Apr 22 2017
Managed Service Account Fails after Reboot
Windows services can be started with a Managed Service Account (MSA) for the sake of security and easy management.
It is working just fine until I initiate a server reboot. The service would not start. Opening the service and wiping out the password field makes the service start again, until the next boot.
What could be wrong?
Let’s focus on the message displayed when setting up the MSA: The account has been granted the Log On As a Service right.
An Active Directory group policy (GPO) may override this setting that could be applied globally on the domain.
An easy way to check which accounts are given the Log On As a Service Right is to run rsop.msc.
Browse to:
– Computer Configuration
-> Windows Settings
-> Security Settings
-> Local Policies
-> User Rights Assignment
Check that the Managed Service Account is in the list under the Security Policy Setting. If not, update Active Directory GPO and check the policy comes first in the “Precedence” tab.
Now that you’ve checked GPO permissions, the service should be starting at next boot.