Hi All. I have a 2012 server that is a domain controller in my environment. It is also the Certificate Authority for my domain as well. All of the CA components are installed and working except for NDES. When I go to configure it and specify the service account I want to use for the NDES service, it tells me: "Logon failure: the user has not been granted the requested logon type at this computer". I have added the account in question to the IIS_IUSRS group located under Builtin (I am not sure if that is where it is supposed to go. It says to add it to the local group of that name but as it is a DC, this is the one I think its supposed to be. Am I right?). Also, the SPN has been created for this account as well and that completed successfully. Can anyone tell me what else I should try? Thanks.