4

I am trying to create a Windows virtual machine using Hyper-V, but I have several issues. I tried following instructions on this page, to use the "Quick Create":

I was expecting to see a vanilla Windows 10 OS here, but there is none. So, I created an .iso image, using the instructions here. Through the "_Local installation source" I selected the ISO image, but I get this error message:

Error
The Operation failed.
An unexpected error occurred: Logon failure: the user has not been granted the request logon type at this computer.
(0x80070569).

Then I switched to "Hyper-V Manager" using the instructions on this page, but I get this error message:

New Virtual Machine Wizard
The server encountered an error while creating <virtualMachineName>.
...

I would appreciate it if you could help me know what is the problem and how I can resolve it.

P.S. I asked a follow-up question here.

Foad
  • 546
  • 3
  • 10
  • 36
  • I suggest not using the “Quick Create” wizard. – Daniel B May 03 '22 at 06:43
  • 1
    Dear @DanielB thanks for your comment, though I would appreciate it if you could read my post thoroughly first. I did use "Quick Create" as you may see in the post. – Foad May 03 '22 at 09:18
  • Yes and I’m saying _not_ to use it. It won’t help you anyway and for diagnostic purposes you should absolutely try all ways to create a VM and many VM configuration combinations. – Daniel B May 03 '22 at 09:59
  • @DanielB the second half of the question is also about using the "Manager" to build a custom virtual machine. – Foad May 03 '22 at 10:10

2 Answers2

4

Your error message says: "The user has not been granted the requested logon type at this computer."

Open the secpol.msc console, go to Local Policies → User Rights Assignment, and open the item "Log on as a service". It should list the following two names:

NT SERVICE\ALL SERVICES
NT VIRTUAL MACHINE\Virtual Machines

If either of these items is missing (in particular the "Virtual Machines" one), add it. Well, it won't recognize those names when entered, so you'll probably need to find the ntrights.exe tool and run it like this (untested):

ntrights +r SeServiceLogonRight -u *S-1-5-83-0

...or the psprivilege PowerShell module (this is currently not yet tested, either):

PS>   Install-Module -Name PSPrivilege -Scope AllUsers
PS>   $sid = [System.Security.Principal.SecurityIdentifier]::new("S-1-5-83-0")
PS>   Add-WindowsRight -Name SeServiceLogonRight -Account $sid

Windows distinguishes several logon types: interactive (full GUI or SSH logon), batch (e.g. Scheduled Tasks), service (actual services), network (SMB file shares). You're only able to log on to Windows because the whole "Users" group is explicitly listed under "Allow log on locally", and when you create a scheduled task to run under your account, the Task Scheduler tool adds you to the "Batch logon" list behind the scenes.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • 1
    I'll figure out the correct procedure when I get back home. Until then, I found a workaround of creating a new _group_ with `*S-1-5-83-0` as a member (the `net localgroup` command does accept this) and granting it the rights. – u1686_grawity May 03 '22 at 07:44
  • Thanks for the post. However, I don't have `ntrights.exe` on my windows 10 21H2 version. – Foad May 03 '22 at 09:19
2

From this page, running the command

gpupdate /force

in an elevated command line, forces an update on group policies and now the NT VIRTUAL MACHINE\Virtual Machines is there:

enter image description here

However, according to the discussions this page, this error might happen again.

Foad
  • 546
  • 3
  • 10
  • 36