Article ID: 2832204 - View products that this article applies to.
When you install Active Directory Federation Services (ADFS) by using the Add Roles and Features Wizard in Windows Server 2012, the Windows Internal Database (WID) installation fails, and you receive the following error message:
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right "Log on as a service."
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
When WID is installed, the NT SERVICE\MSSQL$MICROSOFT##WID local virtual account is created, and this account is granted the Log on as a service user right by local Group Policy. If the local Group Policy setting is overwritten by a Group Policy Object (GPO) that is linked to a site, domain, or organizational unit, the NT SERVICE\MSSQL$MICROSOFT##WID account does not have the necessary user rights. Therefore, WID cannot be installed.
To work around the issue, use one of the following methods:
You may also experience other symptoms in this situation. For example, the WID service may seem to be installed, but it does not start. Additionally, the Add Roles and Features Wizard indicates that a restart is pending.