- Microsoft Identity Manager Synchronization Service 2016
- Forefront Identity Manager Synchronization Service 2010
|NOTE||MIISACTIVATE.EXE has been around since the days of Microsoft Identity Integration Server 2003 and has had it's single focus of activating a new Synchronization Server Client with the backend Synchronization Service Database.
I mention this, because I be using a later version of the product to test, but this tool is supported with versions of the Synchronization Service dating back to MIIS 2003.
PROBLEM SCENARIO DESCRIPTION
You attempt to run the MIISACTIVATE.EXE command-line to activate a new FIM Synchronization Service Server. In doing so, you receive the below error message.
The operation encountered am error and cannot be completed.
Error: Logon failure: the user has not been granted the requested
logon type at this computer
Error Code 569
The Synchronization Service Account is in the Local Security Policy > Local Policies > User Rights Assignment > Deny log on as a service.
- Remove the FIM Synchronization Service Account from the Local Security Policy
- Execute the MIISACTIVATE.EXE command-line
- After success add the FIM Synchronization Service Account back to the Local Security Policy
LOCAL SECURITY POLICY
- Local Security Policy > Local Policies > User Rights Assignment > Deny log on as a service
- MIISActivate: Server Activation Tool: https://technet.microsoft.com/en-us/library/jj590194(v=ws.10).aspx