Biztalk service account permissions

Similar Messages

• What is the effect of the service account permissions

  Hi,
  What is the effect of the service account permissions? For example, suppose the service account for SQL Server database engine is SomeDomain\A, and has no permission to execute stored procedure X, and a user with domain account SomeDomain\B does have the
  said permission. Which one will prevail, i.e. can the user execute stored procedure X? If so, what permissions must I give the service account SomeDomain\A?
  I am asking this in the context of planning deployment in the production environment of a data warehouse application.
  Cheers,
  Jerome
  Jerome Smith BI Consultant, MCP

  Hi Jerome,
  Service account for SQL Server Database Engine only have limited permissions. To grant the account permission to execute stored procedure X, please refer to the following
  query:
  USE database;
  GRANT EXECUTE ON OBJECT::dbo.X
  TO SomeDomain\A;
  GO
  Since the user is in the context of planning deployment in the production environment of a data warehouse application, we may need to add some additional permissions. For more details, please refer to the following blog:
  http://blogs.msdn.com/b/data_otaku/archive/2011/06/28/securing-the-data-warehouse.aspx
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• BizTalk Service Account and Groups

  Hi,
  I need to install BizTalk server 2013 in Development server, please let me know the list of BizTalk service Account and What are all the groups need to  be created.
  Regards, Aboorva Raja R Please remember to mark the replies as answers if they help and unmark them if they provide no help.

  Hi
  You can find complete list of service accounts and groups on
  Windows Group and User Accounts in BizTalk Server MSDN page.
  These accounts needs to be created in your Active Directory server. 
  I would suggest you to have a look of
  Installing BizTalk Server 2010 in a Basic Multi-Computer Environment: The need for a Domain Controller – Windows Groups and Service Accounts (Part 2) blog post . Although this is for BizTalk 2010, but this may give you some idead about Accounts used in
  BizTalk setup.
  Also please have a read of
  Installation Overview for BizTalk Server 2013 and 2013 R2 
  Feel free to post any errors you get while installing. 
  Greetings,HTH
  Naushad Alam
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or
  Mark As Answer
  alamnaushad.wordpress.com

• Directory Synchronization with different Service Account Permissions than "Enterprise Admin"

  Hello,
  I would like to ask whether there is a way to install and configure DirSync tool with the account different than Enterprise Admin. Please let me know if there are alternate methods to accomplish that.
  Thanks,
  NerKO

  No.
  This screen will not allow you to continue without Enterprise Admin rights.  Understand however, this account is used for 5 seconds, and not saved anywhere once the wizard completes.
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Make WDS Service account approve pending devices in WINDOWS DEPLOYMENT SERVICES

  Hi Technet and all other people reading this.
  I am at the moment trying to get a Service account(WDSService) to approve pending devices in Windoes Deployment Services on a WDS server.
  I have created a domain called LALALA.dk on a server(DNS is included in the domain), and installed windows deployment services on another server. The Deployment service is setup to prestage devices, and therefore devices needs to be approved before it can
  be deployed.
  My problem is that at the moment, we are using Domain Admin accounts to do the approving and i wish to change that to a service account, made specially for this job which ofc. should have minimum right. Because i have a very hard time understanding
  why i NEED to grant domain admin rights or local admin rights to a person just so that he can approve pending devices. There has to be a way to use a service account to do the job.
  I have done some research and found out that local admin, domain admins and enterprise admins are the only onces that have the permission to approve pending devices, and that a problem for me, when i want a service account to do it for me(Not automatically)
  but a service account that can name and approve devices manually.
  Here is what i have allready tried.
  1. making WDSService run the Windows Deployment Services (service), but this didnt work because it lacks the permissions needed.
  2. I have given the read+write permissions on the remoteinstall folder, even tried with full control.
  3. Delegate control on the OU in active directory, to create computer object, with full write permissions. I also tried with full control. I added both WDSServer$ and the service account(WDSService) on the OU. Still nothing.
  4. I then downloaded subinacl tool, and granted WDSService account permission to start, stop the service, even tried with full control on the Windows Deployment Service(WDSServer as server_name). I get error 1297 something with priviledge missing from the
  service account to perform the actions. So still nothing. Which is really weird when i ran a command i cant remember now, where i could see that the service account had full permission granted to the service, and still was'nt able to start the service.
  5. I then tried to create a script using WDSUTIL, but was not able to grant the service account permissions to perform the action of approving pending devices. And i dont want to use a script everytime i need to approve a device.
  6. Since the local system account is running the Windows Deployment Service , my thought was to join the WDSService account to the built-in NT AUTHORITY/local system or NT AUTHORITY/local service, this seems impossible from what i experienced, unless you
  are super powershell geek i quess you can, so this option didnt get me anywhere as well.
  6. I then created a gpo granting wdsservice account the "log on as a service" policy on the Windows deployment service Server, still nothing works as attended. I still get error 1297.
  7.I tried copying the registry keys (WDSSERVER) from the HKEY_LOCAL_MACHINE hive on the WDS Server, and imported it into my Domain's registry, but could'nt find the service i wanted to grant permissions to in the group policy settings (computer configuration/policies/windows
  settings/security settings/System Services) I then created a registry entry with group policy (computer configuration/policies/windows settings/security settings/registry) to point to (local machine/system/controlset001/services/WDSServer) and granting
  WDSService account full control and deployed the policy to the Deployment server. Nothing happend and i still cant approve pending devices with my service account.
  from my understanding service account where created to maintain small certain tasks or actions with limited permissions, so if comprimised they could only do very little damage, and so that this account can be setup to perform the tasks without any administation
  of the account. So my question is, is it even possible to achieve what i want = granting a service account the permission to perform the action of approving pending devices on a Windows Deployment Server, and if so how ? 
  I am so confused over this and I am really reaching the limits of my understanding of this.
  Help is very much appreciated.
  Henrik Larsen

