Windows' service control loses its "Connect as" at each reboot

Guillaume 21 Reputation points

Hi all,

So we have this painfull issue where two of our services across our infrastructure ALWAYS loses their "open session as" at reboot;

here exemple here our Azure AD Sync,
everythime the fix is to

  • go there
  • Seach for account in AD, (we've tried DOMAIN\user or user@keyman .local, same result)
  • reenter the password (we've triple checked it is the good one, didint changed, didnt expire, ..)
  • restart the service and it just go

Windows' Event Viewers shows a refused connection in a loop of events 7041->7031->7000

Message in French sry, it says :

"The ------ service was unable to log on as NT Service------ with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer.
Service: --------
Domain and account: <Account name>
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

like in

Any trail or idea is welcome

Thank you all,
Have a great day

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,845 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,508 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan, John 81 Reputation points

    So did you check if the "log on as service" right is assigned?

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Limitless Technology 26,656 Reputation points


    Thank you for posting your query.
    Kindly follow the steps provided below to resolve your issue.

    If you change the ADSync service account password, the Synchronization Service will not be able start correctly until you have abandoned the encryption key and reinitialized the ADSync service account password.

    Go to this link for your reference and other troubleshooting procedures


    If the answer is helpful kindly click "Accept as Answer" and up vote it.

    0 comments No comments

  2. Guillaume 21 Reputation points

    Hi, Thx for your answer

    I'm Trying the solution provided but it doesnt works

    "PS C:\Program Files\Microsoft Azure AD Sync\Bin> .\miiskmu.exe /a
    The operation encountered an error and cannot be completed.
    Error Code: 80131904"

    I've tried it

    • with my AD Account with admin permissions
    • with local Administrator
      for each
    • by command line
    • by GUI

    command line straight up give mentioned error

    GUI gives :
    "fail: user does not have required permsission for this computer .."
    its from when I saw this with my AD admin account that I enable local admin and re tried from here,
    this is taken from local administrator acccount.

    also search for error 80131904
    among other

    this makes no sens

    I a bit lost here :/

    Thx you in advance for any further ideas

    0 comments No comments

  3. MotoX80 25,671 Reputation points

    Thx you in advance for any further ideas

    Use gpresult to check to see if there is a policy that is resetting the logon as service right.

    Enable auditing for account management and policy change (success and failure) and see if anything shows up in your security eventlog that references that account.