Support-Tip (MIISACTIVATE.EXE): Logon failure: the user has not been granted the requested logon type at this computer
PRODUCT FOCUS
- Microsoft Identity Manager Synchronization Service 2016
- Forefront Identity Manager Synchronization Service 2010
| NOTE | MIISACTIVATE.EXE has been around since the days of Microsoft Identity Integration Server 2003 and has had it's single focus of activating a new Synchronization Server Client with the backend Synchronization Service Database.I mention this, because I be using a later version of the product to test, but this tool is supported with versions of the Synchronization Service dating back to MIIS 2003. |
PROBLEM SCENARIO DESCRIPTION
You attempt to run the MIISACTIVATE.EXE command-line to activate a new FIM Synchronization Service Server. In doing so, you receive the below error message.
ERROR MESSAGE
The operation encountered am error and cannot be completed.
Error: Logon failure: the user has not been granted the requested
logon type at this computer
Error Code 569
CAUSE
The Synchronization Service Account is in the Local Security Policy > Local Policies > User Rights Assignment > Deny log on as a service.
RESOLUTION
- Remove the FIM Synchronization Service Account from the Local Security Policy
- Execute the MIISACTIVATE.EXE command-line
- After success add the FIM Synchronization Service Account back to the Local Security Policy
LOCAL SECURITY POLICY
- Local Security Policy > Local Policies > User Rights Assignment > Deny log on as a service
ADDITIONAL INFORMATION
- MIISActivate: Server Activation Tool: https://technet.microsoft.com/en-us/library/jj590194(v=ws.10).aspx