Problem:
In ProfileUnity Console, Role Management. When adding a "Service Account For Deployment" and selecting "Add/Update"
the console shows up error message:
Resolution:
When adding a service account to the ProfileUnity console, the service account credentials will be used to push out configuration (in) files to the shares and query AD directory for any security groups when creating filters etc. ProfileUnity will impersonate that user to do the functions listed above. To accomplish this task this user needs to have a right to logon to the ProfileUnity console server.
The service account user must be able to "Allow log on locally."
To accomplish this task:
- Edit GPO (Local or GPO applying to the ProfileUnity console)
- Go to:
- Computer Configuration>Policies>Security Settings>Local Policies>User Rights>Allow log on Locally.
- Add user or Group to be able to logon locally.
If the error persists, check to make sure the "Secondary Logon" service is running on the ProfileUnity console.
Once compete go back and add the service account again. Upon successful completion it should display a message: "Role Service Account has been set."
Alternate Resolution if above isn't working or secondary logon service requires it to be disabled:
1. Press Win + R to open the Run window
2. Type services.msc and press enter to open Services window
3. Stop the ProfileUnity service
4. Add ProfileUnity as a service account
5. Using File Explorer, go to the ProfileUnity Directory
6. Edit ProfileUntiy.Host.exe line 90 for DisableImpersonation to True
DisableImpersonation is set to true due to when the secondary logon service is disabled and can't be allowed to be enabled or if changes can't be made within the security policy.
Product: ProfileUnity-FlexApp
Product Version: 6.8.5 and later