Full VM Restore failing with an error “Logon failure: The user has not been granted the requested logon type at this computer. (0x80070569)”
Problem description
This article describes a specific problem that occurs when a Hyper-V VM full VM restore fails with a Hyperv11 error because permissions are not present on the Hyper-V host.
Cause
Hyper-V host does not have “NT Virtual Machine\Virtual Machines” added in “Log on as a service” in Local Group Policy.
Traceback
[2023-01-03 12:17:56,677] [ERROR] <_MainThread(MainThread)> SyncError: Failed to import a virtual machine.
The Hyper-V Virtual Machine Management service encountered an unexpected error: Logon failure: the user has not been granted the requested logon type at this computer. (0x80070569). (#10009000b : 32768) (Error Code : HYPERV11)
Resolution
Take the following steps on the Hyper-V host machine:
-
Sign in to the machine as a Domain Administrator.
-
To verify the same open Local Group Policy Editor and follow the below navigation:
Computer Configuration - Windows Settings - Security Settings - Local Policies - User Rights Assignments - Right click on Log on as a service and verify if “NT Virtual Machine\Virtual Machines” is visible there.
-
In case, it is not there either you can Install the Group Policy Management feature from the Server Manager console or proceed with the step 7,8,9 .
-
After installation, open the GPMC MMC snap-in and browse to the policy that manages User Rights.
-
Edit the policy to include NT Virtual Machine\Virtual Machines in the entries for Log on as a service.
-
Close the policy editor. Run gpupdate /force on the Hyper-V host computer to refresh policy. You may need to wait several minutes for Active Directory replication to occur.
-
Connect to one of the Domain Controllers and open the GPMC MMC snap-in (gpmc.msc) and browse to the policy that manages User Rights. (Default Domain Policy - Right click and edit the same.
-
It will open GPEDIT.msc from there you have to follow the below navigation to make the changes: Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - User Rights Assignments - Right click on Log on as a service)
-
Go to properties and Click on Add Groups and add it with the NT Virtual Machine\Virtual Machines or its SID ID “S-1-5-83-0”