  Hi ZeR1X,
  The Require Administrator approval is for unknown computers.
  The similar thread:
  WDS - Request administrator approval not working
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/b9088be7-7afe-4e2b-b5fb-4554a92c4a2a/wds-request-administrator-approval-not-working
  More information:
  Windows Deployment Service fails to start with error information of 0x5
  http://support.microsoft.com/kb/2009647
  WDS 3.01 Troubleshooting Guide
  http://technet.microsoft.com/en-us/library/cc754828(v=ws.10).aspx
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Are Group Managed Service Accounts supported by BizTalk?

  Hi all,
  I saw that there is already a discussion about the Managed Service Accounts support in BizTalk (http://social.msdn.microsoft.com/Forums/en-US/ffcea33b-652b-4866-8bb2-21ffc7d8bffa/are-managed-service-accounts-supported-in-biztalk?forum=biztalkgeneral) with
  a clear response to NO.
  But Windows 2012 R2 introduced the "Group Managed Service Accounts" which seems to be a better way to workaround the MSA limitations.
  Are the gMSA supported in BizTalk?
  Thanks.

  While the documentation mentions that gMSA are managed by the Domain Controller and is introduced in Windows Server 2012. I interpret this to imply that this functionality would be AVAILABLE ONLY if you're running your DOMAIN CONTROLLERS on a Windows Server
  2012 or higher DOMAIN.
  If you just setup BizTalk on a Windows Server 2012 machine but in a domain which is running on Windows Server 2003 or 2008 compatibility mode because of other things such as Exchange, etc. then you WOULD NOT be able to leverage the gMSA functionality.
  If on the other hand, your domain controllers are running Windows Server 2012 and Domain Level is Windows Server 2012 then you should be able to leverage gMSA accounts for BizTalk/SQL/IIS Service accounts.
  Regards.
  NOTE: The effect of a gMSA account on the Enterprise SSO service which has a serious dependency on the service account password and encryption however would still need to be evaluated.

• Service account not inheriting AD group membership permissions on SQL Server

  I am adding Active Directory groups as logins and database users to our SQL Servers. A service account added to an AD group did not inherit the group permissions that the user accounts did. Can there be different attributes of service accounts that would
  prevent service accounts from inheriting the permissions of AD groups?
  Example: An AD Group AD_group contains a service account user, svc_account and a user account, user_account. AD_group is added to a SQL Server as a login. User_account can log in to SQL Server but svc_account cannot.

  SQL Server will use the information within the token used for authentication, so it may be possible that the service has a stale token (i.e. the token has not been refreshed or the service has not restarted) since you made the changes to the AD group.
  I would recommend using a tool such as ProcessExplorer (https://technet.microsoft.com/en-us/sysinternals/bb896653) to make sure the token for the process is showing the latest group
  memberships properly.
  I hope this helps,
  -Raul Garcia
     SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Are Managed Service Accounts Supported in BizTalk?

  Hello,
  Does BizTalk Server support the use of Managed Service Accounts for running host instances? Please see: http://technet.microsoft.com/en-us/library/dd560633(v=ws.10).aspx
  Thank You,
  PBR

  I would not say complete No. Its yes and no.
  Yes- You can use MSA on a single server quick (quick in terms of building an environment for test/dev) test BizTalk environment/dev. Is it a good practice to use MSA ? then its no.
  Strict No: For multi-computer environment or in cluster, obviously you can't use MSA. Its also one of the limitations of MSA that it can't span multiple computers.
  but there is no official word from BizTalk (at least I can't find one) to say not to use it in BizTalk. Its not advisable to use MSA in BizTalk, but you can in single-server dev./test environment technically.
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Do Group Managed Service Accounts require permissions to run service in question?

  I'm testing out GMSA (Group Managed Service Accounts) in Windows 2012 R2. My domain and forest functional level is 2008 R2 (which I understand is the minimal functional level for GMSA support). 
  Question I have is if I create a new GMSA for a particular service, does the GMSA require permissions to run service? For example, SQL rights, IIS rights, etc...
  Also, can they be used to run scheduled tasks? Thanks.

  a gMSA is like any other service account. when you it you need to prepare for whatever the app/service requires. the you eed to think HOW to implement. the HOW focusses on if you can use gMSA for the app/service or not, because it depends on the app and
  the underlying os
  regarding scheduled task support for gMSA  see
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/42273a38-05dc-4f62-b915-8f55480d59bd/how-do-i-use-a-group-managed-service-account-with-the-task-scheduler?forum=winserver8gen
  https://technet.microsoft.com/en-us/library/hh831782.aspx
  http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
  Cheers,
  Jorge de Almeida Pinto
  Principal Consultant | MVP Directory Services | IAM Technologies
  COMMUNITY...:
  DISCLAIMER: This post is provided "AS IS" with no warranties of any kind, either expressed or implied, and confers no rights! Always evaluate/test yourself before using/implementing this!

• EWS API - Impersonating to update a calendar item created by any other user than a service account, raise an error "Access is denied. Check credentials and try again."

  Hi,
  I am new to using EWS managed APIs.
  Following is the issue:
  1. I am using a service account e.g. [email protected]. This user is a global administrator and also has ApplicationImpersonation role assigned. (Sign into Online Office 365 account -> Admin -> select "Exchange" tab- > select Permissions
  on the left panel -> create an impersonation role -> assign ApplicationImpersonation in Roles: and [email protected] in Members: -> Click on save)
  2. Create a calendar item by other user for e.g. [email protected], and invite an attendee - [email protected].
  3. In a c# program, I connect to EWS service using a service account - [email protected], fetch its calendar events. If organizer of an event is some other user - [email protected] then
  I use impersonation in the following way to update the calendar event/item properties- subject, body text etc.
          private static void Impersonate(string organizer)
              string impersonatedUserSMTPAddress = organizer;
              ImpersonatedUserId impersonatedUserId =
                  new ImpersonatedUserId(ConnectingIdType.SmtpAddress, impersonatedUserSMTPAddress);
              service.ImpersonatedUserId = impersonatedUserId;
  4. It was working fine till yesterday afternoon. Suddenly, it started throwing an exception "Access is denied. Check credentials and try again." Whenever I try to
  update that event.
         private static void FindAndUpdate(ExchangeService service)
              CalendarView cv = new CalendarView(DateTime.Now, DateTime.Now.AddDays(30));
              cv.MaxItemsReturned = 25;
              try
                  FindItemsResults<Item> masterResults = service.FindItems(WellKnownFolderName.Calendar, cv);
                  foreach (Appointment item in masterResults.Items)
                      if (item is Appointment)
                          Appointment masterItem = item as Appointment;
                          if (!masterRecurEventIDs.Contains(masterItem.ICalUid.ToString()))
                              masterItem.Load();
                              if (!masterItem.Subject.Contains(" (Updated content)"))
                                  //impersonate organizer to update and save for further use
                                  Impersonate(masterItem.Organizer.Address.ToString());
                                  // Update the subject and body
                                  masterItem.Subject = masterItem.Subject + " (Updated content)";
                                  string currentBodyType = masterItem.Body.BodyType.ToString();
                                  masterItem.Body = masterItem.Body.Text + "\nUpdated Body Info:
  xxxxxxxxxxxx";
                                  // This results in an UpdateItem operation call to EWS.
                                  masterItem.Update(ConflictResolutionMode.AutoResolve);
                                  // Send updated notification to organizer of an appointment
                                  CreateAndSendEmail(masterItem.Organizer.Address.ToString(), masterItem.Subject);
                                  masterRecurEventIDs.Add(masterItem.ICalUid.ToString());
                              else
                                  Console.WriteLine("Event is already updated. No need to update again.:\r\n");
                                  Console.WriteLine("Subject: " + masterItem.Subject);
                                  Console.WriteLine("Description: " + masterItem.Body.Text);
              catch (Exception ex)
                  Console.WriteLine("Error: " + ex.Message);
  5. What could be an issue here? Initially I thought may be its a throttling policy which is stopping same user after making certain API call limits for the day, but I am still seeing this issue today.
  Any help is appreciated.
  Thanks

