Apr 22 2017

Managed Service Account Fails after Reboot

Published by at 9:01 pm under Windows




Windows services can be started with a Managed Service Account (MSA) for the sake of security and easy management.
 
It was working just fine until I initiated a server reboot. The service would not start. Opening the service and wiping out the password field makes the service start again.
 
What could be wrong?
Let’s focus on the message displayed when setting up the MSA: The account has been granted the Log On As a Service right.
This setting can be overwritten by a group policy (GPO) that could be applied globally on the domain.
 
An easy way to check which accounts are given the Log On As a Service Right is to run rsop.msc.

 
Browse to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment and check that your Managed Service Account is in the list under the Security Policy Setting. If not, update your GPO and check the policy comes first in the Precedence tab.


No responses yet

Trackback URI | Comments RSS

Leave a Reply