BIND 9.5.0 on Windows 2000 unable to rename log file...permission denied

Danny Mayer mayer at ntp.isc.org
Thu Sep 18 02:16:21 UTC 2008


atomic at people.net.au wrote:
> A very strange thing happened after upgrading from BIND 8.4.6 to 9.5.0. 
> We created the "named" user as a service account as required by BIND9, 
> then granted full control on everything in the BIND directory (d:\bind) 
> to this user, however the named service failed to start due to:
> 
>  > Error 1053: The service did not respond to the start or control 
> request in a timely fashion
> 
> There are a bunch of "unable to rename log file...permission denied" 
> errors in the Windows Event Log, the exact error messages read:
> 
>  > unable to rename log file '..\\logs\\named.log.5' to 
> '..\\logs\\named.log.6': permission denied
>  > unable to rename log file '..\\logs\\named.log.6' to 
> '..\\logs\\named.log.7': permission denied
>  > unable to rename log file '..\\logs\\named.log.7' to 
> '..\\logs\\named.log.8': permission denied
>  > ...heaps more...
> 
> It became apparent that there are some permission issues writing to the 
> log directory (d:\bind\logs), but we checked many times and can confirm 
> that "named" user has full control all the way. The next thing we did 
> was to rename the log directory to d:\bind\logs_preBIND9 and created a 
> new log directory d:\bind\logs, and this time named started successfully.
> 
> We then compared the permissions between d:\bind\logs_preBIND9 and 
> d:\bind\logs, they are exactly the same. It seems the problem is still 
> there, but because the new log directory is empty so named does not have 
> to rename anything and therefore it worked. Chances are as soon as the 
> circular log files start to pop up named will stop working.
> 
> Is there a solution to this problem? What extra permissions are required 
> to rename the log files when it already has full control? By the way our 
> log file setting is "versions 50 size 25M" if that matters.
> 
> Thanks! Peter

Look at the ISC BIND service and make certain that the service is run
under the account you think it is. You can also look at the task manager
and check the "Show processes from all users" box and look to see what
account named is using. The go into the directory properties, grant all
access to the specified account and make sure to specify that it
propogate to all subdirectories. From the CMD line type: CACLS * and see
what permissions you actually have and post it here. Where does the
named.pid file go and does it get written? Also are you sure you have
double backslashes (\\) in the directory path in the application event
log or did you just type that into your message?

Danny


More information about the bind-users mailing list