Service running as domain account does not start

Hello All:

I’m a first time user here so please bear with me.

Background

•      I am the domain admin for a Windows Server 2003/2008 domain. Domain controllers are Windows Server 2003.
•      I recently joined the company and I am not yet entirely familiar with all of the domain-related configurations, including Group Policies settings.
•      The fist occurrence of the issue described below has been traced to a time following fairly significant GPO updates (prior to be joining).

Issue

•      Since I have been, there has been an issue relating to services on servers not starting due to logon failure. This is only discovered after a system restart, or if there is an attempt to restart the service.
•      This only affects services configured to run with domain accounts. Those configured to run with local system accounts start/restart with no issues.
•      The issue is temporarily resolved by inputting the correct domain password for the affected account in the logon tab for the service. (It is then granted the Log on a server right and can be started).
•      The service is able to be restarted for a while afterward with no issues, but after an hour or two, any attempt to restart the service fails (Error 1069).

It is suspected that there is a GPO setting that is causing these issues.

Any ideas, comments, suggestions on how to resolve?
ryandavisAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

greedjCommented:
There is a GPO for "log on as a service".
Leave it undefinded or add all service accounts.
5.In the console tree, click User Rights Assignment.
      Where?
          * GroupPolicyObject [ComputerName] Policy
          * Computer Configuration
          * Windows Settings
          * Security Settings
          * Local Policies
          * User Rights Assignment

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jaroslav MrazCTOCommented:
Do you realy need to run services as domain account? Cant you run it as system?
greedjCommented:
If the service has access to remote file shares or resources, it must run as an account vs system.
ryandavisAuthor Commented:
Thank you - there was a hierarchy of policies that were being applied to the affected machines which had to be changed as per the suggested solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.