cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Hook and Windows Server 2012

Go to solution
Former Member

on ‎10-28-2013 4:28 PM

0 Kudos

Hi @all,

i need to set up an environment for our customer and have big issues with the configuration of SAP Password Hook in Windows 2012.

I worked with the Configuration guide and checked all threads in SCN but couldnt find any help.

Situation is like this:

Domain Controller with Windows Server 2012 with installed PW-Hook (setup.exe) so the DSERT.exe is installed on the DC aswell.

I used the HookConfig.exe like this:

My first problem is, if i hit save to registry and try to hit read from registry later it is not set in the registry. I have to save the parameters in a congif.reg-file an open it afterwards so the entrys are set in the registry.

afterwards i can hit read from registry but the entrys are still empty. is this a problem with Windows Server 2012?

But at least they are placed in the registry.

The IC is placed on a seperate server. if i try the testhook.exe, the CSV-file is created correctly. Its the same if i try it by cmd commands. But if i change the password directly by the user nothing happens.

I am not sure if the hook is really running in the background. Normally (like i understand it) it has to be a windows service and run in the background. but i cant find a service that could be the PW-Hook.

In the configuration guide its said:

"The hook DLL is called MxPwdHook.dll, and should be installed in the Windows System directory.

If the DLL has been loaded at startup, it will be locked by the operating system. Try to rename the

DLL. If you are allowed to rename it, it has not been loaded. Remember to rename it back to

MxPwdHook.dll."

After i restarted the server (like 1000 times) i could always rename it, so thats a reason i think its not running, too.

I really hope anyone can help me fix this problem. Used so much time and effort till now.

Thanks for every advice.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-30-2013 2:16 PM
0 Kudos

Thanks a lot guys for your help. Didnt find the solution, but i am still trying.

@ Billy:

Problem is i cant find the service in the list, or better say i dont know the exact name and there is nothing in it with Passsword, MX_Password... or PWD..., so i expected theres no real service.

The idea with the complex passwords i try to figure out more at the moment. cause there was no generall password setting, so i created my own container. everything is different in windows 2012 so still need some time to figure out easy things.

@ Matt:

It is a 64-bit server so i used the 64  bit version of the hook. Why shoud i install the 32bit version too? i will try to install both later.

Like i described it, in a way i am writing to the registry but not by the normal method. (HookConfig.exe).

@Keith:

I thought i did. But maybe i need to check the system user again. gonna try it the next hours.

Text you back when i got any news and tried all your advices.

Thanks,Marcus

Show replies
Show replies
former_member2987
Active Contributor
‎10-30-2013 5:04 PM
0 Kudos

Marcus,

Only install the version of the hook that is applicable to your Operating System.

I've seen issues where people tried to install the 32 bit hook on a 64 bit server and had similar issues.

Are there any GPOs that would keep your service account from writing to the registry?

Matt

bxiv
Active Contributor
‎10-30-2013 5:44 PM
0 Kudos

Windows service names can be named anything as long as the exe they are pointed at work, so you can technically create one and just name it something that is useful for you to track.

Former Member
‎10-31-2013 2:40 PM
0 Kudos

But there is no exe to start the PasswortHook...its just the dll. And in my opinion thats not the way SAP expected to use the Hook. But this will be the last thing i will try.

At the moment i am checking the GPOs.

former_member2987
Active Contributor
‎11-01-2013 1:22 PM
0 Kudos

The only EXE is the test program.

Matt

Answers (4)

Answers (4)

Former Member
‎11-06-2013 4:01 PM
0 Kudos

Hey,

i finally made it.

In my situation the problem was the GPOs and that i had to start the HookConfig.exe as an Administrator.

Then the entries in the registry were all right. If i opened the Config suite afterwards the parameters were set right and it wasnt like that before.

If anyone needs some help with configuration of Password Hook under Windows Server 2012 feel free to ask.

Thanks a lot for all your help and advises.

Marcus

Show replies
Show replies
bxiv
Active Contributor
‎11-06-2013 5:50 PM
0 Kudos

Is it a GPO or is it UAC if you have to run it as an Administrator?  Or do you have a policy enforcing UAC on the server?

Former Member
‎11-07-2013 9:21 AM
0 Kudos

Hi Billy,

i deactivated the GPOs and started the HookConfig.exe as an Administrator (right Klick + run as admin). I changed nothing in the UAC.

in my situation it was a big system configured by the customer before. So if u install a new and "empty" Windows Server 2012 on the DC maybe you dont have to deactivate the GPOs. There were about 90 GPOs and i was afraid they stop me from saving in the registry, like Matt said.

Back to the UAC i dont exactly know what the customer changed in the UAC before, but i expect nothing special.

Marcus

bxiv
Active Contributor
‎11-07-2013 12:44 PM
0 Kudos

I don't have a 2012 server at my disposal to verify, but for Vista/7/2008 R2 the UAC setting is what controls having to right click and select the 'Run as Administrator' (Windows attempt to be more like *nix IMO), if you set the bar to not running you will not be forced to run something as the administrator if you are already a part of the administrators group.

The quickest way I know how to pull up the UAC (without googling for it):  msconfig > tools > Change UAC Settings > Launch

Here is what I have set on my work Windows 7 VM and don't have to select any Run as administrator options:

Also on a final thought for others to know about also, you should also be able to set a compatibility mode for the exe: Right click > properties > Compatibility > Privilege level > check the box for Run this program as an administrator  OR Right click > properties > Compatibility > Change settings for all users > Privilege level > check the box for Run this program as an administrator

I'm also making the assumption that M$ didn't change that from 2008 R2 to 2012 or future versions of Windows Server.

keith_zhang
Active Participant
‎10-30-2013 5:36 AM
0 Kudos

Hello Marcus,

If TestHook.exe works fine, it is also probably caused by the user environment. Have you also checked this as described in the last "Symptom" of section 5 in the configuration guide?

BR, Keith

Show replies
Show replies
former_member2987
Active Contributor
‎10-28-2013 6:50 PM
0 Kudos

Marcus,

Is this is  32 bit or 64 bit server?  Are you using the correct PW Hook version for your server?  You should have install procedures for both types.

If you're not writing correctly to the registry, this might be your issue.

Matt

Show replies
Show replies
bxiv
Active Contributor
‎10-28-2013 6:26 PM
0 Kudos

Do you have complex passwords enabled as one of the pre-reqs for password hook?

Can you force setup a service using the 'sc' command from the cmd prompt so a service is running on startup and locking the file?

Show replies
Show replies
Ask a Question