I installed a custom windows service on a new VM in a new environment and I am unable to ge tit to start using the domain service account. The service in question has been installed successfully on numerous other VMs (using Win server 2008, and recently, Win Server 2012 R2). In all cases, after installing successfully using the default Local System Account, and verifying that the service starts up successfully using that account, I modify the start up account to use a specified domain account as this service needs to be able to communicate with a SQL server as well as read and write from t/from various network shares.
This time, after setting up the new Win Server 2012 R2 VM, installing the service, checking that it starts ok using Local system account, and then changing the start up to use my designated service account, when I try to start the service it fails with an error:
"Error 1069: The service did not start due to a logon failure."
I checked the credentials by using them to RDP into this VM. It was successful, so I have the correct account and password.
I checked the event log, and saw an error in the Windows Application Log:
"Could not write to AD. Error 0x80070032."
When I googled this, it took me to this page Error Page, which seems to be describing a scenario where there was failure saving a changed password, but no one has changed the password on this account as it is a service account it is set to never expire...
Any ideas??
Related
I have a Windows 2019 container started with a valid CredentialSpec from a valid working gMSA account. It currently hosts a .NET 4.x application on IIS with Windows Authentication working just great. I can also execute nltest commands successfully and communicate to the domain controller.
I want to run a Job or Process as a domain user (MyDomain\UserABC). All of my attempts have failed:
Execute start-process with a credential object errors out with:
he security database on the server does not have a computer account for this workstation trust relationship.
Using a scheduled job as NT AUTHORITY\NetworkService fails to access the web because it is not using the gMSA credentials but the Network Service credentials.
Create a scheduled job with a Domain User results in the same error as above:
he security database on the server does not have a computer account for this workstation trust relationship.
Any other ideas?
Sounds like cached credentials. Maybe you can take a look on this link:
Site single Domain
So this is with some of my Windows Remote Desktop License Servers, which I am using with Microsoft Azure Cloud Subscription.
The issue I am facing is related to the license expiry. A fully functional and activated 2012 Remote Desktop Session Host server displayed the following message:
"THE REMOTE SESSION WAS DISCONNECTED BECAUSE THERE ARE NO REMOTE DESKTOP LICENSE SERVERS AVAILABLE TO PROVIDE A LICENSE.PLEASE CONTACT THE WINDOWS ADMINISTRATOR"
This was a simple setup on one server with the: connection broker, Session Host and Licensing server with 2012 CAL’s installed. And though the licensing seems to be configured correctly, in server manager.
But with the CAL(client access license), every user logging on to Server, gets the error message mentioned before. For every user, I need to update the CAL license again and again, and this issue occurs every 30 or 60 days. Kindly suggest something, and feel free to ask more details on this, if needed.
Step 1: The solution is delete the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
Step 2: Try connecting in again.If it doesn’t work and you get the following error message: “The remote computer disconnected the session because of an error in the licensing protocol“then all you need to do is Right-Click on the Remote Desktop Connection icon and select “Run as Administrator“.
My Azure marketplace VM image was removed suddenly by Microsoft due to WannaCry vulnerability.
I'm trying to run Certification Test Tool 1.2 for Azure Certified on a new VM created from the new patched image.
I am logged in as a local administrator and running the tool on the VM as per the documentation: "The certification tool runs on a running VM, provisioned from your user VM image, to ensure that the VM image is compatible with Microsoft Azure."
I've tried running the tool on default Classic (not Azure Resource Manager) Windows Server 2012 R2 Datacenter and Windows Server 2016 Datacenter VMs.
I've tried turning the Windows firewall and UAC off.
I have not tried changing the firewall rules on Azure for the VM because: "When you create a Windows virtual machine in the Azure classic portal, common endpoints like those for Remote Desktop and Windows PowerShell Remoting are typically created for you automatically."
Here is the log created from running the tool on a brand new Azure Classic VM (with WannaCry patches applied):
5/18/2017 6:23:22 AM
Log generated by Certification Test Tool for Azure Certified
Test name: ****** Test Date :5/18/2017 6:23:22 AM Tested on: ******.cloudapp.net Test for: Microsoft Azure Test in: Windows Server
5/18/2017 6:23:24 AM
Test case/Verification: TestConnection
Description: Instantiates connection to the specified VM.
Connection Attempt: 1 Connecting to the Azure VM.... ******.cloudapp.net Error in connecting to the VM. Reason for not connecting to the VM : System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server ******.cloudapp.net failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. at System.Management.Automation.Runspaces.AsyncResult.EndInvoke() at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult) at System.Management.Automation.Runspaces.Internal.RemoteRunspacePoolInternal.Open() at System.Management.Automation.RemoteRunspace.Open() at WindowsAddin.PSConnection.OpenSession() ----------------------------------------------------------------->
EDIT: Add a couple links.
I did manage to connect and run the tool, the trick was not to run it on the machine. You must run it from a remote machine. The tool denies access to itself.
I have a Windows 2008R2 server in GCE that is behaving oddly (may be compromised). I can no longer access it via RDP. When I reboot the machine and look at the serial console, I see at the very bottom after the boot sequence, that something called Credentials Manager runs and appears to delete or change some username/password. I suspect that this is what is changing the RDP password. (see image attached). On a normally running Windows VM, I do not see this in the trace.
GCE Agent started.
Starting AddressManager
Starting CredentialsManager
Credentials have changed. Updating...
Changing username...
Deleting old user...
Username or password was updated successfully.```
I have tried resetting or adding a new password using the metadata windows-startup-script-cmd = net user but that does not seem to do anything.
What I get is an error message of the form:
Booting on date 05/05/2015 10:22:49
WARNING: Computer Name windows does not match Compute Engine Instance Name XXXXX.
Did you forget to run gcesysprep?
attributes/windows-startup-script-bat value is not set or metadata server is not reachable.
attributes/windows-startup-script-ps1 value is not set or metadata server is not reachable.
So the question is, how can I get into the machine to see what is happening? Is there a way that the GCE startup sequence could be changed to not call the credential manager to change the password or username?
What you could do is if you have a Gcloud SDK (https://cloud.google.com/compute/docs/gcloud-compute/) installed, you can run the following command while that instance is running:
gcloud compute instances decribe instance_name
This will provide all the information about the instance and you will see a section called MetaData which will display the users and the passwords. Then you can try to remote in and remove any credentials setup in the Credentials Manager located in Control Panel -> User Accounts.
I hope this give you access to your VM
i created a ruby application and its working fine but when i run it as service it giving trouble. actully i have mysql as a databse in my application and i am using it to store only name of the file and placing the physical file on sambha server now when i run my applioaction as as service it's not able to find the path of sambha server... any hlep...
What user account is running the service? Windows defaults to using the local SYSTEM account, which cannot/should not access the network. If you change the service to run under the "Network Service" or a specific user account, it may succeed.