cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SM49/SM69 Windows Service Start

Go to solution
Former Member

on ‎10-05-2011 3:30 PM

0 Kudos

Hello,

I am encountering an error when trying to start a service from SAP. The service in question cannot run unless SAP is up so if the application is brought down the 3rd party service needs to be restarted manually. I wanted to setup a job that would call the start service command when the SAP system came online. The authorization error does show up in the Windows Security log and I have made sure that the SAPSERVICESID is set as an administrator. I can log in as SAPSERICESID and run the command directly or when it is in a batch file (.bat). I have tried to execute this against other services and I have gotten the same error.

Has anyone started a service before from within SAP using SM49/SM69?

OS:

Windows Server 2003

Command:

net start "sabrix basic connection"

Error Return:

System error 5 has occurred.

Access is denied.

External program terminated with exit code 2

Thank you,

Thomas

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

markus_doehr2
Active Contributor
‎10-05-2011 3:36 PM
0 Kudos

> The authorization error does show up in the Windows Security log and I have made sure that the SAPSERVICESID is set as an administrator.

This is a high security breach, you're opening the full system. Someone can create an external command and delete parts of the operating system.

> I can log in as SAPSERICESID and run the command directly or when it is in a batch file (.bat).

SAPService<SID> should not be allowed interactive logons.

> I have tried to execute this against other services and I have gotten the same error.

> Has anyone started a service before from within SAP using SM49/SM69?

Does this user have the following permissions:

- act as part of the operating system

- start as batch program

- allow interaction with the desktop

Markus

Show replies
Show replies
Former Member
‎10-05-2011 3:46 PM
0 Kudos

Hello Markus,

Thanks for responding back to me so quickly. Setting the SAPSERVICESID was done temporarily in this sandbox environment to test and see if it had enough rights to execute the command. I was intending to revert this back once I could determine where the issue was.

- act as part of the operating system

Yes, in the local security policy

- start as batch program

Yes, in the local security policy "Log on as a batch job"

- allow interaction with the desktop

Enabled this when the service was set to a local system account, but did not work

Thank you,

Thomas

Edited by: Thomas Wagner on Oct 5, 2011 4:48 PM

Answers (1)

Answers (1)

former_member189546
Active Contributor
‎10-07-2011 2:22 PM
0 Kudos

Hello,

Please check note

1152084 Parameter for external commands

regards,

John Feely

Show replies
Show replies
Former Member
‎10-21-2011 8:11 PM
0 Kudos

Thanks for everyone's help. I found this MS KB article that details how to grant permissions to a service so that the "net start" command can be issued.

[http://support.microsoft.com/kb/325349]

Appreciated,

Thomas

Ask a Question