That error means the service account doesn’t have the right permission to run. The Diagnostic Service Host needs the “Log on as a service” privilege, but it’s missing. To fix it, open secpol.msc, go to Local Policies > User Rights Assignment, and check “Log on as a service.” Make sure the account listed in services.msc for Diagnostic Service Host is included there.
If it’s already set to Local System and still fails, it’s usually because a Group Policy is removing the privilege. In that case, you can either adjust the policy or simply set the service startup type to Manual, since this service isn’t critical and the error won’t affect normal server operation.