Service running as domain account does not start
Hello All:
I’m a first time user here so please bear with me.
Background
• I am the domain admin for a Windows Server 2003/2008 domain. Domain controllers are Windows Server 2003.
• I recently joined the company and I am not yet entirely familiar with all of the domain-related configurations, including Group Policies settings.
• The fist occurrence of the issue described below has been traced to a time following fairly significant GPO updates (prior to be joining).
Issue
• Since I have been, there has been an issue relating to services on servers not starting due to logon failure. This is only discovered after a system restart, or if there is an attempt to restart the service.
• This only affects services configured to run with domain accounts. Those configured to run with local system accounts start/restart with no issues.
• The issue is temporarily resolved by inputting the correct domain password for the affected account in the logon tab for the service. (It is then granted the Log on a server right and can be started).
• The service is able to be restarted for a while afterward with no issues, but after an hour or two, any attempt to restart the service fails (Error 1069).
It is suspected that there is a GPO setting that is causing these issues.
Any ideas, comments, suggestions on how to resolve?
I’m a first time user here so please bear with me.
Background
• I am the domain admin for a Windows Server 2003/2008 domain. Domain controllers are Windows Server 2003.
• I recently joined the company and I am not yet entirely familiar with all of the domain-related configurations, including Group Policies settings.
• The fist occurrence of the issue described below has been traced to a time following fairly significant GPO updates (prior to be joining).
Issue
• Since I have been, there has been an issue relating to services on servers not starting due to logon failure. This is only discovered after a system restart, or if there is an attempt to restart the service.
• This only affects services configured to run with domain accounts. Those configured to run with local system accounts start/restart with no issues.
• The issue is temporarily resolved by inputting the correct domain password for the affected account in the logon tab for the service. (It is then granted the Log on a server right and can be started).
• The service is able to be restarted for a while afterward with no issues, but after an hour or two, any attempt to restart the service fails (Error 1069).
It is suspected that there is a GPO setting that is causing these issues.
Any ideas, comments, suggestions on how to resolve?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jaroslav Mraz
Do you realy need to run services as domain account? Cant you run it as system?
If the service has access to remote file shares or resources, it must run as an account vs system.
ASKER
Thank you - there was a hierarchy of policies that were being applied to the affected machines which had to be changed as per the suggested solution.