Keep Getting "Error 1314 from CreateProcessAsUser" When Calling xp_cmdshell
- From: Jay Chan <jaykchan@xxxxxxxxxxx>
- Date: Wed, 9 Sep 2009 07:08:20 -0700 (PDT)
We have a stored procedure that uses xp_cmdshell to call an external
program. It works fine for many years in all three of our database
servers. Last week we implemented Group Policy in our network to
tighten up network security, and that stored procedure cannot call
xp_cmdshell any more in two of the three database servers. When it
calls xp_cmdshell in those two database servers, it will get this
error message:
xpsql.cpp: Error 1314 from CreateProcessAsUser on line 504
Strangely it continues working fine in the database server in
headquarter. This problem only occurs in the database servers in
branch offices. I have checked the following settiings in all three
servers, and they have the same settings as the following:
1. Has granted EXEC right on xp_cmdshell to the SQL user account (let
say 'UserABC').
2. Has assigned a valid proxy account to SQL agent (and then assigned
again
just to be in the safe side). It is like this:
exec master..xp_sqlagent_proxy_account N'SET', N'MyDomain',
N'UserPower', N'12345'
Has used the following SQL statement to make sure the proxy
account is set:
exec master..xp_sqlagent_proxy_account N'GET'
3. Has turned OFF this option:
"Only users with SysAdmin privileges can execute CmdExec and
ActiveScripting job steps"
I am sure that this has something to do with some settings in those
two servers for two reasons:
(a) One of the database server doesn't have this problem.
(b) At one point the program somehow started working in one of the
branch office for no apparent reason. Unfortunately, the problem
comes right back after I have reboot that database server.
The implementation of Group Policy also causes other problems (like
scheduled tasks could not start). But those other problems can be
easily fixed by re-entering the password. This one is hard to figure
out.
I have simplified everything down to one statement to demostrate the
problem. For example, this works:
isql /Usa /P1234 /n /Q "exec master..xp_cmdshell 'echo OK > C:
\Test.txt', no_output" /S DbSrv2
But this doesn't work:
isql /UUserABC /P1234 /n /Q "exec master..xp_cmdshell 'echo OK > C:
\Test.txt', no_output" /S DbSrv2
(note: UserABC doesn't have system-administrator access rights)
I cannot figure out what went wrong. Currently I get around with this
problem by assigning System Administrator access rights to the SQL
user account ('UserABC'). But I surely want a better solution.
Please help me to see if there is something that I should try.
Thanks.
Jay Chan
.
- Follow-Ups:
- Prev by Date: Re: Too many parameters in sp
- Next by Date: Re: Declare in a view
- Previous by thread: RE: Declare in a view
- Next by thread: Re: Keep Getting "Error 1314 from CreateProcessAsUser" When Calling xp_cmdshell
- Index(es):
Relevant Pages
|
