So did you check if the "log on as service" right is assigned?
Windows' service control loses its "Connect as" at each reboot
Hi all,
So we have this painfull issue where two of our services across our infrastructure ALWAYS loses their "open session as" at reboot;
here exemple here our Azure AD Sync,
everythime the fix is to
- go there
- Seach for account in AD, (we've tried DOMAIN\user or user@keyman .local, same result)
- reenter the password (we've triple checked it is the good one, didint changed, didnt expire, ..)
- restart the service and it just go
Windows' Event Viewers shows a refused connection in a loop of events 7041->7031->7000
Message in French sry, it says :
"The ------ service was unable to log on as NT Service------ with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer.
Service: --------
Domain and account: <Account name>
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right."
like in https://learn.microsoft.com/en-us/troubleshoot/sql/admin/error-1069-service-cannot-start
Any trail or idea is welcome
Thank you all,
Have a great day
3 additional answers
Sort by: Most helpful
-
Limitless Technology 44,496 Reputation points
2022-11-23T17:18:01.747+00:00 Hi,
Thank you for posting your query.
Kindly follow the steps provided below to resolve your issue.If you change the ADSync service account password, the Synchronization Service will not be able start correctly until you have abandoned the encryption key and reinitialized the ADSync service account password.
Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-serviceacct-pass
-----------------------------------------------------------------------------------------------------------------
If the answer is helpful kindly click "Accept as Answer" and up vote it.
-
Guillaume 21 Reputation points
2022-12-01T15:47:41.973+00:00 Hi, Thx for your answer
I'm Trying the solution provided but it doesnt works
"PS C:\Program Files\Microsoft Azure AD Sync\Bin> .\miiskmu.exe /a
The operation encountered an error and cannot be completed.
...
Error Code: 80131904"I've tried it
- with my AD Account with admin permissions
- with local Administrator
for each - by command line
- by GUI
command line straight up give mentioned error
GUI gives :
"fail: user does not have required permsission for this computer .."
its from when I saw this with my AD admin account that I enable local admin and re tried from here,
this is taken from local administrator acccount.also search for error 80131904
https://community.spiceworks.com/topic/2094881-sql-error-0x80131904
among otherthis makes no sens
I a bit lost here :/
Thx you in advance for any further ideas
-
MotoX80 34,761 Reputation points
2022-12-02T00:16:21.11+00:00 Thx you in advance for any further ideas
Use gpresult to check to see if there is a policy that is resetting the logon as service right.
https://www.softwaretestinghelp.com/gpresult-command/
Enable auditing for account management and policy change (success and failure) and see if anything shows up in your security eventlog that references that account.