![\"Windows](\"https:\/\/www.coretechnologies.com\/blog\/images\/windows-service-logon-failure-error.png\" "\\"Windows")
<\/p>\nOne of our customers reported a very strange problem last week. After about a day of running flawlessly, their windows service would suddenly fail to start after a reboot. The error reported by the\u00a0Event Viewer\u00a0hinted at a problem with the service user\u2019s account:<\/p>\n
<\/p>\n
Trying to start the service directly from the\u00a0Windows Services Control Panel applicationproduced the same unsatisfying result:<\/p>\n
![\"Windows](\"https:\/\/www.coretechnologies.com\/blog\/images\/windows-service-failed-to-start-error-1069.png\" "\\"Windows")
<\/p>\n
The service account\u2019s password had not changed, and the user had no problem logging into the server interactively. Why was the windows service failing to login?<\/p>\n
Luckily we were able to get the service going again by re-entering the user\u2019s password:<\/p>\n
![\"Re-enter](\"https:\/\/www.coretechnologies.com\/blog\/images\/service-set-logon-password.png\" "\\"Re-enter")
<\/p>\n
When doing so, we noticed that the \u201cLog on as a service\u201d right had to be granted again. Very suspicious\u2026<\/p>\n
![\"Log](\"https:\/\/www.coretechnologies.com\/blog\/images\/log-on-as-a-service-right-granted.png\" "\\"Log")
<\/p>\n
But a mere 24 hours later, the problem resurfaced! Once again, the service failed to start after a reboot.<\/p>\n
The message about the \u201cLog on as a service\u201d right lead us to the root of the problem.<\/p>\n
Entering the password in services.msc updated the user\u2019s rights in the machine\u2019s Local\u00a0Group Policy\u00a0\u2014 a collection of settings that define how the system will behave for the PC\u2019s users. However, since the user and server were part of a domain, those local settings were\u00a0periodically overwritten by the domain\u2019s group policy<\/b>, which had\u00a0not<\/b>\u00a0been updated with the new permission. And because the necessary permission \u201cdisappeared\u201d on the machine, the service failed the next time it tried to start.<\/p>\nThe solution: Modify the Domain Group Policy<\/b><\/h2>\n
To fix the problem, we must update the domain group policy and explicitly give the service user the \u201cLog on as a service\u201d right. To do so:<\/p>\n
Open Control Panel, navigate to\u00a0System and Security > Administrative Tools<\/b>, and double-click\u00a0Group Policy Management<\/b>\u00a0on the left.<\/p>\n
![\"Start](\"https:\/\/www.coretechnologies.com\/blog\/images\/start-group-policy-management.png\" "\\"Start")
<\/p>\n
(Note: Don\u2019t search for \u201cgroup\u201d in Control Panel. That will lead you to the \u201cEdit group policy\u201d link, which opens the\u00a0local<\/b>\u00a0group policy!)<\/li>\n Add the user running your windows service to the list and click OK to record the change.<\/p>\n Next time your domain policy is copied to your server, it will bring along the Log on as a service right for the user. You shouldn\u2019t encounter the \u201clogon failure\u201d error again!<\/p>\n <\/b>Instead of reporting the generic \u201clogon failure\u201d, why not be more precise and say something like\u00a0\u201cThe user doesn\u2019t have the necessary rights to start the service\u201d<\/b>? You could provide even more guidance by listing the missing rights.<\/p>\n","protected":false},"excerpt":{"rendered":" The mystery: \u201cThe service did not start due to a login failure\u201d One of our customers reported a very strange problem last week. After about a day of running flawlessly, their windows service would suddenly fail to start after a reboot. The error reported by the\u00a0Event Viewer\u00a0hinted at a problem with the service user\u2019s account: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42,48,63],"tags":[],"class_list":["post-2489","post","type-post","status-publish","format-standard","hentry","category-ad","category-microsoft-windows-server-2012","category-server-2016-2016"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2489"}],"version-history":[{"count":1,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2489\/revisions"}],"predecessor-version":[{"id":2490,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2489\/revisions\/2490"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Edit](\"https:\/\/www.coretechnologies.com\/blog\/images\/edit-default-domain-policy.png\" "\\"Edit")
<\/li>\n
\nthe\u00a0Log on as a service<\/b>\u00a0entry on the right.<\/p>\n![\"Edit](\"https:\/\/www.coretechnologies.com\/blog\/images\/edit-group-policy-user-rights.png\" "\\"Edit")
<\/li>\n![\"Add](\"https:\/\/www.coretechnologies.com\/blog\/images\/add-domain-user-log-on-as-a-service.png\" "\\"Add")
<\/li>\n<\/ol>\nA closing note for the folks at Microsoft: A better error message please!<\/b><\/h2>\n