I have a Windows 2012 Server with Hyper-V enabled and a few virtual machines.
My current configuration has a few account in the "Log on as a service" list in the domain policies, and sometimes this prevent my virtual machines from starting (I get this error: 'Error 0x80070569 ('VM_NAME' failed to start worker process: Logon Failure: The user has not been granted the requested logon type at this computer.')
As described in this KB I would like to add NT Virtual Machine\Virtual Machines to my "Log on as a service" list to resolve my problem.
My problem is that when I try to add that user to my domain policy I get an error message: "The following account could not be validated". My domain controller obviously doesn't know about that user since it's not an Hyper-V enabled server.
How can I add that account to my Domain Policies?
Looks like the quoted KB has been updated:
LINK: http://support.microsoft.com/kb/2779204/
Solution:
Perform the following steps on the Hyper-V host machine:
Logon as a Domain Administrator
Install the Group Policy Management feature from the Server Manager console
After installation, open the GPMC MMC snap-in and browse to the policy that manages User Rights
Open the Group Policy Management console and browse to the policy that manages User Rights
Edit the policy to include NT Virtual Machine\Virtual Machines in the entries for Log on as a Service
Close the policy editor and initiate a gpupdate /force on the Hyper-V host computer to refresh policy. (You may need to wait several minutes for Active Directory replication to occur).
This enabled me to add NT Virtual Machine\Virtual Machines to my domain policies regarding users allowed to log on as service.
I also had this problem with Windows 8.1 in an environment with 2008 R2 servers.
This site and this site helped me.
They explain how you can edit your domain GPO e.g. locally on your Hyper-V server to enable the special VM user to log on as a service.
User contributions licensed under CC BY-SA 3.0