I'm trying to run an WQL query(SELECT * FROM MSBTS_SendPort) on an BizTalk host but when I run this query in my console application on an remote primary BizTalkHost I get an COMException who says "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
If I run the same console application on the primary BizTalkHost then everything works.
I'm issueing an double-hop authentication issue, so therefore what I want will never work. See this link for more information. My workaround for this issue is to create an wcf-webservice on an biztalk host and let the wcf service handle the WMI query.
If you want to use powershell for remote biztalk administration look at this link.
Looks you execute the query on the remote machine as a anonymous user - you have to be in the user context of a user that is authorized to read from the BizTalk Management database.
You could start with trying to run the console application on the remote machine using "run as" and enter the credentials that you probably login as on the BizTalk machine.
If that works you should start looking to impersonation a different user in you code.
Related
I am currently attempting to create a user in an ASP.NET MVC application using the System.Management.Automation.Runspaces.Command with a remote Runspace using Kerberos authentication with a service account. Currently when I attempt to execute the command on the development server the command executes successfully, however when attempting to execute the command on the live web server I receive the following message
“Connecting to remote server echange-server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting”
On both the live and debug server I can enter a remote PowerShell session with Enter-PSSession. I feel as if this is a Kerberos hop issue on the live server. But I’m unsure of what SPNs would need to be configured for Kerberos to work properly for powershell. Thank you.
I think that remote powershell isn´t enabled for the taskuser you are using, which will explain the "Access is denied.". Try to enable that via (as written in the MS documentation here) via:
set-user <your user account> -RemotePowerShellEnabled $True
Another useful source to troubleshoot your issue is the MS documentation here.
I wrote Windows Service in C# to get data from Excel and Access tables. Everything works fine until I try to get data from remote database through VPN connection:
ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] The Microsoft Access database
engine cannot open or write to the file '(unknown)'. It is already opened exclusively
by another user, or you need permission to view and write its data.
Driver is ODBC.
The answer is in the error message. It's not very helpful but is completely accurate.
It's likely that your service is running as a user that does not have the needed permissions to the file, or that the ODBC connection is supplying the credentials and they are wrong or missing.
You can debug your service by opening the project in Visual Studio and selecting Debug->Attach To Process and selecting your service. You can then step through it and see exactly what is failing and what login credentials are being used when it happens.
Note that the default credentials for Windows Services do not have rights to anything on other machines, so that would be a good place to start.
If you can open it across the VPN from MS Access, but not your service, that narrows it down quite a bit.
I can successfully run my jobs (that need access to an Sql Server database) when I run the Quartz.NET server in dev environment (Visual studio). But when I install the project as a Windows service, I get a login failed error to the database in my job. I have also allowed my service to interact with the desktop.
What am I not setting correctly?
You should check the Windows account your service is running under. Most probably it hasn't got the privileges to connect to your SQL Server, or to access the database. Basically, you have two choices:
Configure your service to run under an account that has a corresponding login in your SQL Server instance.
Add the account as a login in your SQL Server instance.
My PC is in Domain A and a remote server in Domain B, I want to restart a service on server from my PC using c# or any other language or script.
Notes:
I am connected to the server via VPN that means i can manually RDP the server and can manually restart the service.
I am not able to access services on server using connect to other computer under action button from local services window.
I have admin rights to the server.
I can't(not allowed) add any component to server.
I have different set of credentials for Remote machine
You should first try the sc command to make sure you're able to start that service remotely using the current permissions and credentials. If that works, take a look at System.ServiceProcess.ServiceController.
When you say you're an admin on the remote machine, I'm assuming that means you're logging in with different credentials. I don't believe either of those will allow you to use alternate credentials -- i.e., the commands will execute with Domain A privileges and those privileges are most likely insufficient for what you're trying to do.
Can you use a batch file? I usually use something like this:
NET USE \\computername\IPC$ /U:domainname\username password
SC \\computername START service
We are using the ServiceController object to query if our Service is running or not. Our web application that is performing the query is using Impersonation for security/login.
System.ServiceProcess.ServiceController sc = new System.ServiceProcess.ServiceController("myService");
return sc.Status
Using an Administrator account, the query is successful. Using a limited account (non-administrator), the query is failing with a message of "Service myService was not found on computer '.'"... BUT it is only failing in Windows Server 2003 and not in Windows XP.
I've Googled it and checked in MSDN. I didn't find anything related to the usage of ServiceController in Windows Server 2003.
Any ideas?
EDIT: If there is a way to query the service status without using the ServiceController that doesn't involve "security" privileges, that might work for us. We just need to get the status of the service.
UPDATE:
I created a simple console application that will print the status of the service. I used the "runas" command to run the application using both the Administrator and Non-Administrator account. It both worked in Windows Server 2003... Which means that this is an issue of the privilege not being properly passed to the ServiceController call in the web application? IIS security stuff perhaps?
Thanks!
I thought that web app-s are supposed to be run in a sandbox. Allowing access to the service running on local computer isn't really what you should do, because of security issues.
Maybe you could tell us what you want to do and there is another solution?