MIM 2016 and PAM service account RRS feed

  • Question

  • How should the service accounts be configured for PAM? I'm attempting to configure PAM alongside MIM portal and IM Sync on a dev server. I had configured service (AD) accounts for the FIM Sync Service, MIMService, Sharepoint using a document I found elsewhere Sharepoint 2016 MIM setup guide. I have attempted to configure the account "svc_FIMPAMSPPool" to "Log on as a service" via local security policy of the dev server. The account was not yet added to "Deny log on locally" or "Deny access to this computer from the network", unlike the MIM service or MIM sync service accounts. Trying to reference other docs, I didn't find anything specific to a service account in this site either

    On the wizard window below, I'm still getting an error:

    EventID 4625

    Failure reason: The user has not been granted the requested logon type at this machine.

    Status: 0xc000015B

    Sub Status: 0x0

    PAM configuration

    Thursday, August 31, 2017 9:18 PM


All replies

  • Anyone know if I should be posing this question elsewhere?
    Friday, September 1, 2017 4:31 PM
  • No this is the right place, but in case you are getting nervous of non-response, it is because it is holiday weekend in USA and Canada.

    make sure the "Log on as a service" has been granted. Attempting does not suffice. :)

    Also make sure there isn't a GPO overriding the local setting

    Nosh Mernacaj, Identity Management Specialist

    Friday, September 1, 2017 6:39 PM
  • Log on as a service is granted. Verified GPO and only policy applied is Default Policy and it has nothing defined for Log on as a service.  Any other advice?
    Tuesday, September 5, 2017 6:16 PM
  • MIM 2016 handbook packetpub MIM 2016 handbook recommended to configure PAM App Pool to run as already configured Sharepoint service account. Tested and verified that worked. But would that really be best practice?
    • Marked as answer by MiscUser01 Friday, September 8, 2017 1:35 PM
    Wednesday, September 6, 2017 9:21 PM