Microsoft KB Archive/259733

= How to Troubleshoot Service Startup Permissions =

Article ID: 259733

Article Last Modified on 3/3/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q259733



For a Microsoft Windows XP version of this article, see 314357.

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When a service does not start because of a logon failure, the following error messages may be displayed.

When you restart the server, the following error messages may be displayed in the system event log:  

Source: Service Control Manager

Event ID: 7000

Description:

The %service% service failed to start due to the following error:

The service did not start due to a logon failure.

No Data will be available.Source: Service Control Manager

Event ID: 7013

Description:

Logon attempt with current password failed with the following error:

Logon failure: unknown user name or bad password.

No Data will be available.



When you attempt to manually start the service, the following error message may be displayed:

Microsoft Management Console

Could not start the %service% service on Local Computer

Error 1069: The service did not start due to a logon Failure.

NOTE: The error message occurs even though the user account is a valid user.



CAUSE
This behavior can occur for any of the following reasons:
 * The password is changed on the account the service is configured to use to log on.
 * The password data in the registry is damaged.
 * The right to log on as a service is revoked for the specified user account.



RESOLUTION
To resolve these issues, you can configure the service to use the built-in system account, change the password for the specified user account to match the current password for that user, or restore the user's right to log on as a service.

How to Configure User Rights
If the right to log on as a service is revoked for the specified user account, restore the right by performing the following steps:

Domain Controller
If the user is in an Active Directory domain:
 * 1) Start the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
 * 2) Right-click the Organizational Unit (OU) in which the user right to log on as a service was granted. By default, this is in the Domain Controllers OU.
 * 3) Right-click the container, and then click Properties.
 * 4) On the Group Policy tab, click Default Domain Controllers Policy, and then click Edit. This starts Group Policy Manager.
 * 5) Expand the Computer Configuration object by clicking the plus sign (+) next to the policy object. Under the Computer Configuration object, expand Windows Settings, and then expand Security Settings.
 * 6) Expand Local Policies, and then click User Rights Assignment.
 * 7) In the right pane, right-click Log on as a service, and then click Security.
 * 8) Add the user to the policy, and then click OK.
 * 9) Quit Group Policy Manager, close Group Policy properties, and then close the Active Directory Users and Computers MMC snap-in.

Member Server
If the user is a member of a stand-alone member server:
 * 1) Start the Local Security Settings MMC snap-in.
 * 2) Expand Local Policies, and then click User Rights Assignment.
 * 3) In the right pane, right-click Log on as a service, and then click Security.
 * 4) Add the user to the policy, and then click OK.
 * 5) Close the Local Security Settings MMC snap-in.

How to Configure Service Logon Information
To configure the password for the specified user account to match the current password for that user, use the following steps:
 * 1) Click Start, point to Settings, click Control Panel, and then double-click Administrative Tools.
 * 2) Double-click Services.
 * 3) Right-click the appropriate service, and then click Properties.
 * 4) On the Log On tab, change the password, and then click Apply.
 * 5) On the General tab, click the Start to restart the service.
 * 6) Quit the Services tool.

How to Configure the Service to Start Up with the Built-in System Account
If the service still does not work with the specified user account, you can configure the service to start up with the built-in system account using the following steps:
 * 1) Click Start, point to Settings, click Control Panel, and then double-click Administrative Tools.
 * 2) Double-click Services.
 * 3) Right-click the appropriate service, and then click Properties.
 * 4) On the Log On tab, click Local System Account, and then click Apply.

NOTE: You typically do not need to configure a service to interact with the desktop, so you can leave the Allow service to interact with desktop check box unselected.
 * 1) On the General tab, click Start to restart the service.
 * 2) Quit the Services tool.

When you attempt to open the properties of a service using the Services tool in Control Panel, the computer may stop responding (hang) and/or the following error message may be displayed:

The RPC Server is unavailable

This error message can occur if the Remote Procedure Call (RPC) service is not started because of a logon failure with that service or a dependency service. Some services have dependency services that do not start until their dependency services start first (for example, the Workstation service).

If you cannot start the Services tool, configure the service to use the built-in system account using the following steps:  Start Registry Editor (Regedit.exe).WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

 Locate the ObjectName value in the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

 On the Edit menu, click Modify. In the Value Data box, type localsystem, and then click OK.</li> Quit Registry Editor.</li> Attempt to restart the service. You may need to restart the computer for some services to restart properly.</li></ol>

If you cannot start Registry Editor, you can modify the service account information by performing a parallel installation. For additional information about parallel installations, click the article number below to view the article in the Microsoft Knowledge Base:

165748 How to Disable a Service or Device that Prevents NT from Booting

Although most system services are configured to use the system account credentials for logon by default, you can configure them to use a specific user account instead. When a user's password is changed, the password information field is not automatically changed for services.

<div class="moreinformation_section">

MORE INFORMATION
You can start a service with the local system account or by specifying a specific user account and password. If you choose to specify a user account and password, it is important that the account name and password remain constant. For example, this account should not be required to change password or be renamed. If these two events (or other similar events) occur, you should also update the logon credentials for the service.

Keywords: kbenv kberrmsg kbprb KB259733

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.