BSA: RSCD User Impersonation fails with error: Logon failure: the user has not been granted the requested logon type at this computer.

Version 10
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Server Automation Suite


    APPLIES TO:

    BMC BladeLogic Server Automation Suite



    PROBLEM:

     

    User mapping fails on a Windows server.  In the rscd log on the system you see a message similar to the below:
     

      
    04/06/12 13:45:04.290 ERROR rscd - machineA 3996 SYSTEM (???): ???: User Impersonation Failed ;       Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ;       Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ;         Auxiliary Error Message: Account: BladeLogicRSCD@machineA
       

    On a domain controller using user mapping the error may look like:

      
    04/06/12 13:45:04.290 ERROR rscd - machineA 3996 SYSTEM (???): ???: User Impersonation Failed ;       Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ;       Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ;         Auxiliary Error Message: Account: BladeLogicRSCDDC@DOMAIN
      
    Or when an Automation Principal instead of User Principal Mapping:  
    07/12/18 11:36:49.544 ERROR    rscd -  machineA 484 SYSTEM (Not_available): (Not_available): authenticate_user failed ;       Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ;          Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ;              Auxiliary Error Message: Administrator@DOMAIN
      

      

     


    SOLUTION:

     

    Legacy ID:KA369787

      


    Confirm that the BladeLogicRSCD user account is granted the Logon as a batch job user right.
    Confirm that the BladeLogicRSCD user account is not in the Deny Logon as a batch job list.
    Ensure that the BladeLogicRSCD user account is in no local groups.
    Ensure that the mapped account or any group the mapped account is a member of is not in the Deny Logon as a batch job list

    If you are using an Automation Principal instead of User Principal Mapping then check that the AP user or any group the AP user is a member of is not in the Deny Logon as a batch job list

    If the server is a domain controller or a domain member the Deny Logon as batch job may be set in a Group Policy that applies to the system.

      



     

     


    Article Number:

    000042314


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles