Problem: Attempting to provision a Windows VM to Microsoft Active Directory 2016 Domain Controller (Microsoft Endpoint). vRO may display the following in the error log.

A required privilege is not held by the client

 

Affected Versions:

  • vRealize Automation 7.x

Cause: Microsoft User Account Control has a specific Security Policy that needs to be disabled on the Microsoft Active Directory 2016 Server(s).

               

Policy Name: User Account Control: Run all administrators in Admin Approval Mode

Resolution: Adjust the Local Security Policy on the Domain Controller and set the policy (User Account Control: Run all administrators in Admin Approval Mode) to DISABLED

To change the policy, follow the steps below.

  1. Open Local Security Policy, on the Start screen, type secpol.msc, and then press ENTER.
  2. Navigate to Security Settings>Local Policies>Security Options
  3. Scroll to find the User Account Control: Run all administrators in Admin Approval Mode policy
  4. Right-Click and select Properties
  5. Change the Local Security Setting to DISABLED
  6. Confirm the setting is now DISABLED
 

If you still experience any issues please open a new SovLabs Support ticket by clicking here.

Recommended Reading