Palo Alto Networks Knowledgebase: How to Install User-ID Agent and Prevent 'Start service failed with error 1069'
How to Install User-ID Agent and Prevent 'Start service failed with error 1069'
Created On 02/08/19 00:06 AM - Last Updated 02/08/19 00:06 AM
This article outlines the steps required to install the UserID Agent and account permissions required for it to function properly. If not all access is granted, you may encounter the following error: "Start service failed with error 1069: The service did not start due to a logon failure."
In this article the example service account is 'firstname.lastname@example.org'.
Step 1. Make sure the account you are using in the User-id agent is part of 'Event log reader' and 'server operator.' In this example "email@example.com" should be part of "server operator", "event log reader"
Step 2. Account should be to log on as a service. Open Administrative Tools, then open Local Security Policy.
Go to Local Policies > User Rights Assigment. Find Log on as a service. Double click and add the account to Local Security setting.
Step 3: Open cmd in Administrator mode and perform a 'gpupdate'. Otherwise, it will take time for the changes to take effect.
Step 4. The account should have permission to the folder where the User ID agent is installed. To give permission, go to the folder where User-ID agent is installed and grant the required permission:
Step 5. The account should have permission to registry: Locate the Palo Alto Networks folder in