TFSREPORTS account keeps loosing "logon as a service" rights

by Gabriel Lozano-Moran 12. December 2007 16:27

I have been having a strange issue today on our Team Foundation Server 2008 box. For some reason the reporting services was down so I logged on to the Team Foundation Server to look at what is happening and I saw the following entry in the event log:

Event Type:    Error
Event Source:    Service Control Manager
Event Category:    None
Event ID:    7041
Date:        12/12/2007
Time:        9:47:22
User:        N/A
Computer:    TFS
Description:
The ReportServer service was unable to log on as DOMAIN\TFSREPORTS with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: ReportServer
Domain and account: DOMAIN\TFSREPORTS
This service account does not have the necessary user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, a Group Policy object associated with this node might be removing the right. Check with your domain administrator to find out if this is happening.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Now that is odd. We are working in a branch office and we have our own Domain Controller, Team Foundation Server ... and I am the only Administrator of the environment and I can assure you that I did not change any group policy nor local policy.

I ran the Resultant Set of Policy utility (rsop.msc), which is a query engine that polls existing policies and planned policies, and then reports the results of those queries:

image 

As you can see the Source GPO was Default Domain Policy and in the list of accounts there is only the service account used for the Team Foundation Services. So I connected to the Domain Controller to take a look at the Domain Policies:

image

I can't remember setting this policy on the Domain Controller but then again I wasn't the one that installed Team Foundation Server. I disabled this policy and manually refreshed the policy settings (gpupdate /force) on our TFS box and granted the service accounts needed for Team Foundation Server the log on as a service rights.

Technorati Tags:

So far so good, up to the next problem!

Tags:

Team Foundation

Submit to DotNetKicks...
Permalink | Comments (1)

Comments

12/12/2008 12:12:19 AM #

Wayne Brown

So I came across your blog looking for a solution on why VS2008 studio install was crashing.  The first thing I saw when I read this was "TPSREPORTS account keeps loosing "logon as a service" rights.  My first thought was "well did he forget the cover sheet?"

Wayne Brown | Reply

Add comment




  Country flag

biuquote
  • Comment
  • Preview
Loading