Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912

    Unanswered: xp_cmdshell proxy account

    Hi

    I am unable to set this on two of our servers, yet I can for all others.
    Code:
    EXEC master.dbo.sp_xp_cmdshell_proxy_account 'Domain\Loggy', 'PassyWordles';
    result:
    Code:
    Msg 15137, Level 16, State 1, Procedure sp_xp_cmdshell_proxy_account, Line 1
    An error occurred during the execution of sp_xp_cmdshell_proxy_account. Possible reasons: the provided account was invalid or the '##xp_cmdshell_proxy_account##' credential could not be created. Error code: '5'.
    I can execute this fine, but I think SQL Server does not validate the account on creation:
    Code:
    CREATE CREDENTIAL ##xp_cmdshell_proxy_account## WITH IDENTITY = 'Domain\Loggy', SECRET = 'PassyWordles'
    If I attempt to execute xp_cmdshell with the above I get the message:
    Code:
    Msg 15121, Level 16, State 200, Procedure xp_cmdshell, Line 1
    An error occurred during the execution of xp_cmdshell. A call to 'LogonUserW' failed with error code: '1385'.
    OS Error 1385 means: "Logon failure: the user has not been granted the requested logon type at this computer."

    This is not a problem with the account: copied and pasted the above works fine on a number of other servers. I suspect it is to do with the OS, but I am not certain. All security is managed by group policy.

    Succeeds on:
    SQL Server 2008 R1 on Windows 2008 R2
    SQL Server 2008 R1 on Windows 2003
    SSQL Server 2005 on Windows 2003

    Fails on:
    SQL Server 2008 R1 on Windows 2008 R1

    Does anyone have any thoughts please?
    Testimonial:
    pootle flump
    ur codings are working excelent.

  2. #2
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,799
    Provided Answers: 11
    So, upgrade to Windows 2008 R2. ;-)

    You may have checked, but I don't see it specifically put in your post, are there any local policies? Or is this machine excluded from the policies you think should be applied to it?

    Oh, and is the login in question a member of any local groups on the machines that it is working on, and not a member of those groups on the "broken" machine?

  3. #3
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    Q1: I am told not.
    Q2: Not TNK - I will check.
    Q3: No, again not TMK.

    Unfortunately, I have full control of the boxes that work fine, but not these two.
    Testimonial:
    pootle flump
    ur codings are working excelent.

  4. #4
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    I am guessing it is "log on as batch job" that it is excluded from on the machines.

    By "guessing" I mean "I read it here":
    Troubleshooting xp_cmdshell failures - CSS SQL Server Engineers - Site Home - MSDN Blogs
    Testimonial:
    pootle flump
    ur codings are working excelent.

  5. #5
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,799
    Provided Answers: 11
    Check the security log on the machine. You should see a login failure. The login type number will tell you more.

    Logon Type Codes Revealed

  6. #6
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    Setting "log on as batch job" via GPO sorted it out. Woo Hoo!
    Testimonial:
    pootle flump
    ur codings are working excelent.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •