Issue:
MSSQL service isn’t coming up automatically on server reboot. On examining the Event Viewer, the following error is observed:
Virtual account:NT Service\MSSQL<InstanceName>
Event Viewer message:
The "<Virtual Account>" is unable to login as <Virtual Account> with the currently configured password due to the following reason:
Logon failure, the user hasn’t been granted the requested logon type at this computer.
Analysis:
This error is not expected on a local laptop without any domain.
The error typically occurs on domain servers with Group Policy Objects (GPO), where GPO policies take precedence over local policies.
The GPO policy for “Log on as a service” must include the MSSQL virtual account.
Fix / Solution:
Update the “Log on as a service” GPO policy:
Include the specific virtual account:
NT Service\MSSQL<InstanceName>
If adding individual virtual accounts is problematic for AD admins:
Add
NT SERVICE\ALL SERVICESto the “Log on as a service” user rights assignment and save.Note: You won't be able to locate
NT SERVICE\ALL SERVICESin the GUI picker. Instead, type it directly in the user rights assignment and apply the changes.
This solution is verified and should resolve the issue.
Refer: https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?view=sql-server-ver17#windows-privileges-and-rights
Thanks.
No comments:
Post a Comment