locked
Run File Sync Service as domain account rather than SYSTEM RRS feed

  • Question

  • We have created a service account to run the File Sync Service however, the service does not start once the log on service is changed. 
    Saturday, April 18, 2020 9:38 PM

All replies

  • Did you assign to the domain user account the Log on As Service user right?

    More at https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/log-on-as-a-service

    hth
    Marcin

    Saturday, April 18, 2020 11:32 PM
  •   Clint Cunningham Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Where is the Service Account created?

    Are you referring to any document?

    Additional information: Azure file shares only support authentication against one domain service, either Azure Active Directory Domain Service (Azure AD DS) or on-premises Active Directory Domain Services (AD DS).

    AD DS identities used for Azure file share authentication must be synced to Azure AD. Password hash synchronization is optional.

    On-premises AD DS authentication does not support authentication against Computer accounts created in AD DS.

    On-premises AD DS authentication can only be supported against one AD forest where the storage account is registered to. You can only access Azure file shares with the AD DS credentials from a single forest by default. If you need to access your Azure file share from a different forest, make sure that you have the proper forest trust configured, see FAQ for details.

    AD DS authentication for SMB access and ACL persistence is supported for Azure file shares managed by Azure File Sync.

    Azure Files supports Kerberos authentication with AD with RC4-HMAC encryption. AES Kerberos encryption is not yet supported.

    Azure Files supports identity-based authentication and access control. You can choose one of two ways to use identity-based access control: on-premises Active Directory Domain Services (preview) or Azure Active Directory Domain Services (Azure AD DS). On-premises Active Directory Domain Services (AD DS) supports authentication using AD DS domain-joined machines, either on-premises or in Azure, to access Azure file shares over SMB. Azure AD DS authentication over SMB for Azure Files enables Azure AD DS domain-joined Windows VMs to access shares, directories, and files using Azure AD credentials. For more details, see Overview of Azure Files identity-based authentication support for SMB access.

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue.
     ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members

    Tuesday, April 21, 2020 7:00 AM
  • @Clint Cunningham Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Monday, April 27, 2020 3:50 PM
  • Yes the account is assigned as a log as service. 
    Tuesday, April 28, 2020 11:24 AM
  • Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    To understand better: What exactly is happening can you share the screenshot and can you provide bit more info on your query? 


    Wednesday, May 6, 2020 11:23 AM