Problem: Attempting to provision a Windows VM to Microsoft Active Directory 2016 Domain Controller (Microsoft Endpoint). vRO may display the following in the error log.
A required privilege is not held by the client
Affected Versions:
- vRealize Automation 7.x
Cause: Microsoft User Account Control has a specific Security Policy that needs to be disabled on the Microsoft Active Directory 2016 Server(s).
Policy Name: User Account Control: Run all administrators in Admin Approval Mode
Resolution: Adjust the Local Security Policy on the Domain Controller and set the policy (User Account Control: Run all administrators in Admin Approval Mode) to DISABLED
To change the policy, follow the steps below.
- Open Local Security Policy, on the Start screen, type secpol.msc, and then press ENTER.
- Navigate to Security Settings>Local Policies>Security Options
- Scroll to find the User Account Control: Run all administrators in Admin Approval Mode policy
- Right-Click and select Properties
- Change the Local Security Setting to DISABLED
- Confirm the setting is now DISABLED
If you still experience any issues please open a new SovLabs Support ticket by clicking here.