The system cannot ind the path specified.
-
Hi ,
The proxy username on one of my sql 2k sp4 servers has stopped working and I now get the following error when I issue an xp_cmdshell command
Msg 50001, Level 1, State 50001
xp_cmdshell failed o execute because CreateProcessAsUserW returns error 1314. please make sure the service account SQL Server running under has appropriate privilege. For more information, search Book Online for topic related to xp_sqlagent_proxy_accoun
When I try and change the proxy agent username I get the following error :-
Unable to set the QL Agent proxy account becouse of the reason listed below.
The system cannot ind the path specified.
Any one come across this one.
PS I have re-booted the server several times just on the safe side
Kevin
Kevin
-
did you change sqlserver service accounts ?
Johan
Learn to play, play to learn !Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:- How to post Performance Problems
- How to post data/code to get the best help[/url]- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
-
you are getting this from Query Analyzer?
Msg 50001 (Error Number) tells me that it is custom error. This is from some application?
-
Hi,
This is a standard MS error number. its coming QA and relates to the fact that my server will not validate the proxy account with the domain.
Kevin
Kevin
-
Hi Kevin, did you get a resolution?? I have the same issue on pretty much any server with sp4 on it. I have not changed service accounts, even a system where sql and agent services run as local admin have issue. I first set the proxy via the agent gui to the local administrator account, even though the gui threw the error 'cannot find the path specified' it has actually set the proxy. the xp_sqlagent_proxy_account N'GET' confirms this.
But I cannot change it to anything else now as it errors with same message re 'path' but this time the proxy login does not get changed....
I have tried a suggestion from another forum re creating a dir in c:\program files\...\mssql\binn\resources\1034 and copying sqlstbss.rll into it but no joy.
Can anyone assist here.
-
No I did not resolve the issue. I must admit i have given up and told the front end programmers to change there code.
I think the cmdshell is a major security hole so i am pleased it does not work
Kevin
Kevin
-
Kevin I have the solution and your just gunna love this one.
What you and I want to do is std stuff and should just work, be happy in the knowledge that neither you nor I are at fault here. This is a Microsoft bug fair and square and not even a KB article to cover it.
Ok seems like SP4 broke this and the way to solve it is (and I have tried it and it works) to:
1. logon as the account that starts the sql server service.
2. Set the regional settings for the login (start control panel) to use English United States. Yep thats right the world really revolves around this country
too bad if you set it as I did to correctly reflect Australia and ensure that the collation is correct etc. Anyway I digress3. stop and restart the SQL Server service.
4. Use agent gui or tsql proxy cmd to set to a suitable local or domain login that has the restricted privs you require.
5. Test the login has privs for whatever your calls to xp_cmdshell needs
6. Reset the region settings for the login again.
Remember that each time you want to change the proxy you must set the region to United states.
Hope this helps as it has me.
Oh by the way you must of course grant whatever sql login needs to execute xp_cmdshell the exec priv on the proc in master.
Regards,
Derek
-
I have my SQLserver running as system. So the logging in becomes a bit complicated and you have to restart the sql server.
This thread has an alternative option and you don't have to restart anything
http://www.sqlservercentral.com/forums/shwmessage.aspx?forumid=5&messageid=207227
-
Win2003, sqlserver 2005 sp4.
User cmdService service account for sqlserver.
User cmdProxy is the proxy I want to use for xp_cmdShell.
I've followed dharper3's suggestion and successfully setup the cmdProxy as the sql agent proxy using Query Analyser.
However, when non-sysAdmin user userXYZ us running a stub in Query Analyser that uses xp_cmdShell, I get the error:
Server: Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 33
EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo'.
I thought cmdProxy would take-over???
Is there any other permission I have to set. The region setting for cmdService user is still set to English (United States ) instead of the UK.
Any ideas?
Diwakar
--
-
Diwakar, as I mentioned in my last post you still need to grant exec permission to the proxy user (in your case cmdproxy) on the xp_cmdshell proc which is in database master. Once you grant exec to this user on that object all should work.
Derek
-
Thanks Derek,
I have not tried the fix yet but knowing MS it will work.
Thanks from
Auckland
NZ sorry USA
Kevin
-
-
Hi Derek,
cmdProxy has got exec permission on xp_cmdshell, as well as on xp_sqlagent_proxy_account.
The problem I think is that the when user userXYZ is running the T-SQL stub in Query Analyser, the xp_cmdshell is being executed under the context of userXYZ and NOT in the context of cmdProxy.
To test this, I specifically granted userXYZ exec permission on xp_cmdShell and the command worked - xp_cmdshell ran with userXYZ credentials.
When I removed exec permission on xp_cmdshell for userXYZ, I get this error now:
Server: Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 34
EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo'.
When I connect as cmdProxy and run the same stub, it works fine, but as the userXYZ, it errors.
Diwakar
--
-
Thats correct, all totally normal behaviour. If you schedule the job then all should work correctly.
-
Ok, I setup a job, and it failed.
Note, userXYZ is a domain user. The job wrote the following message to the event log:
The description for Event ID ( 208 ) in Source ( SQLAgent$<***> ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Test, 0xAFCECE11C943944A8C62B3F45D0D5E63, Failed, 2006-04-28 09:28:10, The job failed. Unable to determine if the owner (<DOMAIN>\userXYZ) of job Test has server access (reason: Could not obtain information about Windows NT group/user '<DOMAIN>\userXYZ'. [SQLSTATE 42000] (Error 8198))..
Diwakar
--
Viewing 15 posts - 1 through 15 (of 16 total)
You must be logged in to reply to this topic. Login to reply