  Your logic doesn't sound correct here eg
  2. Create a calendar item by other user for e.g. [email protected], and invite an attendee - [email protected]
  3. In a c# program, I connect to EWS service using a service account - [email protected], fetch its calendar events. If organizer of an event is some other user - [email protected] then
  I use impersonation in the following way to update the calendar event/item properties- subject, body text etc.
  When your connecting to [email protected] mailbox the only user that can make changes to items within
  abccalendar is abc (or ABC's delegates). If your impersonating the Organizer of the appointment pqr that wouldn't work unless the organizer had rights to abc's calendar. If you want to make updates to a calendar
  appointment like that you should connect to the Organizers mailbox first update the original, send updates and then accept the updates.
  When you impersonate your impersonating the security context of the Mailbox your impersonating so its the same a logging on as that user in OWA or Outlook.
  Cheers
  Glen

• SCVMM 2008 R2 - "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS)."

  I know this question has been asked before, but never for R2, that I can tell, and the posted fixes aren't working. I have just installed SCVMM 2008 R2 on a Windows Server 2008 R2 server, using a remote SQL 2008 SP1 database. When I attempt to connect to SCVMM, I get the following error:
  "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).
  Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.
  ID: 2607"
  What I've seen online is that this is usually becuase the domain account SCVMM is running as does not have the proper permissions on the SQL database. Here's what I've confirmed:
  1) My SCVMM service account is a local admin on the SCVMM server
  2) My SCVMM service account is a dbowner on the SCVMM database in SQL
  3) My SQL service account is a dbowner on the SCVMM database in SQL
  4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still "doesn't have access to AD DS," which is obviously untrue)
  5) Neither service account is locked out
  Has anyone run in to this? It says in Technet that remote SQL 2008 is supported, as long as the SQL management studio is installed to the SCVMM server, and I installed and patched before I began the SCVMM installation. I just don't know what else to try - I have no errors in event logs, no issues during the installation itself...
  Andrew Topp

  That answer was very unhelpful fr33m4n. The individual mentions that they've received the error that points to the KB article. I currently receive the same error -- there seems to be no resolution. I've run the Microsoft VBS script to add TAUG to the WAAG
  as suggested by 331951, and that made absolutely no difference.
  1) My SCVMM service account is a local admin on the SCVMM server
  2) My SCVMM service account is a dbowner on the SCVMM database in SQL
  3) My SQL service account is a dbowner on the SCVMM database in SQL
  4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still
  "doesn't have access to AD DS," which is obviously untrue)
  The user is also a member of WAAG, the machines have delegated authority to each other. Is there any other solution?

• Service Accounts for Reporting Service in SQL Server Failover Cluster setup

  I am setting up 2 Report Services (SSRS) in SQL Failover Clustering (Version: 2012SP1) on Windows 2012, as part of scale out architecture.
  There are 2 options to configure the service account for SSRS:
  Option 1) Using domain accounts, as what I have done for DB Engine and SQL Agent.
  Option 2) accept the default, which is virtual account for SSRS. Per documentation URL:
  http://msdn.microsoft.com/en-us/library/ms143504.aspx
  which is the recommended one? is it option 2?
  There is security note on above URL as well, but does not clearly mention that option 1 is not recommended.
  Security Note:  Always run SQL Server services by using the lowest possible user rights. Use a MSA or  virtual account when possible. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead
  of a shared account for SQL Server services. Use separate accounts for different SQL Server services. Do not grant additional permissions to the SQL Server service account or the service groups. Permissions will be granted through group membership or granted
  directly to a service SID, where a service SID is supported.
  Thanks very much for your help!

