- Remove From My Forums
-
Question
-
When I try to start Windows installer in Services.msc, it gives me this error Error 1297 A privilege that the service requires to function properly does not exist in the service account configuration. How do I fix this? I am running Windows 7 ultimate.
-
Edited by
VidishGupta
Sunday, March 16, 2014 11:28 PM -
Moved by
pbbergs [MSFT]Editor
Tuesday, March 18, 2014 11:55 AM
-
Edited by
All replies
-
This is in the wrong forum, it should be in a client forum. I will move there.
Paul Bergson
MVP — Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
I initially had a service account running my Print Spooler service; but upon encountering this error, I simply switched back to using Local System Account. On the (Log On) tab, I removed the service account and check **Local System Account, and it works.
Hope this help!
Thanks
Al Wolo
-
Just in case anyone else stops by here for an answer. You’re welcome.
Please answer the following
If it is a terminal issue then please go through wiki
https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
«OpenSSH for Windows» version
((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
7.7.0.0
Server OperatingSystem
((Get-ItemProperty "HKLM:SOFTWAREMicrosoftWindows ntCurrentVersion" -Name ProductName).ProductName)
Windows 10 Pro
Client OperatingSystem
Windows 10 Pro
What is failing
Executing service results in error 1297 even though the sshd user has both the «log on as a service» and «replace a process level token» rights.
Note — if executing sshd directly from the command line as the sshd user (using «run as») then it works.
Expected output
C:>net start sshd
The command completed successfully.
Actual output
C:>net start sshd
System error 1297 has occurred.
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
- Remove From My Forums
-
Question
-
Windows Audio service stopped working and i cant start the service again when i installed Developer Preview………………….is there a solution to this??????
-
Changed type
Monday, October 10, 2011 5:46 PM
Changing thread type to question -
Edited by
Steven — Support EngineerMicrosoft Support, Moderator
Monday, October 10, 2011 5:47 PM
Title clarification
-
Changed type
Answers
-
-
Proposed as answer by
Eric — Support EngineerEditor
Monday, October 10, 2011 7:23 PM -
Marked as answer by
Keith-Microsoft Support, Moderator
Monday, October 17, 2011 6:54 PM
-
Proposed as answer by
This issue is fairly well documented, but I wanted to put it here for my own purposes:
When installing a new ADFS farm, you may find that if you reboot the ADFS server, or restart the ADFS service, it will not restart and fails with a 1297 error code. In the Event Viewer you will see an error stating that;
A privilege that the service requires to function properly does not exist in the service account configuration
This error screams of an issue with the configuration of the service account…and that’s exactly what it is. On the affected ADFS server, open the Local Security Policy console (secpol.msc) and expand the following container:
Security SettingsLocal PoliciesUser Rights Assignment
Go into the properties of the Generate Security Audits section and add the ADFS service account into here. If the option to add an account is grayed out, then that means that a Group Policy is controlling this access list, and you will need to find and modify the appropriate GP to add the ADFS service account into the group (usually the Default Domain Policy). While you are here, ensure that the ADFS service account has ‘Log on as a Service’ privileges.
Once this is done you should be able to start the ADFS service (although if you edited Group Policy then run gpudpdate first). Hopefully this helps you before you get to the point where you make the ADFS service account a Domain Admin! Remember, this account only needs Domain User privileges and should not be put into god mode!
A customer had the error come on a Vista Box
—————————
Services
—————————
Windows could not start the Diagnostic Policy Service service on Local Computer.
Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
—————————
OK
—————————
We had to make a OU and move Vista Boxes and make a GPO and under the computer configurationwindows settingssecurity settingsLocal policiesuser rights assignments
We need to make sure that the
————————————————————————————————————-
«Adjust Memory quotas for a process» is has Administrators, Local Service, Network Service
«Replace a process Level token» is has Local Service, Network Service
————————————————————————————————————-
after this setting was done the error did not come.
We can define the same on the Default domain Policy or Make a OU for Vista Boxes
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This entry was posted in Uncategorized. Bookmark the permalink.
Решение этой проблемы очень грустно, а почти дона лучше, чем верх
Неизвестные причины внезапно вызваны, вы не можете удаленно, сначала проверяйте удаленные настройки, и проблем с брандмауэром нет. IP-адрес — это проход Ping, то есть это не удаленный рабочий стол. После разнообразных попыток прошил лингнг: это будет удаленный рабочий столСлужитьНет начала.
[Win + R] Откройте интерфейс прогона, введите Services.msc, чтобы открыть интерфейс [Сервис], выпадайте, чтобы найти услуги удаленного рабочего стола.
После просмотра нет запуска, в этот момент я очень раздражен для себя.
Просто нажмите [Пуск], когда я был счастлив, я на самом деле сообщил об ошибке 1297. Настроение похоже на горную машину. Я действительно хочу иметь импульс сервера.
Различные выводы не решили проблему. Точно так же, как я собираюсь поблагодарить, у меня есть хорошее открытие, которое я выключен на полчаса, о (∩_ ∩) o. Кроме того, вы держите свою толстую брюнетку.
Как только я сижу на компьютере, я чувствую, что не могу слепо находить решение в Интернете, поэтому я подключаю другой удаленный сервер. Решите посмотреть, есть ли проблема.
Дважды щелкните «Открыть» [Услуги удаленного рабочего стола] или нажмите правой кнопкой мыши, чтобы открыть свойство.
Я наконец нашел проблему при просмотре [Войти].
Оказалось, что проблема с учетной записью входа в систему. В это время радость речи была переполнена и начала модифицировать учетную запись входа в систему.
Нажмите [Обзор] справа от учетной записи
Нажмите [Advanced]
Нажмите [Сразу, чтобы найти], выберите Пользователь [Сетевой сервис].
Далее — нажать OK, вернуться в интерфейс свойств Услуги удаленного рабочего стола,Сам пароль。
Нажмите [Приложение] и [ОК].
После завершения вышеуказанного запустите службу удаленного рабочего стола снова, успех ~!
Примечание:
После выбора сетевой службы нажмите [Приложение], если на сервисе «Приложение]. Откройте [Политика местной безопасности] с использованием команды whickpol.msc
Откройте [Локальная стратегия] — [Правильное назначение пользователя], потяните вниз, откройте [Как сервисный логин]
Удалите пользователи [Сетевые службы] и нажмите [Приложение].
На данный момент верните интерфейс [Service] снова, сбросьте учетную запись входа в систему.
Updated
Speed up your computer today with this simple download.
In this guide, we will identify some potential causes that can cause error code 1297, and then I will offer you various ways to resolve this issue. g.Error 1297 The freedom required for the service to run safely does not exist in the service factor configuration.
g.
I have installed WDS on a domain controller with AD, DHCP and DNS roles. I have registered WDS as a real domain administrator.
Updated
Are you tired of your computer running slow? Annoyed by frustrating error messages? ASR Pro is the solution for you! Our recommended tool will quickly diagnose and repair Windows issues while dramatically increasing system performance. So don’t wait any longer, download ASR Pro today!
When I specifically start the WDS service from Server Manager, I get: “Error starting the Windows Deployment Services server” Unknown error (0x511)
I am trying to start a service provided by services. Then I get msc
Windows was unable to disable the Windows Deployment Services server service on the local computer.
Error 1297: The authorization required to work properly no longer exists in the account configuration.
You can use the Microsoft Services Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the running and account configuration.
I have double-checked the verified domain security rules and am not playing anything yet. I reinstalled WDS for the third time, same error. Rebooted, it didn’t work. Visited
I’ve worked on several support forums as welldid step 3 and several of the following: http://support.microsoft.com/kb/946399
The AD FS process does not start and error 1297 occurs:
Windows was unable to start AD FS on the local computer.Error 1297: The privilege required for the service to function properly does not exist in the Myspace poker chip configuration of the service.You can use the Microsoft Management Console (MMC) Services snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and account configuration.
To resolve this issue, run secpol.msc and add the AD FS service account to the guarantee check creation policy. My
If this issue occurs after the AD FS server, including some domain controllers, has been downgraded to a custom server.
If this is a common terminal problem, use the Wiki
https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
What a mistake
Starting this service results in error 1297 even though the sshd user has Login as s Service ”in addition to the“ Replace Process Level Token ”rights.
Note. If sshd is started directly from the “Tell it to” line as the sshd user (with “run as”), it will work.
This permission that my service needs to work properly, definitely does not exist in the service account setup.
You can use the Microsoft Services Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the running and account configuration.
This issue is pretty well documented, but I wanted to point it out here for my own purposes:
If you build a new AD FS farm, you will see that restarting the ADFS device or restarting the ADFS service will probably not start and will fail with a hard code 1297. Most people will see an error in the event viewer:
The service does not require the freedom to set up a service savings account
This error indicates a problem with the service account setup … and that’s it. On a disabled server, adfs will open the Local Security Policy Console (secpol.msc) and will deploy the container if you run:
Security Settings Local Policies User Rights for Assignment
Access the lists in the Generate Security Checks section when adding the AD FS service account. If the add idea option is grayed out, it means that the policy group manages this purchase list and you need to examine the corresponding GP and change it to the ADFS service account in the ellipse (usually the default). domain policy). While everyone is present, make sure the ADFS service account has Log on as a Service permission.
After that, you need to start the AD FS plans (although if you’ve changed your Group Policy, this is for gpudpdate first). Hope this helps you create an AD FS service account as a domain administrator! Remember that this account only needs domain user rights and should not be put into divine mode!
ADFS 4.0 Event ID 7000 – Error 1297 – Service Requires Authorization
I really feel that when I try to runIf the ADFS service is going to be below the bug in ADFS 4.0. Please help.
Failed to start Active Federation Directory Services due to the following error:
The advantage that the service must function accurately is not present in the configuration of the service script. You can use the Microsoft Management Console (MMC) snap-in (services.msc) and typically the Local Security Settings MMC snap-in (secpol.msc) to view service configuration and akun configuration.
AD FS hit the wall with a critical vulnerability:
The permission required by the service to target correctly is missing from the website account settings. You can use the Microsoft Services Management Console (MMC) snap-in (services.msc).
Speed up your computer today with this simple download.
Comment Gérer Le Code D’erreur 1297 ?
