Solved

When restarting a Windows service, "Log On As" domain user account requires password re-entry

Posted on 2008-10-01
17
2,093 Views
Last Modified: 2012-11-26
I have many Windows 2000 and Windows 2003 services running under a domain user account. Whenever a server has to reboot, I have to go into each service's Properties window, click the Log On tab and re-enter the account password, then start the service. These services are set to start automatically when the server boots. Since it doesn't retain the password, the services do not start. Is there a way to store this account password so that these services start automatically, rather than requiring me to enter the password each time?

Can you please supply instructions (not just the concepts) on how to get these services to start?
0
Comment
Question by:pillsburyrnc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +3
17 Comments
 
LVL 1

Expert Comment

by:panikfan1
ID: 22617467
Does the domain account you are using have the login as a service right?  Check your group policy... Computer Config\Windows Settings\Local Policies\User Rights Assignment\Log on as a service
0
 
LVL 9

Expert Comment

by:Housammuhanna
ID: 22617532
what are these service,
Did you try to start them as a local system Account ?
0
 

Author Comment

by:pillsburyrnc
ID: 22617605
The domain account is in the Administrators group. It is not listed as an individual user account.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:pillsburyrnc
ID: 22617640
The services running as Local System or Network Service that are set to start automatically do so without error. The services I am running cannot run under these accounts. They need to run under a specific domain account.
0
 
LVL 9

Expert Comment

by:Housammuhanna
ID: 22617674
Does this problem happend from the First time you install the server or its new,
is there any thing in event log ?
0
 
LVL 1

Expert Comment

by:panikfan1
ID: 22617839
I had to recently migrate a rightfax server which requires a specific domain account to run the services into a new 2003 AD domain.  We were able to start the services using the specified domain account, but then they would stop within a few minutes.  Adding the account to the group allowed the right to log on as a service in the group policy resolved the issue.  You should definitely check to see if the accounts are listed in the GPO.
Good luck!
0
 

Author Comment

by:pillsburyrnc
ID: 22617993
The problem has always occurred. However, with the increasing number of servers I now have to support and patch every month, this task of starting the services is getting quite cumbersome.
0
 

Author Comment

by:pillsburyrnc
ID: 22618062
To which group did you add the account? I have listed Administrators, Backup Operators, Distributed COM Users, Guests, Network Configuration Operators, Performance Log Users, Performance Monitor Users, Power Users, Print Operators, Remote Desktop Users, Replicator, Users, HelpServicesFroup, IIS_WPG, and TelnetClients.

Could you please explain what a GPO is?

Thanks
0
 
LVL 1

Expert Comment

by:panikfan1
ID: 22618187
GPO is a group policy object.  Go to the group policy management tool (if installed) under Start, Administrative Tools, Group Policy Management.  If you don't have it installed you can get it here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

The policy you need to look at will depend on how your AD structure is setup and what policy(s) are applied to the OU that contains the servers you're having a problem with.  Start with the default domain policy if you're not sure.  Then look under \Computer Config\Windows Settings\Local Policies\User Rights Assignment\Log on as a service

This is where you can specify accounts that are allowed to log on as a service.
0
 
LVL 9

Expert Comment

by:Housammuhanna
ID: 22618238
THat depend
Some service need to work using the Administrators Account
try it , You will need to contact your software company to know what is the account the service need to  run with
the GPO, is Group Policy Object used to control your network

0
 

Author Comment

by:pillsburyrnc
ID: 22618589
I went to Start > Programs > Administrative Tools > Local Security Settings > Local Policies > User Rights Assignment. Under "Log on as a service" policy the domain account I am using to run these services is listed. Any other suggestions?
0
 
LVL 1

Expert Comment

by:panikfan1
ID: 22618776
You checked that on the server that is running the service?  Not sure what else could be causing your problem in that case.  My issue was a little different but similar.
0
 

Author Comment

by:pillsburyrnc
ID: 22619989
Thanks for your help, anyway.
0
 
LVL 4

Accepted Solution

by:
ThorSG1 earned 250 total points
ID: 22621145
If the account shows as DOMAIN\username then try changing it to username@domain.com.  I have seen this happen in the past.

You may also may want to use the Browse button.  Enter the username then enter your password.  It should change the account to username@domain.com
0
 
LVL 5

Expert Comment

by:ostaehr
ID: 22621855
Did you check the "Log on as service" rights after a reboot or after setting the password and starting the service ?

What happens when you re-enter the password: the local right to log on as service is granted to the account and after that you can start the service.
What happens when you reboot the server: the right might be revoked when the GPO is applied to the server and as a matter of that the service won't start any longer - until you change any setting in the service configuration, e.g. the password, and re-grant the right. Please check the Log on as service rights just after the reboot without touching anything else!

As panikfan1 described you should check your GPO on the domain controller - this is NOT the local security settings / local policies !!
0
 
LVL 1

Expert Comment

by:panikfan1
ID: 22624175
Ahh good catch ostaehr... yes the group policy will override the local policy, and the group policies will be re-applied following a restart of the server.  That would explain why it fails to login following the restart.

FYI - You can use the policy results wizard to determine what policies are being applied to the server, which will make it easier to determine what policy needs to be looked at.
0
 

Expert Comment

by:beeri
ID: 38635088
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question