• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

Service running as domain account does not start

Hello All:

I’m a first time user here so please bear with me.

Background

•      I am the domain admin for a Windows Server 2003/2008 domain. Domain controllers are Windows Server 2003.
•      I recently joined the company and I am not yet entirely familiar with all of the domain-related configurations, including Group Policies settings.
•      The fist occurrence of the issue described below has been traced to a time following fairly significant GPO updates (prior to be joining).

Issue

•      Since I have been, there has been an issue relating to services on servers not starting due to logon failure. This is only discovered after a system restart, or if there is an attempt to restart the service.
•      This only affects services configured to run with domain accounts. Those configured to run with local system accounts start/restart with no issues.
•      The issue is temporarily resolved by inputting the correct domain password for the affected account in the logon tab for the service. (It is then granted the Log on a server right and can be started).
•      The service is able to be restarted for a while afterward with no issues, but after an hour or two, any attempt to restart the service fails (Error 1069).

It is suspected that there is a GPO setting that is causing these issues.

Any ideas, comments, suggestions on how to resolve?
0
ryandavis
Asked:
ryandavis
  • 2
1 Solution
 
greedjCommented:
There is a GPO for "log on as a service".
Leave it undefinded or add all service accounts.
5.In the console tree, click User Rights Assignment.
      Where?
          * GroupPolicyObject [ComputerName] Policy
          * Computer Configuration
          * Windows Settings
          * Security Settings
          * Local Policies
          * User Rights Assignment
0
 
Jaroslav MrazCTOCommented:
Do you realy need to run services as domain account? Cant you run it as system?
0
 
greedjCommented:
If the service has access to remote file shares or resources, it must run as an account vs system.
0
 
ryandavisAuthor Commented:
Thank you - there was a hierarchy of policies that were being applied to the affected machines which had to be changed as per the suggested solution.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now