JSI Tip 8873. Services and scheduled tasks cannot log on to Windows Server 2003 without a smart card?

The server's Security event log contains entries similar to:

Event ID: 531
Logon Failure:
Reason: Account currently disabled
User Name: <Name of the Service or scheduled task>
Domain: <Domain Name>
Logon Type: 4
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: <Computer Name>

This behavior occurs because the account that the service and/or scheduled tasks uses to log on has the Smart card is required for interactive logon option enabled, and this option applies to all logon types except the network logon type.

To workaround this behavior:

1. Open Active Directory Users and Computers.

2. Expand the Users container.

3. Right-click a user account that a service or schedule task uses and press Properties.

4. Select the Account tab.

5. Scroll the Account options list and clear the Smart card is required for interactive logon check box.

6. Press Apply and OK.

7. Repeat steps 3 - 6 for other accounts used by services and scheduled tasks.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.