Windows' service control loses its "Connect as" at each reboot

Guillaume 21 Reputation points
2022-11-21T09:52:30.003+00:00

Hi all,

So we have this painfull issue where two of our services across our infrastructure ALWAYS loses their "open session as" at reboot;

here exemple here our Azure AD Sync,
everythime the fix is to

  • go there
  • Seach for account in AD, (we've tried DOMAIN\user or user@keyman .local, same result)
  • reenter the password (we've triple checked it is the good one, didint changed, didnt expire, ..)
  • restart the service and it just go
    262553-image.png

Windows' Event Viewers shows a refused connection in a loop of events 7041->7031->7000
262486-image.png

Message in French sry, it says :

"The ------ service was unable to log on as NT Service------ with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer.
Service: --------
Domain and account: <Account name>
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
"

like in https://learn.microsoft.com/en-us/troubleshoot/sql/admin/error-1069-service-cannot-start

Any trail or idea is welcome

Thank you all,
Have a great day

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,394 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,508 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan, John 81 Reputation points
    2022-12-01T16:41:51.213+00:00

    So did you check if the "log on as service" right is assigned?

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Limitless Technology 44,496 Reputation points
    2022-11-23T17:18:01.747+00:00

    Hi,

    Thank you for posting your query.
    Kindly follow the steps provided below to resolve your issue.

    If you change the ADSync service account password, the Synchronization Service will not be able start correctly until you have abandoned the encryption key and reinitialized the ADSync service account password.

    Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-serviceacct-pass

    -----------------------------------------------------------------------------------------------------------------

    If the answer is helpful kindly click "Accept as Answer" and up vote it.

    0 comments No comments

  2. Guillaume 21 Reputation points
    2022-12-01T15:47:41.973+00:00

    Hi, Thx for your answer

    I'm Trying the solution provided but it doesnt works

    "PS C:\Program Files\Microsoft Azure AD Sync\Bin> .\miiskmu.exe /a
    The operation encountered an error and cannot be completed.
    ...
    Error Code: 80131904"

    I've tried it

    • with my AD Account with admin permissions
    • with local Administrator
      for each
    • by command line
    • by GUI

    command line straight up give mentioned error

    GUI gives :
    266213-capture-decran-2022-12-01-164006.png
    "fail: user does not have required permsission for this computer .."
    its from when I saw this with my AD admin account that I enable local admin and re tried from here,
    this is taken from local administrator acccount.

    also search for error 80131904
    https://community.spiceworks.com/topic/2094881-sql-error-0x80131904
    among other

    this makes no sens

    I a bit lost here :/

    Thx you in advance for any further ideas

    0 comments No comments

  3. MotoX80 34,761 Reputation points
    2022-12-02T00:16:21.11+00:00

    Thx you in advance for any further ideas

    Use gpresult to check to see if there is a policy that is resetting the logon as service right.

    https://www.softwaretestinghelp.com/gpresult-command/

    Enable auditing for account management and policy change (success and failure) and see if anything shows up in your security eventlog that references that account.

    266356-image.png


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.