Service running as domain account does not start

Hello All:

I’m a first time user here so please bear with me.

Background

•      I am the domain admin for a Windows Server 2003/2008 domain. Domain controllers are Windows Server 2003.
•      I recently joined the company and I am not yet entirely familiar with all of the domain-related configurations, including Group Policies settings.
•      The fist occurrence of the issue described below has been traced to a time following fairly significant GPO updates (prior to be joining).

Issue

•      Since I have been, there has been an issue relating to services on servers not starting due to logon failure. This is only discovered after a system restart, or if there is an attempt to restart the service.
•      This only affects services configured to run with domain accounts. Those configured to run with local system accounts start/restart with no issues.
•      The issue is temporarily resolved by inputting the correct domain password for the affected account in the logon tab for the service. (It is then granted the Log on a server right and can be started).
•      The service is able to be restarted for a while afterward with no issues, but after an hour or two, any attempt to restart the service fails (Error 1069).

It is suspected that there is a GPO setting that is causing these issues.

Any ideas, comments, suggestions on how to resolve?
ryandavisAsked:
Who is Participating?
 
greedjCommented:
There is a GPO for "log on as a service".
Leave it undefinded or add all service accounts.
5.In the console tree, click User Rights Assignment.
      Where?
          * GroupPolicyObject [ComputerName] Policy
          * Computer Configuration
          * Windows Settings
          * Security Settings
          * Local Policies
          * User Rights Assignment
0
 
Jaroslav MrazCTOCommented:
Do you realy need to run services as domain account? Cant you run it as system?
0
 
greedjCommented:
If the service has access to remote file shares or resources, it must run as an account vs system.
0
 
ryandavisAuthor Commented:
Thank you - there was a hierarchy of policies that were being applied to the affected machines which had to be changed as per the suggested solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.