SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


exec master.dbo.xp_cmdshell


exec master.dbo.xp_cmdshell

Author
Message
LOOKUP_BI-756009
LOOKUP_BI-756009
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1801 Visits: 1485
Ermm Its been working all this while but for some reason it has stopped working for only 1 of our environment.

Even executing exec master.dbo.xp_cmdshell 'dir c:\*.txt' brings following error mssg
Msg 15121, Level 16, State 10, Procedure xp_cmdshell, Line 1
An error occurred during the execution of xp_cmdshell. A call to 'CreateProcessAsUser' failed with error code: '1314'.


Here is what I have confirmed so far
1) select * from sys.configurations = xp_cmdshell value is 1 (in column value, value_in_use, maximum)
2) The ##xp_cmdshell_proxy_account## uses a Domain Service Account . This Service Account is part of the Local Administrator group and has the following user rights permissions
•Act as part of the operating system.
•replace process level token.
•Log on as a batch job.
3) I have restarted the instance and still no luck
4) I am a sysadmin but was executing the above as a non admin user, the same user that runs this command through a job every night.
5) Executing the above as a sysadmin works perfectly fine

I think this is for sure a permission problem but not sure what else to check for ?
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)

Group: General Forum Members
Points: 223358 Visits: 42003
LOOKUP_BI-756009 (12/13/2012)
Ermm Its been working all this while but for some reason it has stopped working for only 1 of our environment.

Even executing exec master.dbo.xp_cmdshell 'dir c:\*.txt' brings following error mssg
Msg 15121, Level 16, State 10, Procedure xp_cmdshell, Line 1
An error occurred during the execution of xp_cmdshell. A call to 'CreateProcessAsUser' failed with error code: '1314'.


Here is what I have confirmed so far
1) select * from sys.configurations = xp_cmdshell value is 1 (in column value, value_in_use, maximum)
2) The ##xp_cmdshell_proxy_account## uses a Domain Service Account . This Service Account is part of the Local Administrator group and has the following user rights permissions
•Act as part of the operating system.
•replace process level token.
•Log on as a batch job.
3) I have restarted the instance and still no luck
4) I am a sysadmin but was executing the above as a non admin user, the same user that runs this command through a job every night.
5) Executing the above as a sysadmin works perfectly fine

I think this is for sure a permission problem but not sure what else to check for ?



Have you checked the user to make sure that it still has privs to execute xp_CmdShell?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)

Group: General Forum Members
Points: 223358 Visits: 42003
Shifting gears, jobs can be executed as "SA". Why do you have a user capable of running xp_CmdShell.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
LOOKUP_BI-756009
LOOKUP_BI-756009
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1801 Visits: 1485
Its a huge complicated SSIS package that makes calls to many different database's and calls to other applications. It is scheduled as a job and SQL Agent Service executes this job every night. Within the job all connections are made using a non admin account, so when a call is made to execute xp_cmdshell the non admin account uses the proxy account which belongs to the SQL Service Account credentials. This is how its been setup.
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)SSC Guru (223K reputation)

Group: General Forum Members
Points: 223358 Visits: 42003
According to what I've found on Google, your error is a privs problem for a non-SA account. If it's been running fine for years and suddenly quit like you say, then there's a very high probability that, somewhere and somehow, someone changed the privs for the related account or for the SQL Agent account.

Sorry I can't offer much more than that. You may have to more closely isolate where the problem is happening and simply deduce where the privs changes occured (for whatever reason) from what occurs in the code or the SSIS package nodes.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
LOOKUP_BI-756009
LOOKUP_BI-756009
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1801 Visits: 1485
Restarting the server fixed the problem. Did not change anything, still not sure how that happend. Thank You
Orlando Colamatteo
Orlando Colamatteo
SSC-Forever
SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)

Group: General Forum Members
Points: 41774 Visits: 14413
LOOKUP_BI-756009 (12/17/2012)
Restarting the server fixed the problem. Did not change anything, still not sure how that happend. Thank You

I had this issue many many times on SQL 2005 SP4 running on Server 2003 and it beyond frustrating because I was never able to determine the root cause. In my case dropping the proxy and recreating it using sp_xp_cmdshell_proxy_account always did the trick.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search