TRITON Database service not starting due to logon failure
Data Security, Web Security and Filter
7.6, 7.7, 7.8, 8.0, 8.1
The TRITON Settings Database Service fails to start, or starts and then stops immediately.
The error reported is:
Could not start the Websense TRITON Settings Database. The service did not start due to a logon failure.
Error 1053: The service did not respond to the start or control request in a timely fashion.
The TRITON Settings Database Service, service runs using a local postgres_eip user, which is created during installation. This user account must have the "Log on as a service" right within the Windows Local Security Policy in order for the service to start.
The "Log on as a service" right is automatically granted to the postgres_eip user during installation. However, if this right is overwritten by local or group policy, it will be stripped when the policy is applied (typically at login or reboot.)
If the TRITON Settings Database service is stopped after the right to log on as a service has been stripped, it will then fail to re-start with a "logon failure" error.
As a temporary workaround, you can manually enter the postgres_eip credentials into the service properties Log On tab within Windows Services Manager:
- If you know the postgres_eip password, go to step 2. If you do not know the password for the postgres_eip account, you will first need to reset it. Go to Start > Run > and type lusrmgr.msc to launch the Local Users and Groups console. Right click on the postgres_eip user and use the Set Password option to reset the password.
- Add the password into Windows Services Manager. Go to Start > Run > and type Services.msc. Right click on the Websense TRITON Settings Database service and select Properties. In the Log On tab, ensure the service is configured to run using the local postgres_eip user and enter the credentials.
- The service should now start.
When the password is manually entered back into the service properties, the postgres_eip user account is automatically granted the right to log on as a service. This will allow the service to start and run until the "Log on as a service" right is again stripped by local or group Policy.
By default, Windows 2008 R2 does not allow local accounts to have "Log on as a service" or "Log on locally" rights. On other platforms, this right may be restricted by the Local Security Policy or Group Policy.
To assign this right within the Local Security Policy:
- Select Start > Run > secpol.msc.
- Expand Local Policies > User rights assignment.
- In the right pane, right click on "Log on as service", select Properties, and ensure the postgres_eip user is listed in the Local Security Settings tab.
- Return to Local Policies > User rights assignment. Right click on "Allow log on locally" and ensure the postgres_eip user is listed in the Local Security Settings tab.
If the rights are restricted by Group Policy, we recommend creating a new GPO applicable to the Websense Server. Add the "Log on as a service" and "Allow Log on locally" rights for the postgres_eip account and prevent inheritance from overriding the values. Then run "gpupdate /force" on the Websense server to apply the new GPO.If Error 1053 appears
If TRITON services stopped unexpectedly or fail to start, then you may have to manually remove the postmaster.pid
file. This file should automatically be removed when TRITON services stop.
If all of the above fails, please, make sure the server localhost is resolvable by IPv4 protocol. sometimes if the hosts file is configured to only resolve localhost to IPv6 and NOT IPv4, the service will not start
- Ensure Websense TRITON Settings Database service is stopped.
- Check if the postmaster.pid file exists. Navigate to the \Program Files\Websense\EIP Infra\pgsql\data directory. If found, rename the file to postmaster.pid.old.
- Start Websense TRITON Settings Database service. The postmaster.pid file should be re-created and the service should start successfully.
- If the file was not recreated, then reboot the server. This should release a lock on the file.
- If the file still does not appear, then a GPO may not be allowing permissions for file creation.
- Also, ensure that file scanning is not occurring in the Websense directory structure.
Notes & Warnings
Additional Problems and Search Terms:
Websense TRITON Database Settings Service won't start