WillShakespeare
MIS
All,
Recently my servers with services that run under a domain admins account, have started acting queer.
Every time we reboot, some of the services do not start at startup even thoug hthey are Automatic. The reason given is a logion failure.
When I go to the logon tab in the properties, re-type the password and click OK, a warning box says: The user account [user] has been granted Log on As a Service rights in the local policy. (or something like that)
Then, when i click start on that and any other services... they all start! the worst at the moment is our BackupExec services, and some Exchange services. They use different user accounts though.
I then check the Log on As a Service right in the local policy and that yser account is there. Next, when I had this problem (the next reboot) I checked the policy first, and the account was there, fine. But I try to start the service, and it fails!! Same reason. I re-type the password, and it starts right up, and any other services down the list that use the same account.
This is weird! I have also noticed, however, that a reboot is not required. After a period of time, sometimes only a few hours, the service, even though running, if I restart it, it fails again and I again have to re-type the password.
People were using Outlook, and suddenly their replicated list of users from a parent organisation disappeared. I checked the service on the Exchange server and it was running. I stopped it and restarted it, and it failed!! "Due to a logon error"
I opened the properties, retyped the password, and then the same warning: User has been added to Log on As a Service
Then started the service, and voila!
I can't do this every day where I have to re-type service passwords on each of my servers!! What's worse is it seems to be getting more widespread. It started with the MIIS admin account on Exchange for the replication, then the Domain Admins account, the backup account, and now our Scan Software service. All of these accounts are Domain Admins. And all of them are already in the Log on As a Service rights.
A while back, when Microsoft did an update ion Exchange and Active Directory, our Blackberry Server stopped working correctly becaus ethe account used had some privileges (Sending on Behalf) taken away by this update. We had a messy fix for this, but eventually it all worked.
I suspect a recent security update may have done something similar, but can't find it...
can anyone help? Anyone else having the same trouble?
Will
Recently my servers with services that run under a domain admins account, have started acting queer.
Every time we reboot, some of the services do not start at startup even thoug hthey are Automatic. The reason given is a logion failure.
When I go to the logon tab in the properties, re-type the password and click OK, a warning box says: The user account [user] has been granted Log on As a Service rights in the local policy. (or something like that)
Then, when i click start on that and any other services... they all start! the worst at the moment is our BackupExec services, and some Exchange services. They use different user accounts though.
I then check the Log on As a Service right in the local policy and that yser account is there. Next, when I had this problem (the next reboot) I checked the policy first, and the account was there, fine. But I try to start the service, and it fails!! Same reason. I re-type the password, and it starts right up, and any other services down the list that use the same account.
This is weird! I have also noticed, however, that a reboot is not required. After a period of time, sometimes only a few hours, the service, even though running, if I restart it, it fails again and I again have to re-type the password.
People were using Outlook, and suddenly their replicated list of users from a parent organisation disappeared. I checked the service on the Exchange server and it was running. I stopped it and restarted it, and it failed!! "Due to a logon error"
I opened the properties, retyped the password, and then the same warning: User has been added to Log on As a Service
Then started the service, and voila!
I can't do this every day where I have to re-type service passwords on each of my servers!! What's worse is it seems to be getting more widespread. It started with the MIIS admin account on Exchange for the replication, then the Domain Admins account, the backup account, and now our Scan Software service. All of these accounts are Domain Admins. And all of them are already in the Log on As a Service rights.
A while back, when Microsoft did an update ion Exchange and Active Directory, our Blackberry Server stopped working correctly becaus ethe account used had some privileges (Sending on Behalf) taken away by this update. We had a messy fix for this, but eventually it all worked.
I suspect a recent security update may have done something similar, but can't find it...
can anyone help? Anyone else having the same trouble?
Will
