Service Account for Mid Server install

sgmartin
Kilo Guru

‎01-14-2022 02:09 PM

Trying to install a new Mid Server using the Local Service Account using the new MSI installer.  When I get to the screen to select an account, the Local Service Account is not visible.  If I create a new one and try the Validate Service Settings, it always comes back with Invalid account.  I even added to new local account manually and gave it the Logon as a Service security policy.  If I select that new account and put in the password, I still get Invalid Service Account when I click Validate Service Settings.

0 Helpfuls
  • 13,988 Views
6 REPLIES 6

Community Alums
Not applicable

‎01-15-2022 01:31 AM

Hi @sgmartin ,

Service account on mid server need to run as local system account.

Local Admin or Domain Admin Account used to log into scoped windows devices to perform inventory. 

Local admin or Domain admin via WMI/Powershell. SMB admin access to C$. The local admin account is created in AD as a service account, and through group policy is given the following rights:

 


Access this computer from the network

 

Act as part of the operating system

 

Adjust memory quotas for a process

 

Allow log on locally

 

Allow log on through Remote Desktop Services

 

Log on as a service

 

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

0 Helpfuls

JusCuz
Tera Guru
In response to Community Alums

‎01-10-2023 07:02 AM

The local service is no longer recommended for the MID Service Account. 

 

The provided service account credentials must meet the following requirements in addition to being a valid account.

  • The user cannot be a local system or an administrator level account (local admin, domain admin, etc.)
  • The service account provided has the log on as service right, which is required for an account to be used as the log on user for a service.

sgmartin
Kilo Guru

‎01-18-2022 06:04 AM

Not really what my question was about.

The new wizard doesn't even give you a chance to select the Local Service Account.  We have an account that has Logon as a Service.  I will go through that list and give it more security access and see if that helps.

Thx

0 Helpfuls

MattSN
Mega Sage
Mega Sage

‎02-25-2022 12:05 PM

I had the same issue. As usual it is Windows UAC. The account is not getting created with enough privileges if the installer is not launched "as administrator" or using misexec /i

The trick is to run it like this and then tell the installer to create the account.

msiexec /i winmid.msi

#or if you are launching from a powershell prompt
cmd /c msiexec /i winmid.msi

Alternatively you can create the account in advance with the PowerShell Below

#Install Carbon module from NuGet (requires powershell v5)
Install-PackageProvider NuGet -Force;
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module -Name 'Carbon'

#create user
$midserviceuser = "miduser"
$midPassword = "password123"
net user /add $midserviceuser $midPassword
#set priv
Grant-CPrivilege -Identity $midserviceuser -Privilege SeServiceLogonRight
#check priv
Get-CPrivilege -Identity $midserviceuser

Simililar issue is discussed here
https://community.servicenow.com/community?id=community_question&sys_id=19210bed1b2a98d0d2ccea89bd4b...