Solved

When restarting a Windows service, "Log On As" domain user account requires password re-entry

Posted on 2008-10-01
17
2,063 Views
Last Modified: 2012-11-26
I have many Windows 2000 and Windows 2003 services running under a domain user account. Whenever a server has to reboot, I have to go into each service's Properties window, click the Log On tab and re-enter the account password, then start the service. These services are set to start automatically when the server boots. Since it doesn't retain the password, the services do not start. Is there a way to store this account password so that these services start automatically, rather than requiring me to enter the password each time?

Can you please supply instructions (not just the concepts) on how to get these services to start?
0
Comment
Question by:pillsburyrnc
  • 6
  • 5
  • 3
  • +3
17 Comments
 
LVL 1

Expert Comment

by:panikfan1
Comment Utility
Does the domain account you are using have the login as a service right?  Check your group policy... Computer Config\Windows Settings\Local Policies\User Rights Assignment\Log on as a service
0
 
LVL 9

Expert Comment

by:Housammuhanna
Comment Utility
what are these service,
Did you try to start them as a local system Account ?
0
 

Author Comment

by:pillsburyrnc
Comment Utility
The domain account is in the Administrators group. It is not listed as an individual user account.
0
 

Author Comment

by:pillsburyrnc
Comment Utility
The services running as Local System or Network Service that are set to start automatically do so without error. The services I am running cannot run under these accounts. They need to run under a specific domain account.
0
 
LVL 9

Expert Comment

by:Housammuhanna
Comment Utility
Does this problem happend from the First time you install the server or its new,
is there any thing in event log ?
0
 
LVL 1

Expert Comment

by:panikfan1
Comment Utility
I had to recently migrate a rightfax server which requires a specific domain account to run the services into a new 2003 AD domain.  We were able to start the services using the specified domain account, but then they would stop within a few minutes.  Adding the account to the group allowed the right to log on as a service in the group policy resolved the issue.  You should definitely check to see if the accounts are listed in the GPO.
Good luck!
0
 

Author Comment

by:pillsburyrnc
Comment Utility
The problem has always occurred. However, with the increasing number of servers I now have to support and patch every month, this task of starting the services is getting quite cumbersome.
0
 

Author Comment

by:pillsburyrnc
Comment Utility
To which group did you add the account? I have listed Administrators, Backup Operators, Distributed COM Users, Guests, Network Configuration Operators, Performance Log Users, Performance Monitor Users, Power Users, Print Operators, Remote Desktop Users, Replicator, Users, HelpServicesFroup, IIS_WPG, and TelnetClients.

Could you please explain what a GPO is?

Thanks
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Expert Comment

by:panikfan1
Comment Utility
GPO is a group policy object.  Go to the group policy management tool (if installed) under Start, Administrative Tools, Group Policy Management.  If you don't have it installed you can get it here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

The policy you need to look at will depend on how your AD structure is setup and what policy(s) are applied to the OU that contains the servers you're having a problem with.  Start with the default domain policy if you're not sure.  Then look under \Computer Config\Windows Settings\Local Policies\User Rights Assignment\Log on as a service

This is where you can specify accounts that are allowed to log on as a service.
0
 
LVL 9

Expert Comment

by:Housammuhanna
Comment Utility
THat depend
Some service need to work using the Administrators Account
try it , You will need to contact your software company to know what is the account the service need to  run with
the GPO, is Group Policy Object used to control your network

0
 

Author Comment

by:pillsburyrnc
Comment Utility
I went to Start > Programs > Administrative Tools > Local Security Settings > Local Policies > User Rights Assignment. Under "Log on as a service" policy the domain account I am using to run these services is listed. Any other suggestions?
0
 
LVL 1

Expert Comment

by:panikfan1
Comment Utility
You checked that on the server that is running the service?  Not sure what else could be causing your problem in that case.  My issue was a little different but similar.
0
 

Author Comment

by:pillsburyrnc
Comment Utility
Thanks for your help, anyway.
0
 
LVL 4

Accepted Solution

by:
ThorSG1 earned 250 total points
Comment Utility
If the account shows as DOMAIN\username then try changing it to username@domain.com.  I have seen this happen in the past.

You may also may want to use the Browse button.  Enter the username then enter your password.  It should change the account to username@domain.com
0
 
LVL 5

Expert Comment

by:ostaehr
Comment Utility
Did you check the "Log on as service" rights after a reboot or after setting the password and starting the service ?

What happens when you re-enter the password: the local right to log on as service is granted to the account and after that you can start the service.
What happens when you reboot the server: the right might be revoked when the GPO is applied to the server and as a matter of that the service won't start any longer - until you change any setting in the service configuration, e.g. the password, and re-grant the right. Please check the Log on as service rights just after the reboot without touching anything else!

As panikfan1 described you should check your GPO on the domain controller - this is NOT the local security settings / local policies !!
0
 
LVL 1

Expert Comment

by:panikfan1
Comment Utility
Ahh good catch ostaehr... yes the group policy will override the local policy, and the group policies will be re-applied following a restart of the server.  That would explain why it fails to login following the restart.

FYI - You can use the policy results wizard to determine what policies are being applied to the server, which will make it easier to determine what policy needs to be looked at.
0
 

Expert Comment

by:beeri
Comment Utility
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Know what services you can and cannot, should and should not combine on your server.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now