Support-Tip (MIISACTIVATE.EXE): Logon failure: the user has not been granted the requested logon type at this computer


PRODUCT FOCUS

  • Microsoft Identity Manager Synchronization Service 2016
  • Forefront Identity Manager Synchronization Service 2010

 

NOTE MIISACTIVATE.EXE has been around since the days of Microsoft Identity Integration Server 2003 and has had it's single focus of activating a new Synchronization Server Client with the backend Synchronization Service Database.

I mention this, because I be using a later version of the product to test, but this tool is supported with versions of the Synchronization Service dating back to MIIS 2003.

PROBLEM SCENARIO DESCRIPTION

You attempt to run the MIISACTIVATE.EXE command-line to activate a new FIM Synchronization Service Server.  In doing so, you receive the below error message.

ERROR MESSAGE

The operation encountered am error and cannot be completed.

Error: Logon failure: the user has not been granted the requested
logon type at this computer

Error Code 569

CAUSE

The Synchronization Service Account is in the Local Security Policy > Local Policies > User Rights Assignment > Deny log on as a service.

RESOLUTION

  1. Remove the FIM Synchronization Service Account from the Local Security Policy
  2. Execute the MIISACTIVATE.EXE command-line
  3. After success add the FIM Synchronization Service Account back to the Local Security Policy

LOCAL SECURITY POLICY

  • Local Security Policy > Local Policies > User Rights Assignment > Deny log on as a service

 

ADDITIONAL INFORMATION

  • MIISActivate: Server Activation Tool: https://technet.microsoft.com/en-us/library/jj590194(v=ws.10).aspx
Comments (0)

Skip to main content