Any version of Venafi
During installation, on the Database configuration page, when you attempt to click "Next" you may be prompted with the following error:
"Could not validate the database as user XXXXXXX error: Logon failure: the user has not been granted the requested logon type at this computer"
This is caused when the account specified for the database connection doesn't have the right to run as a service on the local computer. Even if the Windows Service account is being used for the services, the account being used to connect to the remote SQL box also needs The Log on locally right.
NOTE: Even if the user has been added to the Local Admin group, this is generally not enough.
There are a couple of ways to do this, but I've found the easiest way to fix this is to modify an existing service to use this account. Since at this stage of the installation the Venafi services are created but stopped, one of these would be pretty good to use.
- Run the Services MSC
- Select the Venafi Trust Protection Platform service and choose Properties. NOTE: If you don't use this service, picking one that is set to use the Local System Account is the best way to prevent problems on step 5 later!!
- Select the Log On tab. The service will likely be configured to use the Local System Account. This is what we want to remain, but for now, change it to "This Account" and enter the user that failed in the error message. Then click OK
- You should receive a prompt that the account has been granted the right to run as a service.
- IMPORTANT - DON'T SKIP Now, switch the service back by going back into the properties for the service, Log On tab, and change it back to Local System Account, then click OK.
This should not change anything at all in the product or system, other than granting the appropriate rights to the service account you are attempting to use to connect to the database.