A required privilege is not held by the client – AD machineBuilding error

Problem: Attempting to provision a Windows VM to Microsoft Active Directory 2016 Domain Controller (Microsoft Endpoint). vRO may display the following in the error log.

A required privilege is not held by the client

Affected Versions:

vRealize Automation 7.x

Cause: Microsoft User Account Control has a specific Security Policy that needs to be disabled on the Microsoft Active Directory 2016 Server(s).

Policy Name: User Account Control: Run all administrators in Admin Approval Mode

Resolution: Adjust the Local Security Policy on the Domain Controller and set the policy (User Account Control: Run all administrators in Admin Approval Mode) to DISABLED

To change the policy, follow the steps below.

Open Local Security Policy, on the Start screen, type secpol.msc, and then press ENTER.
Navigate to Security Settings>Local Policies>Security Options
Scroll to find the User Account Control: Run all administrators in Admin Approval Mode policy
Right-Click and select Properties
Change the Local Security Setting to DISABLED
Confirm the setting is now DISABLED

If you still experience any issues please open a new SovLabs Support ticket by clicking here.

ENTERPRISE

SERVICE PROVIDER

SEE AN OVERVIEW OF CLOUDBOLT SOLUTIONS IN 5 MINUTES

ACCELERATE

MAKE BETTER

Compare Against the Rest

THE REAL STATE OF FINOPS

A required privilege is not held by the client – AD machineBuilding error

A required privilege is not held by the client – AD machineBuilding error

Recommended Reading

Connect ALL the things! Webhooks for the win.

Three ways to prevent IT complexity from hindering cloud computing

Control the Clouds & Impress Your Stars