  Hi Luo Donghua,
  In SQL Server Failover Cluster Instance, personally two options can run well. If you use the virtual account for SQL Server Reporting Service. Virtual accounts in Windows Server 2008 R2 and Windows 7 are managed local accounts that provide the features to
  simplify service administration. The virtual account is auto-managed, and the virtual account can access the network in a domain environment.
  Of cause, you can also use domain accounts in your clustering. 
  Just make sure your service account is set up here, or that it is using a proper built-in account.For more information, see:http://ermahblerg.com/2012/11/08/cluster-ssrs-in-2008/
  Thanks,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• Scheduled Task as Service Account - Failed to Start 2147943785

  I am attempting to run some powershell scripts that update membership of groups based on role attribute on users, then also grabs members of some groups and updates other groups with these members.
  I've delegated access through "security" to give this service account write:member and write:memberof for the Groups OU and write:memberof for the OUs containing the user accounts.
  I've updated my Default Domain Policy to give this service account Log On As Batch Job permissions.
  The scheduled task is running from a Domain Controller.
  When I attempt to run the task as the service account I receive the following:
  Task Scheduler failed to start "\SITE Role Membership" task for user "DOMAIN\GroupScripts$". Additional Data: Error Value: 2147943785.
  What am I missing here?

  Hi Allister,
  Please follow these steps t troubleshoot:
  Type "gpedit.msc", try to configure the following policy:
   [Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment]
  1.  Log on as a batch job.
  2.  Allow log on locally.
  Add the service sccount domain\username to these two policies.
  Refer to:
  Task Scheduler failed to start - Additional
  Data: Error Value: 2147943785
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna Wang

• Service account permission

  Hello,
  We need to create a service account which should have the below permission for the tasks.,
  Get-ExchangeServer
  Get-Recipient
  Set-ActivesyncMailboxPolicy
  New-ActivesyncMailboxPolicy
  Remove-ActivesyncMailboxPolicy
  Clear-Activesync Device
  Remove-ActivesyncDevice
  Get-CASMailbox
  Set-CASMailbox
  Set-ActivesyncMailboxPolicy
  Get-ActivesyncDeviceStatistics
  What permissions are required to be assigned via RBAC
  Regards, Ajit

  We followed the below mentioned cmdlet
  A)
  Management Role Name EAS
  New-ManagementRole -Name “EAS” -Parent “Organization Client Access”
  Add-ManagementRoleEntry “EAS\Get-ActiveSyncDeviceAccessRule”
  Add-ManagementRoleEntry “EAS\Get-ActiveSyncDeviceClass”
  Add-ManagementRoleEntry “EAS\Get-ActiveSyncOrganizationSettings”
  Add-ManagementRoleEntry “EAS\Get-AuthRedirect”
  Add-ManagementRoleEntry “EAS\Get-CASMailbox”
  Add-ManagementRoleEntry “EAS\Get-ClientAccessArray”
  Add-ManagementRoleEntry “EAS\Get-OutlookProvider”
  Add-ManagementRoleEntry “EAS\Get-RpcClientAccess”
  Add-ManagementRoleEntry “EAS\Remove-ActiveSyncDeviceAccessRule”
  Add-ManagementRoleEntry “EAS\Set-ActiveSyncDeviceAccessRule”
  Add-ManagementRoleEntry “EAS\Set-CASMailbox”
  Add-ManagementRoleEntry “EAS\Write-AdminAuditLog”
  Add-ManagementRoleEntry “EAS\Get-Exchange Server”
  Add-ManagementRoleEntry “EAS”\Get-Recipient”
  Now we need to create a new Role group. So that we can add required sa_***** to this role group.
   B)
  New-RoleGroup “ActiveSync Enable Wipe” -Roles “EAS”
  New-ManagementRole -Name “MailboxManagement” -Parent “Mail Recipients”
  The below cmdlet will only keep Set-CasMailbox  for mailboxmanagement role.
  Get-ManagementRoleEntry “MailboxManagement\*” | where {$_.name -ne “Set-CASMailbox”} | Remove-ManagementRoleEntry
  Only the required roles will be added for mailbox management
  Add-ManagementRoleEntry “MailboxManagement\Get-User”
  Add-ManagementRoleEntry “MailboxManagement\Get-Mailbox”
  Add-ManagementRoleEntry “MailboxManagement\Get-CASMailbox”
  Add-ManagementRoleEntry “MailboxManagement\Get-Recipient”
  Add-ManagementRoleEntry “MailboxManagement\Set-Mailbox”
  Add-ManagementRoleEntry “MailboxManagement\Get-ActiveSyncDeviceStatistics”
  Add-ManagementRoleEntry “MailboxManagement\Clear-ActiveSyncDevice”
  Add-ManagementRoleEntry “MailboxManagement\Remove-ActiveSyncDevice”
  Add-ManagementRoleEntry “MailboxManagement\Remove-ActiveSyncDeviceMailboxPolicy”
  Add-ManagementRoleEntry “MailboxManagement\New-ActiveSyncDeviceMailboxPolicy”
  Add-ManagementRoleEntry “MailboxManagement\Set-ActiveSyncDeviceMailboxPolicy”
  Then we will  add the new management role MailboxManagement to “ActiveSync Enable Wipe” Role Group.
  New-ManagementRoleAssignment –Role “MailboxManagement” –SecurityGroup “ActiveSync Enable Wipe”
  However for the last 3 cmdlets above error message is observed. as the cmdlets will only work with server role permissions.
  How should we proceed further
  Should we execute the cmdlet
  New-ManagementRole -Name “MailboxManagement” -Parent “Server Role” and then proceed below in STep B
  Regards, Ajit

