Windows Server (SBS) 2008 - Telephony service won't start (missing permissions)
- by Uri
I am running a SBS 2008 server. It's setup as the domain controller for the network.
After a reboot, the Telephony service (and all services that depend on it) refuses to start under the Network Service account. The error given is:
  Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration.
  You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
This has caused all the network services not to be accessible e.g. terminal services, VPN (RRAS), SQL Server instances. The SSH daemon I have running on the box will accept connections only from localhost, but won't respond on the network.
After searching around, the only advice I could find was to grant the Network Service account these permissions:
Adjust memory quotas for a process
Replace a process level token
I set those permissions on both the Default Domain Policy and the Default Domain Controller Policy, but it seemingly had no effect.
Most of the services will start if I change them to run under the Local System account, but that didn't make them accessible on the network.
I even tried removing the Routing and Remote Access Services feature, rebooting and reinstalling it, but the issue remains.
Any ideas?