The Diagnostic Service Host service failed to start due to the following error:

Zayan zay 40 Reputation points
2026-06-21T04:15:59.3966667+00:00

Hi Guys,

We have been receiving the Event ID 7000 alert on a Windows Server every day. I have checked everything, and it appears to be working correctly. I also did some research but couldn't find a proper solution.

Has anyone experienced a similar issue? If so, how can I investigate and resolve it?

The Diagnostic Service Host service failed to start due to the following error:

"A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration" 

Thanks

Windows for business | Windows Server | User experience | Other
0 comments No comments

2 answers

Sort by: Most helpful
  1. Harry Phan 24,075 Reputation points Independent Advisor
    2026-06-21T04:42:24.0633333+00:00

    That error means the service account doesn’t have the right permission to run. The Diagnostic Service Host needs the “Log on as a service” privilege, but it’s missing. To fix it, open secpol.msc, go to Local Policies > User Rights Assignment, and check “Log on as a service.” Make sure the account listed in services.msc for Diagnostic Service Host is included there.

    If it’s already set to Local System and still fails, it’s usually because a Group Policy is removing the privilege. In that case, you can either adjust the policy or simply set the service startup type to Manual, since this service isn’t critical and the error won’t affect normal server operation.

    Was this answer helpful?

    0 comments No comments

  2. AI answer

    2026-06-21T04:16:11.6033333+00:00

    Event ID 7000 with the message:

    A privilege that the service requires to function properly does not exist in the service account configuration

    indicates that the service account that Diagnostic Service Host runs under is missing a required user right.

    The error text corresponds to system error code 1297 (ERROR_INCOMPATIBLE_SERVICE_PRIVILEGE), which explicitly points to missing privileges in the service account configuration.

    To investigate and resolve:

    1. Confirm the exact error and code
      • In Event Viewer → Windows LogsSystem, locate the Event ID 7000 for Diagnostic Service Host.
      • Confirm the text matches the 1297-style message about a privilege not existing in the service account configuration.
    2. Check the service account
      • Open services.msc.
      • Find Diagnostic Service Host.
      • Open Properties → Log On and note which account the service is using (for example, Local Service, Network Service, or a custom domain/local account).
    3. Verify required user rights in Local Security Policy / Group Policy The error is typically caused by Group Policy removing a required right from the service account. A known example is when the Create global objects right is not granted.
      • Open secpol.msc (Local Security Policy) on the server.
      • Go to Local Policies → User Rights Assignment.
      • Check that the service account used by Diagnostic Service Host is included where required, in particular for rights such as Create global objects if the service requires it.
      • If domain Group Policy is managing these settings, review the effective GPOs that configure User Rights Assignment and ensure they do not remove necessary rights from built-in service accounts.
    4. Align with known cause pattern
      • A similar error is documented for FAST Search Server when Group Policy does not have the Create global objects policy set for the service account. The resolution there is to ensure the service account includes the Create global objects user right.
      • Apply the same principle: ensure the Diagnostic Service Host service account has all required rights (especially Create global objects) via Local Security Policy or Group Policy.
    5. Apply changes and test
      • After adjusting user rights, run gpupdate /force (if using Group Policy) or restart the server.
      • Start Diagnostic Service Host from services.msc and confirm it starts without logging Event ID 7000.

    If the issue persists after confirming the service account and restoring required user rights, review any recent GPO changes that might have tightened User Rights Assignment or service logon rights and revert or adjust them accordingly.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.