Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

2012 STD - Add RDP Role, Failure

Posted on 2014-02-25
10
Medium Priority
?
2,398 Views
Last Modified: 2014-03-02
ON 2012 STD (not r2)  Server Trying to Add the RDP Role (Session Based) get the following error.  How do I Specifically make the change needed to get around this.  Thanks.


Event 7041

The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
 
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
 
This service account does not have the required user right "Log on as a service."
 
User Action
 
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
 
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
0
Comment
Question by:howmad2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39885947
That is one of the most descriptive error messages you can get. The "user action" section tells you what to do and even suggests what tool to use. If you launch the local security policy as it suggests, there is a list of various security privileges, and one of them will be "log on as a service." It is actually pretty tough to get more detailed than that error message already is.
0
 

Author Comment

by:howmad2
ID: 39885992
The 2012 Server is on a domain as a member server.  GPEdit from the local server has the Log on as a Service for editing grayed out.  

On the DC Group Policy Management and edited the default domain policy  / Security Settings / Local Policy / User Right Assignment / Log On as  a Service /  - was able to add the NetWork Service user and GPUpdate / Force.  

Adding Remote Desktop / Session Host fails the same way...
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39886147
If you look at the error, what needs the permissions is a SQL service account, not the network service. NT does not stand for network, it is the standard naming for all service accounts and the naming is a throwback to Windows NT some 20+ years ago.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:howmad2
ID: 39886288
Cliff.  I (really) appreciate you patience....in my case...looking at my original post....what is the name of the SQL Service account and where can I find it...
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39886315
account: NT SERVICE\MSSQL$MICROSOFT##WID
0
 

Author Comment

by:howmad2
ID: 39886353
where do I find NT SERVICE\MSSQL$MICROSOFT##WID and what permission do I add.  Thank You.
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39886454
You give it the logon as service right. It should be an account already present on the local server.
0
 

Author Comment

by:howmad2
ID: 39886593
if you mean on the 2012 server intended to be the RDP server......under Computer Management  / Users......  there is no user called  MSSQL$MICROSOFT##WID
0
 

Accepted Solution

by:
howmad2 earned 0 total points
ID: 39887144
what was needed was go to the DC.  Under Group Policy Management, Group Policy Objects, Default Domain Policy, ..... Local Policy, User Right Assignment, Log On As a Service,  I Added "NT Service/All Services".  GPUpdate/force and DC and New RDP server and run wizard Again.  

Thanks for staying with me on this..
0
 

Author Closing Comment

by:howmad2
ID: 39898378
Found Answer on my own.  Responses didn't solve issue but were appreciated.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question