Can start SQL server engine through WFC role configured as a shared instance
I'm using SQL 2012 and Windows 2012 Server. After 3 days of investigation I've figured out that SQL Server role can be started because of GPO with the following configuration have been applied:
Audit object access.
It doesn't matter the value you set for the mentioned option and it's not event matter if comes from GPO or local security policies the result is the same, you can 't start SQL Engine service under domain account.
Domain account have all necessary User rights, like:
Act as part of the operating system
Adjust memory quotas for a process
Generate security audits
Increase a process working set
Increase scheduling priority
Lock pages in memory
Log on as a batch job
Log on as a service
Manage auditing and security log
Perform volume maintenance tasks
Replace a process level token
So maybe anybody have experienced the same behavior and have better solution, rather then turning off mentioned policy on SQL nodes.
Thanks in advance.