• What permission does the Service account requires on AD for the Workflow manager 1.0 to be configured in SharePoint Farm?

  What permission does the Service account requires on AD for the Workflow manager 1.0 to be configured in SharePoint Farm?
  The workflow manager configuration wizard crashes with the below error when used a domain account (setup account with full prvilige on sql and server). It requires some specific permissions on AD ? I couldnt see any documentation stating what permission
  it requires.
  Can anyone help ?
  Problem signature:
    Problem Event Name:                        CLR20r3
    Problem Signature 01:                       AUTRTV22OQMI5JWSVNDSSNCH0E5DQ2L1
    Problem Signature 02:                       1.0.20922.0
    Problem Signature 03:                       505e1b30
    Problem Signature 04:                       System.DirectoryServices.AccountManagement
    Problem Signature 05:                       4.0.30319.17929
    Problem Signature 06:                       4ffa5bda
    Problem Signature 07:                       3ef
    Problem Signature 08:                       348
    Problem Signature 09:                       KCKGYE1NBUPA2CLDHCXJ0IFBDVSEPD1F
    OS Version:                                          6.2.9200.2.0.0.272.7
    Locale ID:                                             1044
    Additional Information 1:                  8e7b
    Additional Information 2:                  8e7b3fcdf081688bfcdf47496694f0e4
    Additional Information 3:                  c007
    Additional Information 4:                  c007e99b2d5f6f723ff4e7b990b5c691
  Log Name:      Application
  Source:        Application Error
  Date:          27.08.2014 11:47:54
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      OSS01-MAP-226.global.corp
  Description:
  Faulting application name: Microsoft.Workflow.Deployment.ConfigWizard.exe, version: 1.0.20922.0, time stamp: 0x505e1b30
  Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
  Exception code: 0xe0434352
  Fault offset: 0x0000000000047b8c
  Faulting process id: 0x23a0
  Faulting application start time: 0x01cfc1dbe703a8ac
  Faulting application path: C:\Program Files\Workflow Manager\1.0\Microsoft.Workflow.Deployment.ConfigWizard.exe
  Faulting module path: C:\Windows\system32\KERNELBASE.dll
  Report Id: 36f30eb4-2dcf-11e4-9415-005056892fae
  Faulting package full name:
  Faulting package-relative application ID:
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-08-27T09:47:54.000000000Z" />
      <EventRecordID>7471545</EventRecordID>
      <Channel>Application</Channel>
      <Computer>OSS01-MAP-226.global.corp</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Microsoft.Workflow.Deployment.ConfigWizard.exe</Data>
      <Data>1.0.20922.0</Data>
      <Data>505e1b30</Data>
      <Data>KERNELBASE.dll</Data>
      <Data>6.2.9200.16864</Data>
      <Data>531d34d8</Data>
      <Data>e0434352</Data>
      <Data>0000000000047b8c</Data>
      <Data>23a0</Data>
      <Data>01cfc1dbe703a8ac</Data>
      <Data>C:\Program Files\Workflow Manager\1.0\Microsoft.Workflow.Deployment.ConfigWizard.exe</Data>
      <Data>C:\Windows\system32\KERNELBASE.dll</Data>
      <Data>36f30eb4-2dcf-11e4-9415-005056892fae</Data>
      <Data>
      </Data>
      <Data>
      </Data>
    </EventData>
  </Event>
  Log Name:      Application
  Source:        .NET Runtime
  Date:          27.08.2014 11:47:54
  Event ID:      1026
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      OSS01-MAP-226.global.corp
  Description:
  Application: Microsoft.Workflow.Deployment.ConfigWizard.exe
  Framework Version: v4.0.30319
  Description: The process was terminated due to an unhandled exception.
  Exception Info: System.DirectoryServices.AccountManagement.MultipleMatchesException
  Stack:
     at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(System.Type, System.String, System.String, System.DateTime, Boolean)
     at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(System.Type, System.String, System.String, System.DateTime)
     at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(System.DirectoryServices.AccountManagement.PrincipalContext, System.Type, System.Nullable`1<System.DirectoryServices.AccountManagement.IdentityType>, System.String,
  System.DateTime)
     at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(System.DirectoryServices.AccountManagement.PrincipalContext, System.String)
     at Microsoft.ServiceBus.Commands.Common.SecurityHelper.IsUserValid(System.DirectoryServices.AccountManagement.PrincipalContext, System.String)
     at Microsoft.ServiceBus.Commands.Common.SecurityHelper.IsDomainUserValid(System.String, System.String)
     at Microsoft.ServiceBus.Commands.Common.ValidateUserAttribute.Validate(System.String)
