Apr 22 2017

Managed Service Account Fails after Reboot

Published by at 9:01 pm under Windows

Windows services can be started with a Managed Service Account (MSA) for the sake of security and easy management.

It is working just fine until I initiate a server reboot. The service would not start. Opening the service and wiping out the password field makes the service start again, until the next boot.

What could be wrong?
Let’s focus on the message displayed when setting up the MSA: The account has been granted the Log On As a Service right.
An Active Directory group policy (GPO) may override this setting that could be applied globally on the domain.

An easy way to check which accounts are given the Log On As a Service Right is to run rsop.msc.

Log on as a service policy

Browse to:
– Computer Configuration
-> Windows Settings
-> Security Settings
-> Local Policies
-> User Rights Assignment

Check that the Managed Service Account is in the list under the Security Policy Setting. If not, update Active Directory GPO and check the policy comes first in the “Precedence” tab.

Log on as a service security policy

Now that you’ve checked GPO permissions, the service should be starting at next boot.

No responses yet

Trackback URI | Comments RSS

Leave a Reply