How to: Set the FDHOST Launcher (MSSQLFDLauncher) Service Account for Full-Text Search (SQL Server Configuration Manager)
This topic describes how to set the service account for the FDHOST Launcher service (MSSQLFDLauncher) by using the SQL Server Configuration Manager. The FDHOST Launcher service is used by full-text search in SQL Server 2008 R2 to start the filter daemon host process, which handles full-text search filtering and word breaking. This service must be running to use full-text search.
The FDHOST Launcher service is an instance-aware service that is associated with a specific instance of SQL Server. The FDHOST Launcher service propagates the service account information to each filter daemon host process. For information about filter daemon host processes, see Full-Text Search Architecture.
Security Recommendations
The recommended account for the FDHOST Launcher service depends on the operating system:
On Windows Vista and Windows Server 2008
For enhanced security, on Windows Vista and Windows Server 2008, the default account assigned to the FDHOST Launcher service is the Local Service account. SQL Server 2008 R2 uses new security features available in Windows Vista and Windows Server 2008 to provide a high level of security and isolation for the FDHOST Launcher service and FDHOST process running as Local Service. Therefore, on Windows Vista and Windows Server 2008, we recommend that you always use the Local Service account for the FDHOST Launcher. On these platforms, you should not configure the FDHOST Launcher service to run under any other account.
On Windows XP or Windows Server 2003
When you install SQL Server 2008 R2 full-text search on Windows XP or Windows Server 2003, SQL Server 2008 R2 Setup prompts you for the account and password for the FDHOST Launcher service. For security reasons, do not specify Local System, Local Service, or a Network Service account as the service account. On Windows XP or Windows Server 2003, using one of these accounts might unnecessarily elevate privileges for the service and reduce the security of your SQL Server installation.
Therefore, we strongly recommend that you assign a low-privileged local user account with User rights and permissions on the local computer. To ensure you are running the service with the least possible privileges, we also recommend giving each instance of full-text search a dedicated service account. If the instance of SQL Server full-text search service is installed on a domain server, assign the service account to a domain user account.
Important
If you use a local user account for the FDHOST Launcher service and the Windows password associated with the account expires, set a new Windows password for the account and then use SQL Server Configuration Manager to update the FDHOST Launcher service to use the new password.
We recommend that you use an FDHOST Launcher service account that meets the best practices for a secure SQL Server environment. For more information on setting up secure service accounts for the FDHOST Launcher service, see Setting Up Windows Service Accounts.
If you do not provide the account and password, the service defaults to a Local Service account, and the service is disabled.
Procedures
To set the FDHOST Launcher service account for full-text search
On the Start menu, point to All Programs, point to Microsoft SQL Server 2008 R2, point to Configuration Tools, and then click SQL Server Configuration Manager.
In SQL Server Configuration Manager, click SQL Server 2008 Services, right-click MSSQLFDLauncher <instance name>, and then click Properties.
Click the Log On tab of the SQL Server Full-text Search <instance name> Properties dialog box, select This account, and enter the Windows Account Name under which to run each process created by the FDHOST Launcher service. We recommend that you specify a low-privileged local user account with User rights and permissions on the local computer.
In the Password text box, enter the password for this account, and then re-enter it in the Confirm password text box. To look up a particular user or group, click Browse.
Important
If you want to run the FDHOST Launcher service under the Local Service account, despite our recommendation to use a local user account with low privileges, click Apply and then change the account to Local Service. SQL Server Configuration Manager will automatically add the Local Service account to the FDHOST group, which enables the FDHOST Launcher service to run in the Local Service account.
Click Restart to restart the FDHOST Launcher service.
If the FDHOST Launcher Service Does Not Start
If the FDHOST Launcher service does not start, one or more of the following might be the cause:
The password associated with the FDHOST Launcher service account has expired.
If you use a local user account for the FDHOST Launcher service and your password expires, you need to:
Set a new Windows password for the account.
In SQL Server Configuration Manager, update the FDHOST Launcher service to use the new password.
The user account or password of the service account is incorrect.
The FDHOST Launcher service might attempt to log in with an incorrect user account and password. Follow the procedures above to verify that the user account for the service has not been changed.
The account used to log in to the service does not have privileges.
You might be using an account that does not have login privileges on the computer where the server instance is installed. Verify that you are logging in with an account that has User rights and permissions on the local computer.
Another instance of the same named pipe is already running.
The SQL Server service acts as a named pipe server for the FDHOST Launcher service client. If the named pipe was already created by another process before SQL Server starts, an error will be logged in the SQL Server error log and the Windows Event Log, and full-text search will not be available. Determine what process or application is attempting to use the same named pipe and stop the application. For more information on understanding protocol errors in SQL Server startup, see Troubleshooting Protocol Errors During Database Engine Startup.
The FDHOST Launcher service is not configured correctly.
The service may not be configured correctly on the local computer.
If named pipes functionality has been disabled on the local computer, or if SQL Server has been configured to use a named pipe other than the default named pipe, the FDHOST Launcher service might not start.
For more information on named pipe protocols in SQL Server 2008 R2, see Client Protocols - Named Pipes Properties.
The SQL Server service group does not have permission to start FDHOST Launcher service.
During the installation of SQL Server 2008 R2, the SQL Server service group is granted default permission to manage, query, and start the FDHOST Launcher service. If SQL Server service group permissions to the FDHOST Launcher service account have been removed after SQL Server 2008 R2 installation, the FDHOST Launcher service will not start, and full-text search will be disabled. Make certain the SQL Server service group has permissions to the FDHOST Launcher service account.