Symptoms
Enrollment agent and NLA user account credentials are reported as Invalid even when specified in the UPN format:
When you try to sign in to the Enrollment Agent server using the credentials you get an error The sign-in method you're trying to use isn't allowed:
Cause
Enrollment Agent and NLA User accounts require interactive logon ability.
Resolution
Allow interactive logon for the accounts on the EA server in Allow log on locally GPO or add users to local administrators group.
NOTE: The issue also will be observed if EA and NLA users have local admin rights on the Enrollment Server but added to Deny log on locally policy.
Was this article helpful?
Tell us how we can improve it.