resolved to a SID. This
> error is possibly caused by a mistyped nor deleted user account
> referenced in either the User Rights or Restricted Groups branch of a
> GPO.  To resolve this event, contact an administrator in the domain
> to perform the following actions:

What's more - there seems to have been a problem mapping user/group
numbers to names. The rest of the message gives details of how to
correct this.

--
   Richard Huxton
   Archonet Ltd

Re: starting the database server

From
"Nefnifi, Kasem"
Date:
Hello,

but it has worked fine since the installation without any error until now and nothing has been changed in the system
policy.
how it can something like this happened.
now the concrete solution, I've to follow the solution proposed in the log file.
which user should I use to start the database, if I take an only normal user, get the message error that I don't
permissions,as administrator PostgreSql don't let me start the database. strange, because in all databases you've to be
administratorto do something like except Postgresql. 

what kind solution do you suggest to me and thx in advance.

-----Original Message-----
From: Richard Huxton [mailto:dev@archonet.com]
Sent: Tuesday, November 30, 2004 5:42 PM
To: Nefnifi, Kasem
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] starting the database server


Nefnifi, Kasem wrote:
> Hi Richard, bellow the text from the log file:
>
> ---------- start log file ----------
>
> 30/11/2004    16:45:08    PostgreSQL    Error    None    0    N/A    BAAN-AT-HOME
> execution of PostgreSQL by a user with administrative permissions is
> not permitted. The server must be started under an unprivileged user
> ID to prevent possible system security compromise.  See the
> documentation for more information on how to properly start the
> server.

There you go - the user PostgreSQL tries to run under has administrative
permissions. This isn't allowed for security purposes.

> 30/11/2004    16:42:52    SceCli    Warning    None    1202    N/A    BAAN-AT-HOME
> "Security policies are propagated with warning. 0x534 : No mapping
> between account names and security IDs was done.
>
> For best results in resolving this event, log on with a
> non-administrative account and search http://support.microsoft.com
> for ""troubleshooting 1202 events"". A user account in one or more
> Group policy objects (GPOs) could not be resolved to a SID. This
> error is possibly caused by a mistyped nor deleted user account
> referenced in either the User Rights or Restricted Groups branch of a
> GPO.  To resolve this event, contact an administrator in the domain
> to perform the following actions:

What's more - there seems to have been a problem mapping user/group
numbers to names. The rest of the message gives details of how to
correct this.

--
   Richard Huxton
   Archonet Ltd
****************************************************************************
Disclaimer:
This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee. If you are not
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted.
Thank You.
****************************************************************************

Re: starting the database server

From
Richard Huxton
Date:
Nefnifi, Kasem wrote:
> Hello,
>
> but it has worked fine since the installation without any error until
> now and nothing has been changed in the system policy. how it can
> something like this happened.

Something must have changed. If it's not your installation of PostgreSQL
then it's something in the authentication system.

> now the concrete solution, I've to follow the solution proposed in
> the log file. which user should I use to start the database, if I
> take an only normal user, get the message error that I don't
> permissions, as administrator PostgreSql don't let me start the
> database. strange, because in all databases you've to be
> administrator to do something like except Postgresql.

Keep the PostgreSQL user the same, but trace its group membership and
check file permissions.

The reason PosgreSQL refuses to run as an administrator is that to do so
  opens a security hole. Other databases open that hole and you can read
about the hacks on the security lists.

--
   Richard Huxton
   Archonet Ltd

Re: starting the database server

From
Karsten Hilbert
Date:
> 30/11/2004    16:45:08    PostgreSQL    Error    None    0    N/A    BAAN-AT-HOME    execution of PostgreSQL by a
userwith administrative permissions is not permitted. 
> The server must be started under an unprivileged user ID to prevent
> possible system security compromise.  See the documentation for
> more information on how to properly start the server.
Hm, the first idea that comes to mind would be to follow the
advice of this error message.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346