Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 7041 Source: ServiceControlManager

Level
Description
The <service> service was unable to log on as <domain>\<account> with the currently configured password due to the following error: <error message>.
Comments
 
- Service: BackupExecDeviceMediaService - The Backup Exec Services user keeps losing the "login as a service" right even though the user is in the proper "Logon as a Service" group in the Domain Controller Sec Settings and the Default Domain Sec Settings. If you grant the right then it works for a short period of time and then goes back to deny the services the right to start.

User Action

Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster. If you have already assigned this user right to the service account and the user right appears to be removed, a Group Policy object associated with this node might be removing the right. Check with your domain administrator to find out if this is happening.
- Service: DPMWriter - This problem may occur if a Group Policy setting does not enable the "Log on as Service" user right for the user account. See ME929101 for additional information about this event.
In one case, on Windows 2003 SP1, the aspnet_state service (named in the message) could no longer be started on any computer in the domain that was not a domain controller, after changes were made to the Default Domain Policy. It was accompanied by EventID 534 from source Security and EventID 7000 from source Service Control Manager, service ASP.NET State.
The "Default Domain Policy" policy setting named "Log on as a service" had been empty, but when entries were added for some groups, this Event ID appeared when I tried to start the "ASP.NET State service".
To resolve this, the "Default Domain Policy" policy setting named "Log on as a service" had "ASPNET" added to its list. When Group Policy was refreshed on the computer that had the problem, the service could be started without problem.

In another case, on Windows 2003 SP1, the computer had just been removed and re-joined to the domain in order to fix another problem. The service named in the description (an in-house product) was attempting to logon with a domain account. Alternate-click My Computer and click Manage. Go to Services and Applications -> Services. Alternate-click the name of the service and click Properties. Click the Log On tab. Re-enter the password and click Apply. A message should be displayed stating that the account has been granted the right to logon as a service. Click OK. You should now be able to start the service and any others that logon with the same account.
- Service: Cluster - See ME871236 for some of the changes that have been made to the Cluster service-related event log messages in Microsoft Windows Server 2003 Service Pack 1 (SP1).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...