K
KoNasl
Hi,
We are implementing a new application that has a service requirement of running as another user on multiple domain controllers. The user account for this service is located in the top level of the forest. The domain controllers running this service are both children of the top level, lets say child1 and child2. We have gone ahead and adjusted the Default Domain Controller Policy to allow this user account into "log on as a service" in both domains. When setting the user on the service in the child1 DCs, the service starts fine. When making the same changes on DCs in child2 we get a "Windows could not start the <service> service on Local Computer. Error 5: Access denied". I tried re-adding the user into the "log on as a service" but that did not help. I can't seem to find any differences.
RSoP was run to verify that the user is set in the "log on as a service" permissions. The application was also reinstalled fresh. Has anyone run into this?
Continue reading...
We are implementing a new application that has a service requirement of running as another user on multiple domain controllers. The user account for this service is located in the top level of the forest. The domain controllers running this service are both children of the top level, lets say child1 and child2. We have gone ahead and adjusted the Default Domain Controller Policy to allow this user account into "log on as a service" in both domains. When setting the user on the service in the child1 DCs, the service starts fine. When making the same changes on DCs in child2 we get a "Windows could not start the <service> service on Local Computer. Error 5: Access denied". I tried re-adding the user into the "log on as a service" but that did not help. I can't seem to find any differences.
RSoP was run to verify that the user is set in the "log on as a service" permissions. The application was also reinstalled fresh. Has anyone run into this?
Continue reading...