Windows Server Essentials Role Configuration Fails

 

2012Essentials

 

When configuring the Windows Server Essentials role on Windows Server 2012 R2, the configuration may fail right away, or after 87%.

If you look in event viewer, you may find events that may lead to the cause:

Event ID: 7000
Source: Service Control Manager
Description: The Windows Server Essentials Management Service failed to start due to the following error: The service did not start due to a logon failure
Event ID: 7041
Source: Service Control Manager
Description:The WseMgmtSvc service was unable to log on as DOMAIN.local\ServerAdmin$ with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.

Service: WseMgmtSvc
Domain and account: DOMAIN.local\ServerAdmin$

This service account does not have the required user right “Log on as a service.”

User Action

Assign “Log on as a service” to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.

If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

 

How to Repair:

If the server is being configured as part of a migration, you will need to edit the Default Domain Controllers Policy from the Group Policy Management Console

If the server is being set up as the first domain controller on the network, you will need to edit the Local Security Policy

On a domain controller:

  1. Log in as a domain administrator
  2. Click Start and type gpedit.msc, press enter
  3. In the Group Policy Management Console, expand the Domain Controllers OU and locate the Default Domain Controllers Policy.
  4. Right Click the policy and choose Edit
  5. Expand the following settings: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
  6. In the details pane, locate Log on as a service and right click to access properties
  7. Choose Add User or Group
  8. Add the account DOMAIN\ServerAdmin$ and if it is missing, DOMAIN\MediaAdmin$
  9. Click OK, then OK again to close the window.
  10. Perform the same procedure for the entry Log on as a Service

Tags:

September 20, 2016 by Microsoft 0

You may also like...

Leave a Reply

Follow me on Twitter

About Us

COLORMAG
We are dedicated to bringing you the latest in technology news, guides, computer builds and all things technology. If you would like to contribute, or have any suggestions, send an email to HelpUs@TechnoGecko.net.