Solved

Log on as Service failure.

Posted on 2014-04-30
3
1,269 Views
Last Modified: 2014-05-01
Good morning,

I seem to be seeing some issue with a domain account logging on as a service.

I have create a domain account called 'supav' and have only given it domain user privileges across the domain.

I have used GPO to add this account to the local administrators group on each server which is on the domain. This seems to work with no problem. I created a group called 'Monitoring' and added this and added 'supav' to this group. This seems to be working OK. I again, used GPO, to add the 'monitoring' group to an individual GPO which I have included the 'monitoring' group as authorised to 'Log on as a service'. I have applied this 2 a contain sitting in AD, which contains just 2 of our servers running windows server 2012.

When logging onto the servers and changing the particular service to run as this supav account, I am being prompted that this account is able to start the service as it has the authroisation to do so.

However at 2am each morning, the service stops and starts it self again. However, the service fails to start with the following error:

The kladminserver service was unable to log on as domain\supav with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
 
Service: kladminserver
Domain and account: domain\supav
 
This service account does not have the required user right "Log on as a service."
 
User Action
 
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
 
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

If i go to the server and key in the credentials again and click 'OK' I am able to start the service and all services resume normal activity. Has anyone ever seen this before and know of a solution to this?

thanks in advance.
0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
gurutc earned 500 total points
ID: 40031935
Hi,

This definitely looks like a Group Policy Setting.  Check the Settings for Group Policy for the container where the server object of the server where the account is attempting logon.  When you re-configure the service the account temporarily gets the right, but later Group Policy changes the accounts allowed that right for the server.

- gurutc
0
 

Author Closing Comment

by:ccfcfc
ID: 40034348
When I had specified the group, I hadn't put the domain name in. Modified this so it was listed as domain\supav, ran a GP update and this seems to have resolved the issue.

thank you for your help.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 40034397
cool!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question