When Seq is deployed on Windows, it is best practice to run the Seq Windows Service using a service account with non-administrative permissions.
When the account is created, it will not be able to log in as a service by default. Before configuring Seq, grant the service Log on as a Service rights (instructions).
The Seq service needs to be removed and re-added with the username and password of the service account supplied; this will also normally configure other required permissions for the account:
seq service uninstall seq service install -u <DOMAIN\user> -p <password>
The username must be specified as
Don't forget to supply the
seq service installif you want Seq data stored in a non-default location.
In some cases, if the service user is a domain account, then it must be started manually the first time from Services.msc before the credentials will be accepted (reports are infrequent and the causes currently unknown).
If Seq still will not start, ensure the account has:
- Read/write access to storage locations - the account must be able to read and write the configured storage location (by default
C:\ProgramData\Seq) as well as the log file location (
C:\ProgramData\Seq\Logs, even if storage is configured differently)
- Permission to listen on the hostname/port/path -
netsh http add urlaclcan be used to configure this manually
Attempting to start Seq interactively with
runas /user:<username> seq run can sometimes reveal issues in the server's console output, if the log file in
C:\ProgramData\Seq\Logs does not show any information.
Updated about 1 year ago