Edit

"Logon type has not been granted" error when running a desktop flow or creating a connection

Applies to:   Power Automate
Original KB number:   5021230

Summary

When you run a desktop flow or create a desktop flow connection in Microsoft Power Automate, you might receive the -1073741477 error code with the message "A user has requested a type of logon that has not been granted." This error occurs because a local security policy on the machine doesn't allow the logon of the account used in your connection. To resolve the issue, verify that the user account or group has logon permissions in the Local Security Policy settings and isn't on the denied accounts list.

Symptoms

When you run a desktop flow or create a desktop flow connection, you receive the following error message:

{
    "error":{
        "code": "-1073741477",
        "message": "A user has requested a type of logon (for example, interactive or network) that has not been granted. An administrator has control over who can logon interactively and through the network."
    }    
}

Cause

On the impacted machine, a local security policy might not allow (or might deny) the logon of the account (or a group that contains this account) used in your connection.

Note

"Deny" permissions take precedence over "Allow" permissions unless specific exceptions are configured at the domain controller level.

Solution

To resolve the issue, ensure that the user account or group used in the connection has logon permissions, and isn't on the denied accounts list.

  1. Sign in to the impacted machine preferably as an administrator.

  2. Go to Local Security Policy.

  3. Navigate to Security Settings > Local Policies > User Rights Assignment.

    Screenshot of the User Rights Assignment policy settings.

  4. Right-click the Allow log on locally policy and select Properties.

  5. Check if the group (the account belongs to) or the account itself is on the list. If not, add it to the list using Add User or Group.

    Screenshot of the group or the user account that is added to the Allow log on locally Properties.

  6. Perform steps 4 to 5 for the following policies as well:

    • Access this computer from the network
    • Allow log on through Remote Desktop Services

  7. For the following policies, check the Properties to verify that the group (the account belongs to) or the account itself isn't on the denied accounts list.

    • Deny access to this computer from the network
    • Deny log on locally
    • Deny log on through Remote Desktop Services

Related content

  • Last updated on