The Virtual Unknown

Main menu

Skip to content
  • Home
  • About
  • Contact

Tag Archives: Group Policy

Post navigation

Jun 13 2016

vCenter Server 6.0 Upgrade – Log on as a Service error

It’s been a while since I upgraded an old version of vCenter Server to 6.0 and I totally forgot about the error that pops up about NT Service\All Services not having Log on as a Service rights….. I was actually going to blog about this when I encountered the error at the start of the year, but it totally slipped my mind…. I think I need to start keeping a list of things I have to blog about (old age)!

vcupgrade

Starting from vCenter Server 6.0 for Windows, virtual accounts replaced the Local Service Accounts used to run the vCenter Server Services. This decision was taken to improve security within a Windows OS by ensuring that any compromised accounts or services would not be able to access other services that use the same account – it places all services in their own silo with their own accounts. Even when a user gains access to a single virtual account, they are limited only to the functionality of that account and also limited to only that single service.

For more information about the new virtual accounts, point your browser to VMware’s KB: https://kb.vmware.com/kb/2124709

 

As the Windows VM that I was upgrading vCenter Server is attached to an AD domain, I decided to amend the group policy on the domain controller.

  1. Open up Group Policy Manager, and edit the “Default Domain Policy”
    vcupgrade1
  2. Navigate down to “Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->User Rights Assignment”
    vcupgrade2
  3. Edit the “Log on as a service” properties and ensure the box next to “Define these policy settings:” is ticked. Click “Add User or Group” and enter “NT SERVICE\ALL SERVICES”.
    vcupgrade3
  4. Force an update to the local GPO by going to command prompt and type “gpupdate /force” to update the policy.
  5. Now update the Windows VM that has vCenter Server installed by opening up a command prompt and running the same “gpupdate /force” command.
  6. Continue with the vCenter Server upgrade/install.

More info on the Log on as a service can be found at the following Microsoft Technet articles:
https://technet.microsoft.com/en-us/library/cc794944(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dn221981(v=ws.11).aspx

By aptones • Posted in How Tos, Troubleshooting, VMware • Tagged GPO, Group Policy, Local Service Accounts, NT Services, User Account, vCenter Server, VMware
0

Post navigation

Follow The Virtual Unknown on WordPress.com

VMware vExpert

VMware vExpert vSAN

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,066 other followers

Blog Stats

  • 141,846 hits

Archives

  • December 2020 (1)
  • June 2020 (1)
  • February 2020 (1)
  • October 2019 (1)
  • August 2019 (1)
  • April 2019 (2)
  • March 2019 (3)
  • February 2019 (3)
  • January 2019 (1)
  • December 2018 (2)
  • November 2018 (2)
  • September 2018 (1)
  • August 2018 (1)
  • June 2018 (1)
  • May 2018 (1)
  • April 2018 (2)
  • March 2018 (1)
  • February 2018 (2)
  • January 2018 (3)
  • November 2017 (1)
  • October 2017 (2)
  • September 2017 (1)
  • August 2017 (7)
  • July 2017 (1)
  • June 2017 (4)
  • April 2017 (3)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (1)
  • December 2016 (5)
  • November 2016 (10)
  • October 2016 (4)
  • September 2016 (5)
  • August 2016 (6)
  • July 2016 (3)
  • June 2016 (2)
  • May 2016 (3)
  • April 2016 (1)
  • March 2016 (6)
  • February 2016 (6)
  • January 2016 (7)
  • December 2015 (11)
  • November 2015 (10)
  • October 2015 (7)
  • September 2015 (6)
  • August 2015 (5)
  • July 2015 (6)
  • June 2015 (11)
  • May 2015 (4)
  • April 2015 (6)
  • March 2015 (5)
  • February 2015 (4)
  • January 2015 (3)
  • December 2014 (1)
  • November 2014 (5)
  • October 2014 (6)
  • September 2014 (4)
  • August 2014 (2)
  • July 2014 (4)
  • June 2014 (1)
  • April 2014 (3)
  • February 2014 (1)
  • December 2013 (2)
  • November 2013 (3)
  • October 2013 (11)
  • September 2013 (7)
  • August 2013 (10)
  • July 2013 (7)
  • June 2013 (2)
  • May 2013 (5)
  • April 2013 (4)
  • March 2013 (7)
  • February 2013 (3)
  • January 2013 (5)

Tags

5.5 6.0 6.5 2016 2017 AWS Backup Barcelona Cisco cloud CloudHealth Dell EMC DR EMC Error ESXi EUC Europe EVO:RAIL fling HCI Horizon Hybrid Cloud Meltdown microsoft MTI NSX Operations Management Orchestrator PowerCLi SDDC SearchVMware security Site Recovery Manager Spectre SRM SSL storage the register Trend Micro update updates upgrades vBlog vCenter vCenter Server vCenter Server Appliance vCloud vCloud Air vCloud Director vCloud Suite vCNS vCOPs vCSA vDP vExpert virtual SAN VMware VMware Forum VMware Labs VMworld VMworld 2013 VMworld 2014 VMworld 2015 VMworld 2016 vRealize vSAN vShield VSPEX vsphere vSphere-land vSphere 6.0 vSphere 6.5 VVOLS web client

Links

  • Andy Tang – Security Blog
  • Cisco
  • Cormac Hogan
  • EMC
  • ESX Virtualization (Vladan Seget)
  • Frank Denneman
  • Ms QnT: Baking & Lifestyle Blog
  • MTI Blogs
  • MTI Technology Ltd
  • Punching Clouds (Rawlinson Rivera)
  • Red Velvet London: Beauty & Lifestyle Blog
  • Rockin' That Gem
  • Seoul State of Mind
  • Style Slicker
  • Virtualization is Life! (Anthony Spiteri)
  • Virtually Ghetto – William Lam
  • vLaunchpad
  • VMware
  • VMware Blogs
  • Yellow Bricks (Duncan Epping)
Create a free website or blog at WordPress.com.
Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy