I am running a SBS 2008 server. It's setup as the domain controller for the network.
After a reboot, the Telephony service (and all services that depend on it) refuses to start under the Network Service account. The error given is:
Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
This has caused all the network services not to be accessible e.g. terminal services, VPN (RRAS), SQL Server instances. The SSH daemon I have running on the box will accept connections only from localhost, but won't respond on the network.
After searching around, the only advice I could find was to grant the Network Service account these permissions:
- Adjust memory quotas for a process
- Replace a process level token
I set those permissions on both the Default Domain Policy and the Default Domain Controller Policy, but it seemingly had no effect.
Most of the services will start if I change them to run under the Local System account, but that didn't make them accessible on the network.
I even tried removing the Routing and Remote Access Services feature, rebooting and reinstalling it, but the issue remains.
Any ideas?
Best Answer
I would look at this article: http://support.microsoft.com/kb/946399
I also just looked at a Server 2008 (not R2 sorry) box running RRAS, and the Network Service account has the following rights (some are included in that document, but I will list ALL the ones I have, including repeats): Adjust memory quotas for a process, Bypass traverse checking, Create global objects, Generate security audits, Impersonate a client after authentication, Replace a process level token.
Make sure your GPO does not change these back. After you check and make changes, run gpupdate/force, and go back and check they are still there. If you add these rights, I am virtually positive you will need to reboot.
If this does not work, I also would not limit my search just to the telephony service since the Network Service account starts many services. Lastly, if none of this works, fork over the $260 and get Microsoft on the phone since it sounds like you have a lot that is not working.