Backup Exec Device & Media Service fails to start because the account has not the necessary privileges:
Problem
After changing the Backup Exec Service account; the Backup Exec Device & Media Service fails to start and one or multiple of the following errors are reported.
Error Message
Application Log Error:Event Type: Error
Event Source: Backup Exec
Event Category: Devices
Event ID: 57806
Description:The Backup Exec service 'Backup Exec Device & Media Service' failed to start because it uses a Windows Server account that does not have the following necessary privileges:Create a Token Object
Ensure that you are logged on with an account that has administrative privileges. Then, click Tools > Backup Exec Services > Services credentials. If you cannot access the Administration Console, on the Connect to Media Server screen, click Services > Services credentials. Change the service account information so that it has administrative privileges, and then restart the Backup Exec service.
NOTE: The privilege or right listed in the Event ID 57806 above can be any of the REQUIRED rights noted in the RESOLUTION section of this technote.
System Log Error:Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Description:
The Backup Exec Device & Media Service service terminated with the following error: %%4294967295
orEvent Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Description:
The Backup Exec Device & Media Service service terminated with the following error: %%536928979
Cause
The above mentioned error may occur if the Backup Exec Service Account (BESA) does not have the appropriate rights assigned to it.
Solution
- Login on the Backup Exec server with the Backup Exec Service Account.
- Open a command prompt console and run the command: gpresult /Z
- From the output of the command, confirm that the account is part of the Local Administrators group and the Domain Admins Group in case the server is in a domain
- From the output of the command, confirm that the account has all the necessary rights assigned. It is recommended that the Backup Exec Services account (BESA) is have ALL of the following rights. Backup Exec checks whether the Backup Exec Service Account has the following rights before it allows for the Backup Exec Services to start.
Backup files and directories
Create a token object
Logon as a batch job (For Windows 2008 only)
Logon as a service
Manage auditing and security log
Restore files and directories
Take ownership of files and other objects
Also make sure the account is not added under :
-Deny logon as a service
-Deny logon as a batch
Note: This is important because the DENY takes precedence over allow.
- If the account is missing any of the permissions/rights mentioned above, use the Group Policy Editor or the Local Policy Editor to grant the necessary rights to the account. Use the GPUPDATE /Force commands to update the policy. Log off and Log in again with the BESA. Rerun the gpresult /Z command to confirm that now the rights are assigned.
- If after the above steps the issue still exist; please verify the SQL rights as per following article too: https://www.veritas.com/content/support/en_US/article.100051944
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.