     at Microsoft.Deployment.ConfigWizard.UICommon.AccountDetailsViewModel.ValidateDomainUser()
     at Microsoft.Deployment.ConfigWizard.UICommon.AccountDetailsControl.UserIdTextBox_LostFocus(System.Object, System.Windows.RoutedEventArgs)
     at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
     at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
     at System.Windows.Controls.Primitives.TextBoxBase.OnLostFocus(System.Windows.RoutedEventArgs)
     at System.Windows.UIElement.IsFocused_Changed(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.Controls.TextBox.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean,
  System.Windows.OperationType)
     at System.Windows.DependencyObject.ClearValueCommon(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata)
     at System.Windows.DependencyObject.ClearValue(System.Windows.DependencyPropertyKey)
     at System.Windows.Input.FocusManager.OnFocusedElementChanged(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean,
  System.Windows.OperationType)
     at System.Windows.DependencyObject.SetValueCommon(System.Windows.DependencyProperty, System.Object, System.Windows.PropertyMetadata, Boolean, Boolean, System.Windows.OperationType, Boolean)
     at System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object)
     at System.Windows.FrameworkElement.OnGotKeyboardFocus(System.Object, System.Windows.Input.KeyboardFocusChangedEventArgs)
     at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
     at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
     at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
     at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
     at System.Windows.Input.InputManager.ProcessStagingArea()
     at System.Windows.Input.KeyboardDevice.ChangeFocus(System.Windows.DependencyObject, Int32)
     at System.Windows.Input.KeyboardDevice.Focus(System.Windows.DependencyObject, Boolean, Boolean, Boolean)
     at System.Windows.Input.KeyboardDevice.Focus(System.Windows.IInputElement)
     at System.Windows.UIElement.Focus()
     at System.Windows.Documents.TextEditorMouse.MoveFocusToUiScope(System.Windows.Documents.TextEditor)
     at System.Windows.Documents.TextEditorMouse.OnMouseDown(System.Object, System.Windows.Input.MouseButtonEventArgs)
     at System.Windows.UIElement.OnMouseDownThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
     at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
     at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
     at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
     at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
     at System.Windows.Input.InputManager.ProcessStagingArea()
     at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
     at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
     at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
     at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
     at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
     at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
     at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
     at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
     at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
     at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
     at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
     at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
     at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
     at System.Windows.Application.RunInternal(System.Windows.Window)
     at System.Windows.Application.Run()
     at Microsoft.Workflow.Deployment.ConfigWizard.App.Main()
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name=".NET Runtime" />
      <EventID Qualifiers="0">1026</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-08-27T09:47:54.000000000Z" />
      <EventRecordID>7471544</EventRecordID>
      <Channel>Application</Channel>
      <Computer>OSS01-MAP-226.global.corp</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Application: Microsoft.Workflow.Deployment.ConfigWizard.exe
  Framework Version: v4.0.30319
  Description: The process was terminated due to an unhandled exception.
  Exception Info: System.DirectoryServices.AccountManagement.MultipleMatchesException
  Stack:
     at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(System.Type, System.String, System.String, System.DateTime, Boolean)
     at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(System.Type, System.String, System.String, System.DateTime)
     at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(System.DirectoryServices.AccountManagement.PrincipalContext, System.Type, System.Nullable`1&lt;System.DirectoryServices.AccountManagement.IdentityType&gt;,
