ADCS – Login Failure: The user has not been granted the logon type at this computer

KB ID 0001242 Dtd 06/10/16


Post By: Daniel Newton

I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup.

001 - Logon failiure service account



This can be easily fixed, just follow these instructions and then you will be cooking on gas! J

Go to Active Directory Users and Computers (dsa.msc) and find the certificate service user.

002 - Certificate Services user

Then go to the properties of that user and you will get this dialog box.

003 - Cert Services User RIghtsGo to the “Member Of” Section and add in “Domain Admins” like so;

004 - User Rights Certificat e Services

So, when you try and authenticate for the Service Account in setup, it will come up with no errors

005 - Logon as Cert Services User

To prove that it’s not all smoke and mirrors, here is the user authenticated,

006 - Certificate Enrollment Services Rights

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On


    • Your most welcome! 🙂

      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *