TRITON Database service not starting due to logon failure

Article Number: 000005020
5020
Products: Data Security, Web Security and Filter
Versions: 7.6, 7.7

Problem Description

The TRITON Settings Database Service fails to start, or starts and then stops immediately. The error reported is:
 
Could not start the Websense TRITON Settings Database. The service did not start due to a logon failure.

Error 1053: The service did not respond to the start or control request in a timely fashion
.



Resolution

The TRITON Settings Database Service, service runs using a local postgres_eip user, which is created during installation.   This user account must have the "Log on as a service" right within the Windows Local Security Policy in order for the service to start. 

The "Log on as a service" right is automatically granted to the postgres_eip user during installation. However, if this right is overwritten by local or group policy, it will be stripped when the policy is applied (typically at login or reboot.)
 
If the TRITON Settings Database service is stopped after the right to log on as a service has been stripped, it will then fail to re-start with a "logon failure" error.

Temporary Workaround:

As a temporary workaround, you can manually enter the postgres_eip credentials into the service properties Log On tab within Windows Services Manager:

  1. If you know the postgres_eip password, go to step 2.  If you do not know the password for the postgres_eip account, you will first need to reset it.  Go to Start > Run > and type lusrmgr.msc to launch the Local Users and Groups console.  Right click on the postgres_eip user and use the Set Password option to reset the password.
  2. Add the password into Windows Services Manager. Go to Start > Run > and type Services.msc. Right click on the Websense TRITON Settings Database service and select Properties. In the Log On tab, ensure the service is configured to run using the local postgres_eip user and enter the credentials.
  3. The service should now start.

When the password is manually entered back into the service properties, the postgres_eip user account is automatically granted the right to log on as a service.  This will allow the service to start and run until the  "Log on as a service" right is again stripped by local or group Policy.

Permanent Solution:

By default, Windows 2008 R2 does not allow local accounts to have "Log on as a service" or "Log on locally" rights. On other platforms, this right may be restricted by the Local Security Policy or Group Policy.  

To assign this right within the Local Security Policy: 

  1. Select Start > Run > secpol.msc.
  2. Expand Local Policies > User rights assignment.
  3. In the right pane, right click on "Log on as service", select Properties, and ensure the postgres_eip user is listed in the Local Security Settings tab. 
  4. Return to Local Policies > User rights assignment. Right click on "Allow log on locally" and ensure the postgres_eip user is listed in the Local Security Settings tab. 

If the rights are restricted by Group Policy, we recommend creating a new GPO applicable to the Websense Server.  Add the "Log on as a service" and "Allow Log on locally" rights for the postgres_eip account and prevent inheritance from overriding the values.  Then run "gpupdate /force" on the Websense server to apply the new GPO.


If Error 1053 appears:
 
If TRITON services stopped unexpectedly or fail to start, then you may have to manually remove the postmaster.pid file. This file should automatically be removed when TRITON services stop.
  1. Ensure Websense TRITON Settings Database service is stopped. 
  2. Check if the postmaster.pid file exists. Navigate to the \Program Files\Websense\EIP Infra\pgsql\data directory. If found, rename the file to postmaster.pid.old.
  3. Start Websense TRITON Settings Database service.  The postmaster.pid file should be re-created and the service should start successfully.
  4. If the file was not recreated, then reboot the server. This should release a lock on the file.
  5. If the file still does not appear, then a GPO may not be allowing permissions for file creation.
  6. Also, ensure that file scanning is not occurring in the Websense directory structure.


 

Notes & Warnings

Additional Problems and Search Terms:
Websense TRITON Database Settings Service won't start

Article Rating:

Do you have any additional feedback?    close

How are we doing?

Provide us feedback on your experience with the Service Request portal.

provide feedback >