FIX: Unable to Add Roles and Features on Server 2016 because the Server Requires Restart (Solved)
This tutorial contains instructions to resolve the following problem: Unable to add roles and features on Server 2016 or Server 2012 with error: "Feature installation Failed: The request to add or remove features on the specified server failed. The operation cannot be completed, because the server that you specified requires a restart".
As a result of the above error, we were unable to install roles and features on the Server, because the problem remained even after restarting the server and installing the latest updates.
At the same time in the Event Viewer (Windows Logs > System) the following error was recorded:
"Event 7041: Service Control Manager.
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WIDThis service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right."
How to fix: Cannot Add Roles and Features on Server 2016 or 2012, because the Server Requires Restart.
Suggestion according to user comments: Before you continue below, try to restart the Remote Registry service and try again to install the rules. If this also fails, follow the instructions below.
To resolve the Feature Installation error "The request to add or remove features on the specified server failed, because the server requires a restart", proceed and assign the "Log on as a service" user right to "NT SERVICE\ALL SERVICES" & to "NT SERVICE\MSSQL$MICROSOFT##WID".
Case A. If your Server is part of a Domain, then proceed and modify the Default Domain Policy as follows:
1. Simultaneously press the Windows 
+ R keys to open run command box.
2. In run command box, type: gpmc.msc and press Enter.
3. In Group Policy Management go to:
- Forest –> Domains –> "Your Domain Name" –> Domain Controllers.
3a. Right click at Default Domain Controller Policy and select Edit.
5. Proceed to Step–4 below…
Case B. If your Server is a Local Server then proceed and modify the Local Group Policy as follows:
1. Simultaneously press the Windows + R keys to open run command box.
2. In run command box, type: gpedit.msc and press Enter.
3. In Local Group Policy Editor, go to:
- Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment
————–
4. Now, double click at Log as a service item.
5. Click on Add User or Group button.
6. Type NT SERVICE\ALL SERVICES and click OK. *
* Read this Note if you are having trouble when adding the account.
7. At the main window, click OK and then close the Group Policy Editor.
8. Now open Command Prompt as Administrator and give the following command to update the group policy.
- gpupdate /force
9. Reboot your server.
10. After the restart, open the Group Policy Management, and go again to User Rights Assignments.
11. Double click at Log as a service item and click Add User or Group.
12. Type NT SERVICE\MSSQL$MICROSOFT##WID and click OK. *
* Note: If you cannot add the "NT SERVICE\MSSQL$MICROSOFT##WID" or the "NT SERVICE\ALL SERVICES" account to 'Log on as service' item, then:
1. Add the "Everyone" (without quotes), to log as service.
2. Reboot the server.
3. Add the "NT SERVICE\ALL SERVICES" & the "NT SERVICE\MSSQL$MICROSOFT##WID" users to log as service.
4. Run gpupdate /force
5. Reboot the server
6. Remove "Everyone" from the log on as service.
7. Proceed to Add Roles and Features. on the Server.
13. Click OK again and then close the Group Policy Editor.
14. Open Command Prompt as Administrator and give the following command to update the group policy.
- gpupdate /force
15. Reboot your server.
16. After the restart, try to install Roles and Features.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Duke
September 11, 2023 @ 4:17 pm
Thanks a million! This worked on a 2022 RDS Session based deployment.
Jose Balani
October 27, 2021 @ 4:17 am
Please, include the "Remote Registry" enabled and started to work fine.
Troy
September 23, 2021 @ 6:03 pm
This worked on a Server 2019 system where WSUS would not install, due to the missing WID role. Was not ever able to add NT SERVICE\ALL SERVICES, but all other accounts were able to add and resolved my issue – thank you!
Andres V
March 4, 2021 @ 7:57 am
Awesome, fixed it!
Matthew
May 8, 2020 @ 4:37 am
This fix worked for me! Thanks for the help!
Sean John
October 2, 2019 @ 9:29 pm
Thank you! Exactly what I needed afted applying DISA STIG's to my SCCM server.
Karthi
September 11, 2019 @ 3:38 pm
Hi just restart your remote registry service. It should be work
Dave
January 31, 2019 @ 6:16 pm
This fix worked perfectly for my 2016 server. Thanks!
Kiran
October 29, 2018 @ 7:46 pm
Still i am getting same error after doing all the configurations as detailed above article. can you suggest any other plan
lakonst
October 30, 2018 @ 10:38 am
@Kiran: Unfortunately I cannot suggest another workaround to fix this issue. Have you successfully added the mentioned "NT SERVICE" accounts in 'Logon as Service' properties?
Usman Ghani
November 10, 2019 @ 5:59 am
@Kiran, Please try to start the remote registry service.