Cisco Cisco Security Manager 4.0 Guía Para Resolver Problemas
1) For a server with external Group Policy Object (GPO) set on it, check Resultant Set of Policy
(rsop.msc).
(rsop.msc).
2) For a server with local policies, gpedit.msc shows the change.
Trigger of the Issue
This issue is usually seen on a server which is a part of Domain Group and has an external GPO
applied on it.
applied on it.
After a regular Group Policy update on the server, casuser might get removed from Log on a
service Policy (set after the CSM 4.8 fresh install or upgrade), if the external GPO might not have
an exemption for this policy.
service Policy (set after the CSM 4.8 fresh install or upgrade), if the external GPO might not have
an exemption for this policy.
Casuser is not removed Log on a service Policy
After a server reboot
●
After a DB Backup
●
Anytime Daemon Manager is restarted
●
If casuser is removed from Log on as a service Policy, aforementioned four
services (CmfDbEngine, rptDbEngine, AusDbEngine and vmsDbEngine) fails to start, since the
casuser doesn't have the permission to Log on Or Start any of them.
services (CmfDbEngine, rptDbEngine, AusDbEngine and vmsDbEngine) fails to start, since the
casuser doesn't have the permission to Log on Or Start any of them.
Solution
Verify if casuser account is included for Log on as a Service.
1) Open rsop.msc and navigate to Computer Configuration >Windows Settings > Security
Settings > Local Policies > User Rights Assignment.
Settings > Local Policies > User Rights Assignment.
As shown in the image,
2) If casuser is not present for Log on as a Service
As shown in the image,