"Logon failure: the user has been not granted the requested logon type at this computer" during DLP Enforce installation
search cancel

"Logon failure: the user has been not granted the requested logon type at this computer" during DLP Enforce installation

book

Article ID: 251353

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

During 15.8 installation process and service user validation, the installer is showing the below error:

Error calling LogonUserA: Logon failure: the user has been not granted the requested logon type at this computer (HRESULT: 0x569)

Environment

Release : 15.8

OS: Windows Server

Cause

A local user account that is running DLP services, needs to have proper permissions to operate on the server. When the installation is being done through an RDP session, the installer will use logon type 3 to check the provided credentials.  The SymantecDLP user is not part of the local admin group by default; ensure it is. 

Resolution

  1. Run gpedit.msc on your Enforce server.
  2. Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
  3. Make sure that your service account for DLP (typically SymantecDLP) or the user group to which it belongs, is allowed in the below policies:
  • Allow log on locally
  • Log on as a service

and the account is not listed in the policies which deny access, like:

  • Deny log on as a service
  • Deny log on locally
  • Deny access to this computer from the network

Update: in a later case we found the same error due to the Local account being removed from Remote Desktop services, because the server was being accessed via RDP the local account requires this permission.

Make sure Local account is allowed in the 3 green check marks below, and removed from the 2 red X's below.

Powered by Wolken Software