Title | The server farm account should not be used for other services. |
Severity | 1 - Error |
Category | Security |
Explanation | [farmServiceAccount], the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for any other services on any machines in the server farm. The following services were found to use this account: Distributed Cache Service (Windows Service) |
Remedy | Browse to [your CA host]/_admin/FarmCredentialManagement.aspxand change the account used for the services listed in the explanation. For more information about this rule, seehttp://go.microsoft.com/fwlink/?LinkID=142685 |
Failing Servers | |
Failing Services | SPTimerService (SPTimerV4) |
Rule Settings | View |
The only way to change this at present is to use PowerShell. These steps are shown next.
Procedure
Identify an AD account that you want to use for the Distributed Cache service account.
Register this account with the farm as a managed account.
Login to a farm server using your administrator account. No need to use the farm administration account, just your own.
Open a farm management shell as administrator (right-click, choose Run as Administrator).
Execute each of the following statements, in order:
$farm = Get-SPFarm
$cacheService = $farm.Services | where {$_.Name -eq "AppFabricCachingService"}
Write-Host $cacheService
$accnt = Get-SPManagedAccount -Identity "DOMAIN\ACCOUNTNAME"
Write-Host "Managed Account" $accnt
$cacheService.ProcessIdentity.CurrentIdentityType = "SpecificUser"
$cacheService.ProcessIdentity.ManagedAccount = $accnt
Write-Host "Now Updating"
$cacheService.ProcessIdentity.Update()
Write-Host "Finished."
Only change "DOMAIN\ACCOUNTNAME".
Thank you very much
Fahadullah Karimi
SharePoint Specialist
Next Post| PowerShell to deploy SharePoint 2013 Solutions (WSP) | Changing the language of an existing SharePoint site |
No comments:
Post a Comment