The topic has been discussed earlier here and here about not being able to start the ElasticSearch service under a Domain Service account.
I know the account does not have sufficient privileges "somewhere", but I'm having trouble pinpointing the exact permission. When I assign Administrator rights to the account, it works.
I've given the following permissions within the user rights assignment:
Allow log on as a service
Allow log on as a batch job
I've given the following permission on the folders:
Install folder: Read only
Log folder: Modify
Data folder: Modify
Config folder: Modify
Additionally, there are several GPO rules in place for default domain servers, but i don't think that there is a problem there. On another server, Windows 2008R2, the service is staring under the same account and does not have full administrator rights on that server.
So my question: What permissions does the domain service account need to have to be able to run the service, without adding the account to the Administrators Group.
The windows eventlog error:
Source: .NET Runtime, ID 1026
Application: elasticsearch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Elastic.ProcessHosts.Process.StartupException
at Elastic.ProcessHosts.Process.ProcessBase.HandleException(System.Exception)
at System.Reactive.ObserverBase1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at System.Reactive.Observer1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception)
at System.Reactive.Linq.ObservableImpl.AsObservable1+_[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at System.Reactive.AutoDetachObserver1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnErrorCore(System.Exception)
at System.Reactive.ObserverBase1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception) at Elastic.ProcessHosts.Process.ObservableProcess+<>c__DisplayClass22_0.<CreateProcessExitSubscription>b__0(System.Reactive.EventPattern1<System.Object>)
at System.Reactive.AnonymousSafeObserver1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnNext(System.__Canon) at System.EventHandler.Invoke(System.Object, System.EventArgs) at System.Diagnostics.Process.OnExited() at System.Diagnostics.Process.RaiseOnExited() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
Eventlog error 2
Source: Application Error, EventID 1000
Faulting application name: elasticsearch.exe, version: 6.6.0.0, time stamp: 0x5c49ae87
Faulting module name: KERNELBASE.dll, version: 10.0.14393.2791, time stamp: 0x5c5a4180
Exception code: 0xe0434352
Fault offset: 0x0000000000034078
Faulting process id: 0x2208
Faulting application start time: 0x01d4d9a985c88f9a
Faulting application path: omitted
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 91a96679-3eff-498d-8c04-ec17895cb081
Faulting package full name:
Faulting package-relative application ID: