What Managed Account Should Be Used For Distributed Cache Service In Sharepoint 2016

Provisioning the Distributed Enshroud Service by default will be done by using the Farm account that volition triggered the post-obit disquisitional event from the SharePoint Wellness Analyser:

Title	The server farm account should not be used for other services.
Severity	ane – Error
Category	Security
Caption	XXXX\SP_Farm, the account used for the SharePoint timer service and the central administration site, is highly privileged and should not be used for whatsoever other services on whatsoever machines in the server subcontract.  The post-obit services were plant to utilize this account: Distributed Cache Service(Windows Service)
Remedy	Scan to http://sp2016app:5000/_admin/FarmCredentialManagement.aspx and alter the account used for the services listed in the explanation. For more information near this rule, see "http://go.microsoft.com/fwlink/?LinkID=142685".
Failing Servers
Declining Services	SPTimerService (SPTimerV4)
Dominion Settings	View

It is not possible to change it via the SharePoint Central Administration (within the "Change Service accounts page") otherwise yous will encounter the following error:

The account must exist added previously as a managed business relationship for the subcontract. I use the recommendation of Vlad Catrinescu to provision the same business relationship as the other SP Services:

Account	Clarification	Local / Awarding Permissions	Local Security Policy
SP_Services	Runs the Awarding Pool for most of your Service Applications. There are some service applications that require more rights and a dedicated Service Account is recommended. We're converting those a bit lower in this web log post!	Domain User	Suit retention quotas for a process Log on as a batch job Log on as a service Supercede a procedure level token Impersonate a client afterward authentication

So go to the SharePoint server where the distributed cache service is running and execute the post-obit powershell commandlets.

                #Load SharePoint Snapin if necessary if ((Go-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $aught)  {     Add-PSSnapin "Microsoft.SharePoint.PowerShell" }  $farm = Get-SPFarm  $cacheService = $subcontract.Services | where {$_.Name -eq "AppFabricCachingService"}  $accnt = Go-SPManagedAccount -Identity "DOMAIN\SP_Services" $cacheService.ProcessIdentity.CurrentIdentityType = "SpecificUser" $cacheService.ProcessIdentity.ManagedAccount = $accnt  $cacheService.ProcessIdentity.Update()  $cacheService.ProcessIdentity.Deploy()              

Caution: if your are running the service from multiple servers, you should cease it on all servers before setting the new account.

Reference

• [Vlad Catrinescu] SharePoint 2016 Service Accounts Recommendations
• Microsoft: Manage the Distributed Cache service in SharePoint Server

Mail service navigation

What Managed Account Should Be Used For Distributed Cache Service In Sharepoint 2016,

Source: https://sharingo365.wordpress.com/2018/03/20/powershell-change-distributed-cache-service-account/

Posted by: loofas1938.blogspot.com

Share this post