Hello All,
Performing an installation with a client the other day. They have created a domain account. Together, we made changes to ensure the account satisfied the following conditions from the MS SCEP implementation whitepaper (NDES, Win 2008 R2, Jan 2009):
- is a member of the local IIS_IUSRS group.
- has request permission on the configured CA
- is a domain user account and has Read AND Enroll permissions on the configured template (ipad wireless devices) - which is not configured until after installation regardless
- has HTTP SPN set in Active Directory.
However, when selecting this account during the installation wizard, we receive a WIN32 error indicating that the account does not have the correct privileges (1385 - Logon failure: The user has not been granted the requested logon type at this computer.).
Using Local Security Policy, we granted the account the 'Log On As A Service' privilege. However, when attempting installation again, we saw the same error dialog.
Does anyone know if there are a specific set of User Rights Assignments that are required for the NDES service account?
Thanks for your time,
Ryan Schipper