locked
Windows Services failing, logon failure after reboot. Typing same password allows the service to restart but would like permanent solution

    Question

  • We are experiencing strangeness on a couple of our servers.  Whenever we reboot the servers a couple of services fail to start.  They report logon failures.  When we retype the same password and hit Apply, we are prompted with a dialog box that says the account was granted 'log on as a service' rights.  We have checked this, after reboot and before retyping the password, on both servers the appropriate accounts are already granted Log On As A Service Rights in Local Security Policies.

    One of the servers is WS2003 and it is a Blackberry Service, the other is WS2008, SP2 and the service is SQLServer Reporting Services.

    Any ideas what might be causing this and how we can remedy the issue?  Thanks!
    Monday, August 31, 2009 7:44 PM

Answers

  • I think I found the culprit, someone modified my Group Policy settings to remove the accounts from the Local Security Settings.  I have changed that and am now waiting to test.  If that doesn't fix it, I will be back.

    Thank you for the responses!
    • Marked as answer by David Shen Friday, September 04, 2009 3:08 AM
    Wednesday, September 02, 2009 4:07 PM

All replies

  • Hi are4664,

     

    Do the problematic services run on Local System account or a specific user account?

     

    If these services run on a user account, can you please check if anyone has changed the password of that user account in domain or SAM?

     

    This issue may occur if the registry location of the service account logon password is corrupted.

     

    To resolve this issue, you may try renewing the registry entries for the service account logon password.

     

    To renew the registry entries, we may need to change the service Log on as setting to use the Local System account, and then change the logon back to the original service account name and password.

     

    To renew the registry entries, please follow these steps:

    1.  Click Start, point to All Programs, point to Administrative Tools, and then click Services. 

    2.  Right-click the service that you want to change the Log on as setting for, and then click Properties. 

    3.  On the Log On tab, click Local System account under Log on as, and then click Apply.

     

    Pleaese Note: If you re-entered the service account password and you started the service manually before performing these steps, click OK in response to the message

    The new logon name will not take effect until you stop and restart the service. 

    4.  Click This account, and then type the account name. You can also click Browse to locate and select the account name. 

    5.  Type and confirm the password for the account, and then click Apply. 

    6.  If the service is already started and you receive the message described in step 3, click OK. 

    7.  Click OK to close the service properties. 

    8.  If the service is not already started, right-click the service name, and then click Start. 

    9.  Repeat steps 1 through 8 for any other services that experience the issue described in the Symptoms section. 

     

    Hope this can be helpful.


    This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, September 01, 2009 8:04 AM
  • Please see answers below...


    Hi are4664,

     

    Do the problematic services run on Local System account or a specific user account?
    A: They run on two different domain accounts, not Local Service and not Network Service.

     

    If these services run on a user account, can you please check if anyone has changed the password of that user account in domain or SAM?

     

    A: the passwords have not changed.  When we retype and Apply the same password, the service can be restarted.  They just won't login by themselves. 

     

    This issue may occur if the registry location of the service account logon password is corrupted.

     

    To resolve this issue, you may try renewing the registry entries for the service account logon password.

     

    To renew the registry entries, we may need to change the service Log on as setting to use the Local System account, and then change the logon back to the original service account name and password.

    A: we use the following procedure every time we reboot. 

    To renew the registry entries, please follow these steps:

    1.  Click Start, point to All Programs, point to Administrative Tools, and then click Services. 

    2.  Right-click the service that you want to change the Log on as setting for, and then click Properties. 

    3.  On the Log On tab, click Local System account under Log on as, and then click Apply.

     

    Please Note: If you re-entered the service account password and you started the service manually before performing these steps, click OK in response to the message

    The new logon name will not take effect until you stop and restart the service. 

    4.  Click This account, and then type the account name. You can also click Browse to locate and select the account name. 

    5.  Type and confirm the password for the account, and then click Apply. 

    6.  If the service is already started and you receive the message described in step 3, click OK. 

    7.  Click OK to close the service properties. 

    8.  If the service is not already started, right-click the service name, and then click Start. 

    9.  Repeat steps 1 through 8 for any other services that experience the issue described in the Symptoms section. 

    A: We are looking for a permanent solution.  As is, we reapply the passwords after every reboot.  We would like to fix the issue, not have to reapply the passwords every time. 

    Hope this can be helpful.


    This posting is provided "AS IS" with no warranties, and confers no rights.

     


    Tuesday, September 01, 2009 2:09 PM
  • hi there,

    based on the info 2 services which are failng are blackberry and sql reporting service, correct me if i am wrong.

    Since when is the problem occuring , after any hotfix update ? or any driver update ?. We might need to dig deeper by crashing the service and performing the debugging on it, but we would like to complete all the basic ground work before going into them.

    Secondly , can you point us to the evnt id on the servers ? along with security audit failure info.


    sainath !analyze
    Wednesday, September 02, 2009 2:43 AM
    Moderator
  • I think I found the culprit, someone modified my Group Policy settings to remove the accounts from the Local Security Settings.  I have changed that and am now waiting to test.  If that doesn't fix it, I will be back.

    Thank you for the responses!
    • Marked as answer by David Shen Friday, September 04, 2009 3:08 AM
    Wednesday, September 02, 2009 4:07 PM
  • Hi are4664,

    Glad to hear that you might have found the cause of the issue.

    Please keep us posted on your test progress and let us know if you have any additional questions or concerns.

    Thanks for your attention.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, September 03, 2009 2:17 AM