on 10-05-2011 3:30 PM
Hello,
I am encountering an error when trying to start a service from SAP. The service in question cannot run unless SAP is up so if the application is brought down the 3rd party service needs to be restarted manually. I wanted to setup a job that would call the start service command when the SAP system came online. The authorization error does show up in the Windows Security log and I have made sure that the SAPSERVICESID is set as an administrator. I can log in as SAPSERICESID and run the command directly or when it is in a batch file (.bat). I have tried to execute this against other services and I have gotten the same error.
Has anyone started a service before from within SAP using SM49/SM69?
OS:
Windows Server 2003
Command:
net start "sabrix basic connection"
Error Return:
System error 5 has occurred.
Access is denied.
External program terminated with exit code 2
Thank you,
Thomas
> The authorization error does show up in the Windows Security log and I have made sure that the SAPSERVICESID is set as an administrator.
This is a high security breach, you're opening the full system. Someone can create an external command and delete parts of the operating system.
> I can log in as SAPSERICESID and run the command directly or when it is in a batch file (.bat).
SAPService<SID> should not be allowed interactive logons.
> I have tried to execute this against other services and I have gotten the same error.
> Has anyone started a service before from within SAP using SM49/SM69?
Does this user have the following permissions:
- act as part of the operating system
- start as batch program
- allow interaction with the desktop
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Markus,
Thanks for responding back to me so quickly. Setting the SAPSERVICESID was done temporarily in this sandbox environment to test and see if it had enough rights to execute the command. I was intending to revert this back once I could determine where the issue was.
- act as part of the operating system
Yes, in the local security policy
- start as batch program
Yes, in the local security policy "Log on as a batch job"
- allow interaction with the desktop
Enabled this when the service was set to a local system account, but did not work
Thank you,
Thomas
Edited by: Thomas Wagner on Oct 5, 2011 4:48 PM
Hello,
Please check note
1152084 Parameter for external commands
regards,
John Feely
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.