PowerProtect: MSAPPAGENT Installation Fails If No Interactive Login Rights on Backup Account

Summary: PowerProtect Data Manager Application Aware protection policies require the Backup Service account to have Windows interactive login enabled. If this setting is disabled, agent installation fails, preventing VM asset configuration and protection. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • VM Application Aware protection policy fails to configure the VM asset.
  • vProxy Agent logs show authentication errors such as:
2025-07-14T20:15:34.181-07:00 ERROR: 10.11.12.13:42530: Unable to authenticate user 'user1234'. Logon failure: the user has not been granted the requested logon type at this computer.
  • PowerProtect Data Manager fails to configure the VM asset during the protection policy setup.
  • vProxy successfully installs the vProxy Agent on the VM.
  • Installation of MSAPPAGENT fails when ran under the Backup Service account.
  • Windows revokes the execution request due to lack of interactive login rights.

Affected versions

  • All supported versions of PowerProtect Data Manager

Cause

Windows security policies prevent noninteractive accounts from running processes that require user context. When the MSAPPAGENT installer is launched under a Backup Service account without interactive login rights, the OS revokes the execution request, causing the installation to fail.


Impacted Configuration and Settings

  • Backup Service account used in the PowerProtect Data Manager VM Application Aware protection policy
  • Interactive login disabled in:
    • Group Policy: Such as "Deny log in locally"
    • Local Security Policy: Such as "Deny log in through Remote Desktop Services"

Resolution

Fixed Version

  • No fixed version is available.

Workaround:

To work around this issue, enable interactive login for the Backup Service account used in PowerProtect Data Manager.

Steps:

  1. Enable interactive login for the Backup Service account used in PowerProtect Data Manager.
  2. Apply changes using Group or Local Security Policy as appropriate.
    1. Group Policy (gpmc.msc) on a domain controller
Go to: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment 
  1. Local Security Policy (secpol.msc) on the VM or domain-joined system
Go to: Local PoliciesUser Rights Assignment 
  1. Locate and review the following policies:
    • Deny log in locally
    • Deny log in through Remote Desktop Services
  2. Ensure that the Backup Service account is not listed in either policy.
  3. If changes are made, reboot the VM or force a Group Policy update using:
gpupdate /force
  1. Retry the VM Application Aware configuration.

Affected Products

PowerProtect Data Manager
Article Properties
Article Number: 000361291
Article Type: Solution
Last Modified: 03 Dec 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.