"MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID" error when you install WID in Windows Server 2012

Article translations Article translations
Article ID: 2832204 - View products that this article applies to.
Expand all | Collapse all

Symptoms

When you install Active Directory Federation Services (ADFS) by using the Add Roles and Features Wizard in Windows Server 2012, the Windows Internal Database (WID) installation fails, and you receive the following error message:

The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

Cause

When WID is installed, the NT SERVICE\MSSQL$MICROSOFT##WID local virtual account is created, and this account is granted the Log on as a service user right by local Group Policy. If the local Group Policy setting is overwritten by a Group Policy Object (GPO) that is linked to a site, domain, or organizational unit, the NT SERVICE\MSSQL$MICROSOFT##WID account does not have the necessary user rights. Therefore, WID cannot be installed. 

Workaround

To work around the issue, use one of the following methods:
  • Assign the Log on as a service user right to NT SERVICE\ALL SERVICES in the GPO that defines the user right.
  • Exclude the computer from the GPO that defines the user right.

More information

You may also experience other symptoms in this situation. For example, the WID service may seem to be installed, but it does not start. Additionally, the Add Roles and Features Wizard indicates that a restart is pending.  

Properties

Article ID: 2832204 - Last Review: April 8, 2013 - Revision: 1.0
Applies to
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
Keywords: 
kbtshoot kbexpertiseadvanced kbsurveynew KB2832204

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com