When the database becomes inaccessible, Secret Server will try to log errors to the Windows event log. By default, Network Service and standard service accounts will not have permissions to the event log. To fix this, follow these steps:
1. Determine the account that is running Secret Server. This can be done by logging in to Secret Server, clicking on "Administration", and then on "Diagnostics". Look for any of the "Thread Identity" labels. These will contain the identity of Secret Server (often
NT AUTHORITY\NETWORK SERVICE).
You can also determine the identity by logging in and navigating to http://yoursecretserverurl/Installer.aspx
The first step of this installer/updater page will tell you the application pool identity.
2. Open the Registry Editor on the machine running Secret Server (start->run-regedit)
3. On the left, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
4. Right click on the "eventlog" folder in your registry editor and select "Permissions"
5. Give the account running Secret Server Full Control to this folder
6. Make sure that the permissions propagated down. Right click on the "Application" folder, select permissions, and make sure your application has full control. Do the same for the "Security" folder.
Article ID: 220, Created On: 12/20/2011, Modified: 1/25/2012