Thread: starting the database server
Hello,
I'm using a windows 2000 advanced server, postgresql was installed and working fine, and I'm using pgadminIII. the database server cannot start and get error "is the postmaster running with -i on localhost 127.0.0.1 and accepting tcp/ip connection on the port 5432...."
the last time, before this error, I've imported a data from a flat file into a table with the command copy. it was fine and I can see my data, after that I've closed the pgadmin and the application that I'm using. this application is via a web browser and you've a logout button, but I've closed the web browser without logging out. can that be the reason? I don't know.
restarting the server also didn't help, because the pgsql starts automatically when windows starts, it was always fine.
after looking, I find that it was a space problem on the drive where is installed windows and not the drive where is installed the pgsql and the database and also the application that I'm using by the pgsql.
make some free spaces and increasing the virtual memory don't help.
now I've enough free space on all drives and the virtual memory is 2 times the physique memory of 1024. but still can't start the database.
when trying to start it via the services of windows, get an internal error that error in windows or in the service...
any idea why I cannot start the database and the service ?
thx
**************************************************************************** Disclaimer: This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify the sender by return and delete the transmission. Although the sender endeavors to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You. ****************************************************************************
Nefnifi, Kasem wrote: > when trying to start it via the services of windows, get an internal > error that error in windows or in the service... What error? What do your system logs say? -- Richard Huxton Archonet Ltd
Nefnifi, Kasem wrote: > thanks Richard for the reaction, > bellow a print screen of the error that I get when I try to start the > service from windows services control panel: > ole0.bmp Try and stick to cutting and pasting text rather than embedding images - lots of people on the lists will be reading/posting in plain text rather than HTML. Also images use a lot more bandwidth than text. Anyway - "The service did not return an error". Seems unlikely that you wouldn't get some sort of error. Make sure your logging is turned on in postgresql.conf and then check your system logs for an error message - there should be something unless PG is failing *very* early in the startup. If we still can't generate an error message, it might be worth trying to start the backend from the command-line. The second error message you sent "Connection refused" just means the application couldn't contact the PG backend. We know it can't since the service isn't starting. -- Richard Huxton Archonet Ltd
Hi Richard, bellow the text from the log file: ---------- start log file ---------- 30/11/2004 16:45:08 PostgreSQL Error None 0 N/A BAAN-AT-HOME execution of PostgreSQL by a user withadministrative permissions is not permitted. The server must be started under an unprivileged user ID to prevent possible system security compromise. See the documentation for more information on how to properly start the server. 30/11/2004 16:42:52 SceCli Warning None 1202 N/A BAAN-AT-HOME "Security policies are propagated withwarning. 0x534 : No mapping between account names and security IDs was done. For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.comfor ""troubleshooting 1202 events"". A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused bya mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolvethis event, contact an administrator in the domain to perform the following actions: 1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I ""Cannot find"" %SYSTEMROOT%\Security\Logs\winlogon.log The string following ""Cannot find"" in the FIND output identifies the problem account names. Example: Cannot find JohnDough. In this case, the SID for username ""JohnDough"" could not be determined. This most likely occurs because the account wasdeleted, renamed, or is spelled differently (e.g. ""JohnDoe""). 2.Identify the GPOs that contain the unresolvable account name: From the command prompt type FIND /I ""JohnDough"" %SYSTEMROOT%\Security\templates\policies\gpt*.* The output of the FIND command will resemble the following: ---------- GPT00000.DOM ---------- GPT00001.DOM SeRemoteShutdownPrivilege=JohnDough This indicates that of all the GPO's being applied to this machine, the unresolvable account exists only in one GPO. Specifically, the cached GPO named GPT00001.DOM. Now we need to determine the friendly name of this GPO in the next step. 3. Locate the friendly names of each of the GPOs that contain an unresolvable account name. These GPOs were identified inthe previous step. From the command prompt, type: FIND /I ""[Mapping]"" %SYSTEMROOT%\Security\Logs\winlogon.log The string following ""[Mapping] gpt0000?.dom ="" in the FIND output identifies the friendly names for all GPO's beingapplied to this machine. Example: [Mapping] gpt00001.dom = User Rights Policy In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of ""User Rights Policy"". 4. Remove unresolved accounts from each GPO that contains an unresolvable account. a. Start -> Run -> MMC.EXE b. From the File menu select ""Add/Remove Snap-in..."" c. From the ""Add/Remove Snap-in"" dialog box select ""Add..."" d. In the ""Add Standalone Snap-in"" dialog box select ""Group Policy"" and click ""Add"" e. In the ""Select Group Policy Object"" dialog box click the ""Browse"" button. f. On the ""Browse for a Group Policy Object"" dialog box choose the ""All"" tab g. Right click on the first policy identified in step 3 and choose edit h. Review each setting under Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ User Rights Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/ Restricted Groups for accounts identifiedin step 1. i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3. " ---------- end log file ---------- Best Regards / Vriendelijke Groeten / Salutations Distinguées / Freundliche Grüße !!! Kasem NEFNIFI AtosOrigin Belgium N.V. Minervastraat 7 1930 Zaventem (Belgium) Tel : +32(0)2 712 28 30 Fax : +32(0)2 712 28 63 GSM : +32 495 25 12 33 Email : kasem.nefnifi@atosorigin.com <mailto:kasem.nefnifi@atosorigin.com> www.atosorigin.com <http://www.atosorigin.com> -----Original Message----- From: Richard Huxton [mailto:dev@archonet.com] Sent: Tuesday, November 30, 2004 2:17 PM To: Nefnifi, Kasem Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] starting the database server Nefnifi, Kasem wrote: > thanks Richard for the reaction, > bellow a print screen of the