Link to home
Start Free TrialLog in
Avatar of howmad2
howmad2Flag for United States of America

asked on

2012 STD - Add RDP Role, Failure

ON 2012 STD (not r2)  Server Trying to Add the RDP Role (Session Based) get the following error.  How do I Specifically make the change needed to get around this.  Thanks.


Event 7041

The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
 
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
 
This service account does not have the required user right "Log on as a service."
 
User Action
 
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
 
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

That is one of the most descriptive error messages you can get. The "user action" section tells you what to do and even suggests what tool to use. If you launch the local security policy as it suggests, there is a list of various security privileges, and one of them will be "log on as a service." It is actually pretty tough to get more detailed than that error message already is.
Avatar of howmad2

ASKER

The 2012 Server is on a domain as a member server.  GPEdit from the local server has the Log on as a Service for editing grayed out.  

On the DC Group Policy Management and edited the default domain policy  / Security Settings / Local Policy / User Right Assignment / Log On as  a Service /  - was able to add the NetWork Service user and GPUpdate / Force.  

Adding Remote Desktop / Session Host fails the same way...
If you look at the error, what needs the permissions is a SQL service account, not the network service. NT does not stand for network, it is the standard naming for all service accounts and the naming is a throwback to Windows NT some 20+ years ago.
Avatar of howmad2

ASKER

Cliff.  I (really) appreciate you patience....in my case...looking at my original post....what is the name of the SQL Service account and where can I find it...
account: NT SERVICE\MSSQL$MICROSOFT##WID
Avatar of howmad2

ASKER

where do I find NT SERVICE\MSSQL$MICROSOFT##WID and what permission do I add.  Thank You.
You give it the logon as service right. It should be an account already present on the local server.
Avatar of howmad2

ASKER

if you mean on the 2012 server intended to be the RDP server......under Computer Management  / Users......  there is no user called  MSSQL$MICROSOFT##WID
ASKER CERTIFIED SOLUTION
Avatar of howmad2
howmad2
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of howmad2

ASKER

Found Answer on my own.  Responses didn't solve issue but were appreciated.