Windows Services Fail To Start After Server Reboot - Log On As Tylerservice Account

Owned by Knowledge Assistant
Jun 12, 2024
2 min read
Description of Issue
  • When the server restarts itself due to windows updates, users cannot connect because certain services fail to start. In order for users to be able to connect after the server restarts, I have to click on the services, check that certain windows services are running, I find that their is a log on failure and it indicates that the password for the tylerservice user is inaccurate. I click on properties for the particular service and reset the password for the TYLERSERVICE account, restart the services, restart the server and then all are able to login. 
  • Why does my Windows Service keep forgetting its password?
  • Error 1069 the service did not start due to logon failure
  • The event viewer will show this error: 

    The Munis Scheduler Monitor munprod service was unable to log on as domain\tylerservice with the currently configured password due to the following error:
    Logon failure: the user has not been granted the requested logon type at this computer.

    Service: Munis Scheduler Monitor munprod
    Domain and account: domain\tylerservice

    This service account does not have the required user right "Log on as a service."

    User Action

    Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.

    If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

Context
  • PowerShell
  • Windows Server
  • Group policy update
  • Services
Cause

Group Policy overwriting Local Policy

Resolution
  1. Connect to the affected server. 
  2. Open the Local Security Policy.
    1. On the windows search, type secpol.msc > press ENTER.
  3. Verify the domain\tylerservice account is listed under the Log on as service policy.
    1. Under Security Settings of the console tree, expand Local Policies > expand User Rights Assignment > Log on as a service > under Local security Setting , find the domain\tylerservice account.
      1. If the user is not listed, add user > Enter the domain\tylerservice account > Find a time to replicate the issue
      2. If the user is listed on the Local Security Policy or the issue persists, The domain controller group policy needs to be modified to ensure the “Log on as a service” right is provided to the tylerservice account.
        1. Access the domain controller
        2. Start the Group Policy Management application
          1. Control Panel > System and Security > Administrative Tools > Group Policy Management
        3. Expand Domains > Find default domain policy and Right click itEdit 
        4. Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > select the Log on as a service policy
        5. Double-click Log on as a service > add user (Add the domain\tylerservice user windows service to the list) > OK > Find a time to replicate the issue.
  4. If the issue persists, Please contact Tyler Systems Management Support or log a case via the Online Support Client Portal
Additional Information

Note: Clients are responsible for configuring and maintaining group policies. Client IT Responsibilities in an Enterprise ERP Environment