error that I get when I try to start the > service from windows services control panel: > ole0.bmp Try and stick to cutting and pasting text rather than embedding images - lots of people on the lists will be reading/posting in plain text rather than HTML. Also images use a lot more bandwidth than text. Anyway - "The service did not return an error". Seems unlikely that you wouldn't get some sort of error. Make sure your logging is turned on in postgresql.conf and then check your system logs for an error message - there should be something unless PG is failing *very* early in the startup. If we still can't generate an error message, it might be worth trying to start the backend from the command-line. The second error message you sent "Connection refused" just means the application couldn't contact the PG backend. We know it can't since the service isn't starting. -- Richard Huxton Archonet Ltd **************************************************************************** Disclaimer: This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify the sender by return and delete the transmission. Although the sender endeavors to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You. ****************************************************************************
Nefnifi, Kasem wrote: > Hi Richard, bellow the text from the log file: > > ---------- start log file ---------- > > 30/11/2004 16:45:08 PostgreSQL Error None 0 N/A BAAN-AT-HOME > execution of PostgreSQL by a user with administrative permissions is > not permitted. The server must be started under an unprivileged user > ID to prevent possible system security compromise. See the > documentation for more information on how to properly start the > server. There you go - the user PostgreSQL tries to run under has administrative permissions. This isn't allowed for security purposes. > 30/11/2004 16:42:52 SceCli Warning None 1202 N/A BAAN-AT-HOME > "Security policies are propagated with warning. 0x534 : No mapping > between account names and security IDs was done. > > For best results in resolving this event, log on with a > non-administrative account and search http://support.microsoft.com > for ""troubleshooting 1202 events"". A user account in one or more > Group policy objects (GPOs) could not be resolved to a SID. This > error is possibly caused by a mistyped nor deleted user account > referenced in either the User Rights or Restricted Groups branch of a > GPO. To resolve this event, contact an administrator in the domain > to perform the following actions: What's more - there seems to have been a problem mapping user/group numbers to names. The rest of the message gives details of how to correct this. -- Richard Huxton Archonet Ltd
Hello, but it has worked fine since the installation without any error until now and nothing has been changed in the system policy. how it can something like this happened. now the concrete solution, I've to follow the solution proposed in the log file. which user should I use to start the database, if I take an only normal user, get the message error that I don't permissions,as administrator PostgreSql don't let me start the database. strange, because in all databases you've to be administratorto do something like except Postgresql. what kind solution do you suggest to me and thx in advance. -----Original Message----- From: Richard Huxton [mailto:dev@archonet.com] Sent: Tuesday, November 30, 2004 5:42 PM To: Nefnifi, Kasem Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] starting the database server Nefnifi, Kasem wrote: > Hi Richard, bellow the text from the log file: > > ---------- start log file ---------- > > 30/11/2004 16:45:08 PostgreSQL Error None 0 N/A BAAN-AT-HOME > execution of PostgreSQL by a user with administrative permissions is > not permitted. The server must be started under an unprivileged user > ID to prevent possible system security compromise. See the > documentation for more information on how to properly start the > server. There you go - the user PostgreSQL tries to run under has administrative permissions. This isn't allowed for security purposes. > 30/11/2004 16:42:52 SceCli Warning None 1202 N/A BAAN-AT-HOME > "Security policies are propagated with warning. 0x534 : No mapping > between account names and security IDs was done. > > For best results in resolving this event, log on with a > non-administrative account and search http://support.microsoft.com > for ""troubleshooting 1202 events"". A user account in one or more > Group policy objects (GPOs) could not be resolved to a SID. This > error is possibly caused by a mistyped nor deleted user account > referenced in either the User Rights or Restricted Groups branch of a > GPO. To resolve this event, contact an administrator in the domain > to perform the following actions: What's more - there seems to have been a problem mapping user/group numbers to names. The rest of the message gives details of how to correct this. -- Richard Huxton Archonet Ltd **************************************************************************** Disclaimer: This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify the sender by return and delete the transmission. Although the sender endeavors to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You. ****************************************************************************
Nefnifi, Kasem wrote: > Hello, > > but it has worked fine since the installation without any error until > now and nothing has been changed in the system policy. how it can > something like this happened. Something must have changed. If it's not your installation of PostgreSQL then it's something in the authentication system. > now the concrete solution, I've to follow the solution proposed in > the log file. which user should I use to start the database, if I > take an only normal user, get the message error that I don't > permissions, as administrator PostgreSql don't let me start the > database. strange, because in all databases you've to be > administrator to do something like except Postgresql. Keep the PostgreSQL user the same, but trace its group membership and check file permissions. The reason PosgreSQL refuses to run as an administrator is that to do so opens a security hole. Other databases open that hole and you can read about the hacks on the security lists. -- Richard Huxton Archonet Ltd
> 30/11/2004 16:45:08 PostgreSQL Error None 0 N/A BAAN-AT-HOME execution of PostgreSQL by a userwith administrative permissions is not permitted. > The server must be started under an unprivileged user ID to prevent > possible system security compromise. See the documentation for > more information on how to properly start the server. Hm, the first idea that comes to mind would be to follow the advice of this error message. Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346