Printing problems: Error 1385 - Logon failure

"Logon failure" may seem like a strange topic for a printing problem but it's something our customers encounter, and it's a tough one to troubleshoot. This post will answer the questions "what is this about?" and "what should I do?"

Let's set up this scenario. The customer has been working with us for some time, using RPM Remote Print Manager® (RPM). They are setting up an "Archive to folder" action using a domain service account to write files in folders on a network share. The user account has the correct credentials.

When the user next processes a print job using this action, they get the following error.

What is "Error 1385 - Logon failure: the user has not been granted the requested logon type at this computer."?

When Windows runs a service like RPM, it uses a system account with a specific set of privileges. Microsoft has a security model they use for processes like ours, database servers, and many other types of software.

When you configure RPM to use login credentials to run a process, RPM will use a Windows feature which lets it impersonate a user, to perform an action like writing a file or printing to a printer.

However, as part of the Microsoft security model, they don't want rogue software misusing user accounts. Microsoft requires you to add specific permission to the user account. This permission is called "Logon as batch job" which enables that user account to do work in the background, as it were, not only logged in at a workstation.

What should I do about "Logon as Batch job"?

These instructions assume you are using Windows 10 or comparable.

  1. Go to the lower left of your home screen so that the search bar appears.
  2. Type in secpol.msc as shown in the example below, indicated by the red arrow.
  3. Don't hit Enter yet; look for the menu to appear. Notice the four options to the right; you want the highlighted option "Run as administrator"

  4. In the "Local Security Policy" app (as shown below) go to Security Settings / Local Policies / User Rights Administration. These are collapsing menus that you open by clicking the ">" arrow, one at a time.
  5. Scroll down to "Log on as a batch job" and double click on that entry

The "Select Users" form is where you would add the user you have configured for the RPM archive to shared folder operation.

Note that I have put myself in this form: BROOKS\Dave

However, you might have noticed that the security policy already includes that user. If you were adding a user, you would do that here.

It won't hurt anything to click "Check Names" if you have never done this before. Chances are, if you entered the domain and username correctly, you wouldn't have a problem.