Elastic 6.6.0: Windows server 2016 service not starting

The topic has been discussed earlier here and here about not being able to start the ElasticSearch service under a Domain Service account.

I know the account does not have sufficient privileges "somewhere", but I'm having trouble pinpointing the exact permission. When I assign Administrator rights to the account, it works.

I've given the following permissions within the user rights assignment:
Allow log on as a service
Allow log on as a batch job

I've given the following permission on the folders:
Install folder: Read only
Log folder: Modify
Data folder: Modify
Config folder: Modify

Additionally, there are several GPO rules in place for default domain servers, but i don't think that there is a problem there. On another server, Windows 2008R2, the service is staring under the same account and does not have full administrator rights on that server.

So my question: What permissions does the domain service account need to have to be able to run the service, without adding the account to the Administrators Group.

The windows eventlog error:
Source: .NET Runtime, ID 1026
Application: elasticsearch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Elastic.ProcessHosts.Process.StartupException
at Elastic.ProcessHosts.Process.ProcessBase.HandleException(System.Exception)
at System.Reactive.ObserverBase1[[System.__Canon, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at System.Reactive.Observer1[[System.__Canon, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception)
at System.Reactive.Linq.ObservableImpl.AsObservable1+_[[System.__Canon, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at System.Reactive.AutoDetachObserver1[[System.__Canon, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnErrorCore(System.Exception)
at System.Reactive.ObserverBase1[[System.__Canon, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at Elastic.ProcessHosts.Process.ObservableProcess+<>c__DisplayClass22_0.<CreateProcessExitSubscription>b__0(System.Reactive.EventPattern1<System.Object>)
at System.Reactive.AnonymousSafeObserver1[[System.__Canon, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnNext(System.__Canon) at System.EventHandler.Invoke(System.Object, System.EventArgs) at System.Diagnostics.Process.OnExited() at System.Diagnostics.Process.RaiseOnExited() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Eventlog error 2
Source: Application Error, EventID 1000

Faulting application name: elasticsearch.exe, version:, time stamp: 0x5c49ae87
Faulting module name: KERNELBASE.dll, version: 10.0.14393.2791, time stamp: 0x5c5a4180
Exception code: 0xe0434352
Fault offset: 0x0000000000034078
Faulting process id: 0x2208
Faulting application start time: 0x01d4d9a985c88f9a
Faulting application path: omitted
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 91a96679-3eff-498d-8c04-ec17895cb081
Faulting package full name:
Faulting package-relative application ID:

Have you tried with Modify NTFS permissions on the Install folder too?

Another angle to investigate this is to start the elasticsearch.exe on the command line and see if it starts or fails to start. If the latter, would you be able to share the exception message and stack traces?

After I've added the modify permissions, the service won't start under the service account.

I'm currently trying to get that same account additional rights to log on locally so that I can run an interactive CMD prompt and check if there is an exception message there.

Ok, so i've fixed this issue and it was indeed a permission issue. The problem was that the service account didn't had the right permissions on the disk itself. So the I configured read/folder traverse permissions on the root of the disk and from there on read/write as mentioned above and the service started successfully.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.