I have started running into a problem when I am trying to change the service account that is running the Search Host Controller Service in SharePoint 2013. When I go into Central Admin and change the account that is running the controller service, the controller service will end up stopped and it will not start. While in this state the search will start generating the following errors:
“Could not connect to the search administration Web service on server SERVERNAME because the web server is not running.”
“Unable to retrieve topology component health states. This may be because the admin component is not up and running.”
When you try to start the SharePoint Search Host Controller service via the Services.msc snap-in, it gives you the following error:
“Error 1067: The process terminated unexpectedly.”
Figure 1 – Error 1067 Process Terminated
Figure 2 – Search Host Controller Service
And when we check the ULS logs, we see the following unexpected error:
“WcfService: Exception during service start – threadId: 12 – exception: System.ServiceModel.CommunicationException: The service endpoint failed to listen on the URI ‘net.tcp://localhost/ceres/hostcontroller/’ because access was denied. Verify that the current user is granted access in the appropriate allowAccounts section of SMSvcHost.exe.config. —> System.ComponentModel.Win32Exception: Access is denied”
Now call me crazy but these errors did not used to occur. I do not know precisely when this started to become a problem but I didn’t start seeing it until recently. And recently is also when I started deploying SharePoint 2013 on Windows 2012 R2 but I don’t know that this is related at this point. (Although Windows 2012 R2 has definitely been a problem when it comes to installing the SharePoint pre-requisites.)
The easist way I have found to get around this problem is to do the following:
1. First, add the service account that you are going to change the Host Controller service to, to the local administrators group on the SharePoint server.
2. Next, go to Central Administration and update the service account for the host controller service. Central Administration > Security > in the General Security section click Configure Service Accounts. Once on the Service Accounts configuration screen, select the dropdown and choose the Windows Service – Search Host Controller Service.
Figure 3 – Configure Host Controller Service Account
Once you have selected the Search Host Controller Service, click the account dropdown and choose the managed account you wish to use to run the Host Controller Service and then click Ok.
Figure 4 – Select the Managed Account
Once the service account has been updated, make sure that you then remove the service account from your local administrators group. (We wouldn’t want to violate any security policies now would we?)
If you have multiple servers in your farm, you will need to add the account to the local administrators group on each server that you are running the Search Host Controller service on before you change it.