Issue with ManageEngine Password Manager Pro v10.5.0 (10500) upgrade
ManageEngine (Upgrade Issue) Thursday, 16 July 2020 by paul

After upgrade ManageEngine Password Manager Pro to the latest release 10.5.0 the postgres database would not start.

Below is an excerpt from PMP Support on the issue:

From version 10402 we have done some security enhancements. Earlier, PostgreSQL data directories in Windows installations were entirely accessible to all locally authenticated users. Now, as a security practice, we have exerted the following measures, applicable for installations under the 'Program Files' directory:

No inherited permissions are allowed for data and configurations directories.
1.    "Authenticated Users" permission has been excluded entirely.
2.    Only the CREATOR OWNER, SYSTEM, Installation User, NT AUTHORITY\Network Service, and Administrators groups will have the Full Control over the directories and also can start PostgreSQL.
You can also refer to our release notes here under the 10402 (7th January 2020). 

So after upgrading to 10500 version the service might not start due to permission issues. You need to reapply the permissions to get the service up and running.
•    Start the Task Manager and kill all Postgres process(make sure show process from all users is selected - For PMP). 
•    Run the PMP service with a privileged account or a Local Admin account. 
•    If it's already running with a privileged account, right-click on the PMP folder ---> Properties ---> Security and provide the PMP service account with full permissions (even if the account is a member of the local admin group). 
•    Rename the logs folder present inside the <PMP_Installation_Directory> as logs.old 
•    Navigate to <PMP_Installation_Directory>/bin directory and look for files names .lock or lockfile. If present, move both these files to any other directory. 
•    Go to <PMP_Installation_Directory>/pgsql/data directory and look for a file named recovery.conf, postmaster.pid. If present, move this file to any other directory. 
•    In case if it still fails, please open the command prompt with the Admin right and then execute the below commands. 
•    icacls "(PMP installation directory)" /grant PMPserviceaccountname:(OI)(CI)F /T
•    icacls "PMP installation directory" /grant currently logged in account to the server:(OI)(CI)F /T
•    service account= mention the account name used for running the PMP service.
•    Currently logged in account to the server= mention the account name currently logged into the PMP server


After following their steps the database did start and the application was working again.

Add Comment
No Comments.