Danny Mayer wrote:
> atomic@people.net.au wrote:
>> A very strange thing happened after upgrading from BIND 8.4.6 to 9.5.0.
>> We created the "named" user as a service account as required by BIND9,
>> then granted full control on everything in the BIND directory (d:\bind)
>> to this user, however the named service failed to start due to:
>>
>> > Error 1053: The service did not respond to the start or control

>> request in a timely fashion
>>
>> There are a bunch of "unable to rename log file...permission denied"
>> errors in the Windows Event Log, the exact error messages read:
>>
>> > unable to rename log file '..\\logs\\named.log.5' to

>> '..\\logs\\named.log.6': permission denied
>> > unable to rename log file '..\\logs\\named.log.6' to

>> '..\\logs\\named.log.7': permission denied
>> > unable to rename log file '..\\logs\\named.log.7' to

>> '..\\logs\\named.log.8': permission denied
>> > ...heaps more...

>>
>> It became apparent that there are some permission issues writing to the
>> log directory (d:\bind\logs), but we checked many times and can confirm
>> that "named" user has full control all the way. The next thing we did
>> was to rename the log directory to d:\bind\logs_preBIND9 and created a
>> new log directory d:\bind\logs, and this time named started successfully.
>>
>> We then compared the permissions between d:\bind\logs_preBIND9 and
>> d:\bind\logs, they are exactly the same. It seems the problem is still
>> there, but because the new log directory is empty so named does not have
>> to rename anything and therefore it worked. Chances are as soon as the
>> circular log files start to pop up named will stop working.
>>
>> Is there a solution to this problem? What extra permissions are required
>> to rename the log files when it already has full control? By the way our
>> log file setting is "versions 50 size 25M" if that matters.
>>
>> Thanks! Peter

>
> Look at the ISC BIND service and make certain that the service is run
> under the account you think it is. You can also look at the task manager
> and check the "Show processes from all users" box and look to see what
> account named is using. The go into the directory properties, grant all
> access to the specified account and make sure to specify that it
> propogate to all subdirectories. From the CMD line type: CACLS * and see
> what permissions you actually have and post it here. Where does the
> named.pid file go and does it get written? Also are you sure you have
> double backslashes (\\) in the directory path in the application event
> log or did you just type that into your message?
>
> Danny
>