BSA: RSCD User Impersonation fails with error: Logon failure: the user has not been granted the requested logon type at this computer.

Version 11
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Server Automation Suite


    APPLIES TO:

    BMC BladeLogic Server Automation Suite



    PROBLEM:

     

    User mapping fails on a Windows server.  In the rscd log on the system you see a message similar to the below:
     

      
    04/06/12 13:45:04.290 ERROR rscd - machineA 3996 SYSTEM (???): ???: User Impersonation Failed ;       Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ;       Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ;         Auxiliary Error Message: Account: BladeLogicRSCD@machineA
       

    On a domain controller using user mapping the error may look like:

      
    04/06/12 13:45:04.290 ERROR rscd - machineA 3996 SYSTEM (???): ???: User Impersonation Failed ;       Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ;       Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ;         Auxiliary Error Message: Account: BladeLogicRSCDDC@DOMAIN
      
    Or when an Automation Principal instead of User Principal Mapping:  
    07/12/18 11:36:49.544 ERROR    rscd -  machineA 484 SYSTEM (Not_available): (Not_available): authenticate_user failed ;       Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ;          Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ;              Auxiliary Error Message: Administrator@DOMAIN
      

      

     


    SOLUTION:

     

    Legacy ID:KA369787

      


    Confirm that the BladeLogicRSCD user account is granted the Logon as a batch job user right.
    Confirm that the BladeLogicRSCD user account is not in the Deny Logon as a batch job list.
    Confirm that the LocalSystem or SYSTEM account is not in the Deny Logon as batch job list.
    Ensure that the BladeLogicRSCD user account is in no local groups.
    Ensure that the mapped account or any group the mapped account is a member of is not in the Deny Logon as a batch job list

    If you are using an Automation Principal instead of User Principal Mapping then check that the AP user or any group the AP user is a member of is not in the Deny Logon as a batch job list

    If the server is a domain controller or a domain member the Deny Logon as batch job may be set in a Group Policy that applies to the system.

      



     

     


    Article Number:

    000042314


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles