Hi guys,
I have a Windows 2000 machine where we have had to log the ProIV Service on as a different account due to there being more than one version of Oracle Client installed.
I created an Account called ServiceProIV and made it a member of "administrators".
I set the local policy to state it can logon locally and logon as a service.
This allowed me to set to the local environment for it to use the right Oracle Client.
This all works fine and connects to the environment all succesfully.
I now created a local user account eg BaTClient with a password and made it a member of "Users".
When I try and do a bus and task connection and found that the BaTClient System Username and System Password is being being told it is invalid.
Yet I can log onto the machine succesfully.
If I switch the service account back to use the LocalSystem and try the B&T again it now states it is valid.
So the question is what else is needed to allow the Service to authenticate the userid when the service is logged on as something other than LocalSystem?
Thanks for any help
Sean
Click the link below to see the new game I'm developing!
17 replies to this topic
#3
Steve Kiernan
-
- Members
-
- 87 posts
Advanced
- Gender:Male
- Location:United Kingdom
- Interests:writing wonderful, professional, windows compliant systems in PROIV. Or not.
Posted 22 September 2006 - 08:04 AM
Don't understand this unhelpful reply. What are you referring to? You're not even brave enough to identify yourself coward!Come on you two - you have to help others out.
You two ONLY ask questions and NEVER provide answers.
Tis always better to give than receive.
#4
Rob_Stebbens
-
- Members
-
- 30 posts
Member
- Gender:Male
Posted 22 September 2006 - 08:56 AM
Steve,Don't understand this unhelpful reply. What are you referring to? You're not even brave enough to identify yourself coward!Come on you two - you have to help others out.
You two ONLY ask questions and NEVER provide answers.
Tis always better to give than receive.
I think our guest might be refering to the "alleged" high ratio of questions to answers being posted by yourselves at PDS. In fact asking this question only increases that assumed ratio.
#5
Steve Kiernan
-
- Members
-
- 87 posts
Advanced
- Gender:Male
- Location:United Kingdom
- Interests:writing wonderful, professional, windows compliant systems in PROIV. Or not.
Posted 22 September 2006 - 09:11 AM
Somebody call a nurse - my sides have just split.
We ask questions when we want to, and we answer questions when we can.
I wasn't aware anything we did was illegal. Now where's that smiley with a raised middle finger?
We ask questions when we want to, and we answer questions when we can.
I wasn't aware anything we did was illegal. Now where's that smiley with a raised middle finger?
#6
Rob Donovan
-
- Admin
-
- 1,652 posts
rob@proivrc.com
- Gender:Male
- Location:Spain
Posted 22 September 2006 - 09:23 AM
Hi,
There is no requirement for anyone to answer any questions on this forum.
You ask what you want, and answer what you want......
Rob.
There is no requirement for anyone to answer any questions on this forum.
You ask what you want, and answer what you want......
Rob.
#7
Steve Kiernan
-
- Members
-
- 87 posts
Advanced
- Gender:Male
- Location:United Kingdom
- Interests:writing wonderful, professional, windows compliant systems in PROIV. Or not.
Posted 22 September 2006 - 09:38 AM
So, back to the original question, is there anybody out there who can help - any help is very much appreciated.Hi guys,
I have a Windows 2000 machine where we have had to log the ProIV Service on as a different account due to there being more than one version of Oracle Client installed.
I created an Account called ServiceProIV and made it a member of "administrators".
I set the local policy to state it can logon locally and logon as a service.
This allowed me to set to the local environment for it to use the right Oracle Client.
This all works fine and connects to the environment all succesfully.
I now created a local user account eg BaTClient with a password and made it a member of "Users".
When I try and do a bus and task connection and found that the BaTClient System Username and System Password is being being told it is invalid.
Yet I can log onto the machine succesfully.
If I switch the service account back to use the LocalSystem and try the B&T again it now states it is valid.
So the question is what else is needed to allow the Service to authenticate the userid when the service is logged on as something other than LocalSystem?
Thanks for any help
Sean
#8
Fred Marker
-
- Members
-
- 82 posts
Advanced
- Gender:Male
- Location:Columbus, Ohio, United States
Posted 22 September 2006 - 11:47 AM
We don't use B&T so I am not familiar with its precise requirements.Hi guys,
I have a Windows 2000 machine where we have had to log the ProIV Service on as a different account due to there being more than one version of Oracle Client installed.
I created an Account called ServiceProIV and made it a member of "administrators".
I set the local policy to state it can logon locally and logon as a service.
This allowed me to set to the local environment for it to use the right Oracle Client.
This all works fine and connects to the environment all succesfully.
I now created a local user account eg BaTClient with a password and made it a member of "Users".
When I try and do a bus and task connection and found that the BaTClient System Username and System Password is being being told it is invalid.
Yet I can log onto the machine succesfully.
If I switch the service account back to use the LocalSystem and try the B&T again it now states it is valid.
So the question is what else is needed to allow the Service to authenticate the userid when the service is logged on as something other than LocalSystem?
Thanks for any help
Sean
However, it may be helpful to know some additional information.
What version of ProIV kernel?
What version of ProIV client?
Which user account installed the ProIV kernel?
Which user account installed the ProIV client?
There are settings in the Kernel's pro4.ini which requires that the ProIV user (in the PIV) match a local user account on the server: Such as the following:
[ENVIRONMENT]
USERNAME_VALIDATE=Y
USER_DOMAIN=
LOGONTYPE=INTERACTIVE
Can you provide any additional details of the local accounts, proiv user and exact "invalid" messages?
#10
Guest_Guest_*
Guest_Guest_*
-
- Guests
Posted 23 September 2006 - 07:27 AM
Found itSomebody call a nurse - my sides have just split.
We ask questions when we want to, and we answer questions when we can.
I wasn't aware anything we did was illegal. Now where's that smiley with a raised middle finger?
#12
sean.graves
-
- Members
-
- 15 posts
Member
- Gender:Male
Posted 25 September 2006 - 09:55 AM
Hi Fred,
Thanks for any help you can give me :-)
Here are my extra details that I forgot to include on the original post.
What version of ProIV kernel?
ProIV 5.5 r345
What version of ProIV client?
MFC Build 524
Which user account installed the ProIV kernel?
ServiceProIV
Which user account installed the ProIV client?
ServiceProIV
There are settings in the Kernel's pro4.ini which requires that the ProIV user (in the PIV) match a local user account on the server: Such as the following:
We have not set any of the following environment keywords as we use the default
[ENVIRONMENT]
USERNAME_VALIDATE=Y
USER_DOMAIN=
LOGONTYPE=INTERACTIVE
Can you provide any additional details of the local accounts, proiv user and exact "invalid" messages?
Local User Account called "ServiceProIV" ( used for the service ).
ServiceProIV is a member of "Administrators" ( have also tried with all security added Power users, users etc ).
Local User Account called "BaTClient" ( used for bus and task authentication ).
BaTClient is a member of "Users".
We install our software and proiv into a folder structure like so
\\Pro50
The entire base folderfolder has the following security added
Administrators Full Access
ServiceProiv Full Access
BaTClient Full Access
The Pro50 folder has one extra security of SYSTEM
Administrators Full Access
ServiceProiv Full Access
BaTClient Full Access
SYSTEM Read & Execute, List Folder COntents & Read
Error from ProIV Bus and Task API
Procedure happens during the call to p4OpenPro4
StatusCode=30
FailReason=97
SubError=97
I have ran a full trace all and noticed in the log
2f0:GetProIVProfileString: [Environment] USERNAME_VALIDATE = '' -- not found
2f0:getprofile: 'USERNAME_VALIDATE', returning '< null >'
2f0:GetProIVProfileString: [Environment] USER_DOMAIN = '' -- not found
2f0:getprofile: 'USER_DOMAIN', returning '< null >'
2f0:GetProIVProfileString: [Environment] LOGONTYPE = '' -- not found
2f0:getprofile: 'LOGONTYPE', returning '< null >'
2f0:doValidateLoginInfo:', LogonType=2 failed:
A required privilege is not held by the client. (0x522)
2f0:doValidateLoginInfo: error:
Incorrect username or password:
A required privilege is not held by the client. (0x522)
2f0:p4bdNewSession: System username/password incorrect:
2f0:
Incorrect username or password:
A required privilege is not held by the client. (0x522)
I have attached the log in full incase there is anything someone can spot.
What "privilege" is required and which user?
I assume this is refering to the account that the proiv service is logged into?
Now if I tell the services the Pro32srv service to logon as LocalSystem all works fine.
So there must be a trick I am missing when setting the proiv service to logon as a different user.
Thanks again for any help.
Sean
Thanks for any help you can give me :-)
Here are my extra details that I forgot to include on the original post.
What version of ProIV kernel?
ProIV 5.5 r345
What version of ProIV client?
MFC Build 524
Which user account installed the ProIV kernel?
ServiceProIV
Which user account installed the ProIV client?
ServiceProIV
There are settings in the Kernel's pro4.ini which requires that the ProIV user (in the PIV) match a local user account on the server: Such as the following:
We have not set any of the following environment keywords as we use the default
[ENVIRONMENT]
USERNAME_VALIDATE=Y
USER_DOMAIN=
LOGONTYPE=INTERACTIVE
Can you provide any additional details of the local accounts, proiv user and exact "invalid" messages?
Local User Account called "ServiceProIV" ( used for the service ).
ServiceProIV is a member of "Administrators" ( have also tried with all security added Power users, users etc ).
Local User Account called "BaTClient" ( used for bus and task authentication ).
BaTClient is a member of "Users".
We install our software and proiv into a folder structure like so
The entire base folderfolder has the following security added
Administrators Full Access
ServiceProiv Full Access
BaTClient Full Access
The Pro50 folder has one extra security of SYSTEM
Administrators Full Access
ServiceProiv Full Access
BaTClient Full Access
SYSTEM Read & Execute, List Folder COntents & Read
Error from ProIV Bus and Task API
Procedure happens during the call to p4OpenPro4
StatusCode=30
FailReason=97
SubError=97
I have ran a full trace all and noticed in the log
2f0:GetProIVProfileString: [Environment] USERNAME_VALIDATE = '' -- not found
2f0:getprofile: 'USERNAME_VALIDATE', returning '< null >'
2f0:GetProIVProfileString: [Environment] USER_DOMAIN = '' -- not found
2f0:getprofile: 'USER_DOMAIN', returning '< null >'
2f0:GetProIVProfileString: [Environment] LOGONTYPE = '' -- not found
2f0:getprofile: 'LOGONTYPE', returning '< null >'
2f0:doValidateLoginInfo:
A required privilege is not held by the client. (0x522)
2f0:doValidateLoginInfo: error:
Incorrect username or password:
A required privilege is not held by the client. (0x522)
2f0:p4bdNewSession: System username/password incorrect:
2f0:
Incorrect username or password:
A required privilege is not held by the client. (0x522)
I have attached the log in full incase there is anything someone can spot.
What "privilege" is required and which user?
I assume this is refering to the account that the proiv service is logged into?
Now if I tell the services the Pro32srv service to logon as LocalSystem all works fine.
So there must be a trick I am missing when setting the proiv service to logon as a different user.
Thanks again for any help.
Sean
Attached Files
-
ProIV.LOG.txt 27.68KB
223 downloads
#15
Guest_Guest_*
Guest_Guest_*
-
- Guests
Posted 25 September 2006 - 04:13 PM
Fred,
The local username BaTClient is the system username & password you have to give the ProIV API for authentication, not the ProIV Environment.
We use the environment ENVBATCLIENT which is defined in the [Environment Names] section.
We disable the starting of a client with our connection to the proivapi.
Our bus and task makes the connection as follows:
Machine=myserver
Port=0
Secure=0
Environment=ENVBATCLIENT
SystemUserId=BaTClient
SystemPassword=bat
OperatorId=TSK
OperatorPassword=SYS
CompanyDivision=PDS
As my connection works whilst it is a LocalSystem account there must be an extra privalige required for my ServiceProIV user to let ProIV authenticate usernames on Windows NT?
The local username BaTClient is the system username & password you have to give the ProIV API for authentication, not the ProIV Environment.
We use the environment ENVBATCLIENT which is defined in the [Environment Names] section.
We disable the starting of a client with our connection to the proivapi.
Our bus and task makes the connection as follows:
Machine=myserver
Port=0
Secure=0
Environment=ENVBATCLIENT
SystemUserId=BaTClient
SystemPassword=bat
OperatorId=TSK
OperatorPassword=SYS
CompanyDivision=PDS
As my connection works whilst it is a LocalSystem account there must be an extra privalige required for my ServiceProIV user to let ProIV authenticate usernames on Windows NT?
Reply to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
Click the link below to see the new game I'm developing!
