Thanks for posting the solution you found, PetieG. It fixed my issue but I had to do a GPUPDATE (electing to not log off when prompted) after modifying the Default Domain Controllers GPO. I could not find the ServerAdmin$ account in Active Directory
either but was able to add the <domain>\ServerAdmin$ account to the "Log on as a Service" policy. This is the Security Log entry that this solution fixes in case anyone is google'ing for a solution.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/29/2015 12:10:29 AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <server>.<domain>.local
Description: An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: <server>$
Account Domain: <domain>
Logon ID: 0x3E7
Logon Type: 5
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: ServerAdmin$
Account Domain: <domain>
Failure Information:
Failure Reason: The user has not been granted the requested logon type at this machine.
Status: 0xC000015B
Sub Status: 0x0
Process Information:
Caller Process ID: 0x204
Caller Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: <server>
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0