  System.String, System.DateTime)
     at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(System.DirectoryServices.AccountManagement.PrincipalContext, System.String)
     at Microsoft.ServiceBus.Commands.Common.SecurityHelper.IsUserValid(System.DirectoryServices.AccountManagement.PrincipalContext, System.String)
     at Microsoft.ServiceBus.Commands.Common.SecurityHelper.IsDomainUserValid(System.String, System.String)
     at Microsoft.ServiceBus.Commands.Common.ValidateUserAttribute.Validate(System.String)
     at Microsoft.Deployment.ConfigWizard.UICommon.AccountDetailsViewModel.ValidateDomainUser()
     at Microsoft.Deployment.ConfigWizard.UICommon.AccountDetailsControl.UserIdTextBox_LostFocus(System.Object, System.Windows.RoutedEventArgs)
     at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
     at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
     at System.Windows.Controls.Primitives.TextBoxBase.OnLostFocus(System.Windows.RoutedEventArgs)
     at System.Windows.UIElement.IsFocused_Changed(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.Controls.TextBox.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean,
  System.Windows.OperationType)
     at System.Windows.DependencyObject.ClearValueCommon(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata)
     at System.Windows.DependencyObject.ClearValue(System.Windows.DependencyPropertyKey)
     at System.Windows.Input.FocusManager.OnFocusedElementChanged(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs)
     at System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean,
  System.Windows.OperationType)
     at System.Windows.DependencyObject.SetValueCommon(System.Windows.DependencyProperty, System.Object, System.Windows.PropertyMetadata, Boolean, Boolean, System.Windows.OperationType, Boolean)
     at System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object)
     at System.Windows.FrameworkElement.OnGotKeyboardFocus(System.Object, System.Windows.Input.KeyboardFocusChangedEventArgs)
     at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
     at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
     at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
     at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
     at System.Windows.Input.InputManager.ProcessStagingArea()
     at System.Windows.Input.KeyboardDevice.ChangeFocus(System.Windows.DependencyObject, Int32)
     at System.Windows.Input.KeyboardDevice.Focus(System.Windows.DependencyObject, Boolean, Boolean, Boolean)
     at System.Windows.Input.KeyboardDevice.Focus(System.Windows.IInputElement)
     at System.Windows.UIElement.Focus()
     at System.Windows.Documents.TextEditorMouse.MoveFocusToUiScope(System.Windows.Documents.TextEditor)
     at System.Windows.Documents.TextEditorMouse.OnMouseDown(System.Object, System.Windows.Input.MouseButtonEventArgs)
     at System.Windows.UIElement.OnMouseDownThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
     at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
     at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
     at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
     at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
     at System.Windows.Input.InputManager.ProcessStagingArea()
     at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
     at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
     at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
     at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
     at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
     at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
     at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
     at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
     at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
     at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
     at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
     at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
     at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
     at System.Windows.Application.RunInternal(System.Windows.Window)
     at System.Windows.Application.Run()
     at Microsoft.Workflow.Deployment.ConfigWizard.App.Main()
  </Data>
    </EventData>
  </Event>

  Hi Karthik,
  You could refer to the series of videos below to install and configure workflow manager in SharePoint 2013:
  http://technet.microsoft.com/en-us/library/dn201724(v=office.15).aspx
  The Episode 2 describes the necessary account in AD with right permission in the installation process:
  http://technet.microsoft.com/en-us/library/dn201724(v=office.15).aspx#episode2
  Regards,
  Rebecca Tu
  TechNet Community Support