At $employer we have a customer trying to run NiFi on Windows 2012 server. We have helped them configure it as a windows startup task using the Task Scheduler. I realise this may be more of a ServerFault question but there's nothing much about NiFi on there.
When this is run as user with local admin rights, it runs perfectly. When run with the user created specifically for this service (with the required "Run as a batch" permission), it starts up and then promptly shuts down with a permission denied error on a TCP connect.
Is there a specific Windows permission that is needed for NiFi to run as a batch and listen on TCP ports?
On *nix systems, if the TCP port is below 1024, you need to run as root. I am not sure if this applies to Windows systems as well (surprisingly little documentation to answer this common question directly), but that could be the cause -- when run as an Administrator this works; when run as another user it fails. Can you share the explicit error you get from the nifi-bootstrap.log and/or nifi-app.log files?
Related
I have a windows 16 machine on AWS. I installed Cygwin on it so that I can connect it as a jenkins slave. But once I connected it as a slave, I am NOT able to MSTSC/RDP into the machine. I can still access the machine via ssh/cygwin.
( I repeated the process several times and ended up losing rdp connectivity everytime )
This is what is actually happening now :
The EventLogs on machine are saying that logoff instructions are being initiated by the RDP client.
RDP client is saying "The disconnection was initiated by the user logging off their session on the server"
Visually, if seems like the remote connection was setup for a split second. Then it vanishes.
So, I believe that somehow my Administrator account is not able to maintain the session. It's getting disconnected as soon as it connects.
Can you suggest me which settings should I debug into ? I am able to extract a few details from my machine using ssh, but I can't explore all the settings.
If you are familiar with this behaviour please suggest me what settings might be reponsible for this.
Addition info:
If I restart my ec2 , it will never come back because a status check starts failing
I am able to telnet to 3389 port. So I guess, firewall rules are not an issue.
I have tried various RDP clients, on MAC as well as on Windows.
I found this in event log (ProviderName: Microsoft-Windows-RemoteDesktopServices-RdpCoreTS) on my remote windows machine:
5/10/2019 3:13:44 PM 103 Information The disconnect reason is 12
.
.
.
5/10/2019 3:13:43 PM 228 Warning Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0xc], Error code:0xC
It turns out the my problem was occuring due to some cleanup utility deleting up the system files required for mstsc.
Everything started working fine after I switched off the cleanup utility.
Thanks for the help though.
We have a software that needs to get password to be initialized. Software is running on a build server (Windows 10) and used as part of the build process. Password resets after reboot or after RDP session. Therefore RDP access to the server is disabled and it's running VNC.
However, still we have a problem that once in a while server reboots and in this case someone needs to login to the server over VNC and to initialize the software by typing password in.
Is there any way that this process may be automated? Some QA tools that may be utilized for this puprpose?
If auto logon is set (find the instruction on SuperUser site), startup script can run on this server without alive VNC connection (in Windows Task Scheduler by logon trigger). As an GUI automation library you can use pywinauto (need any Python on the server + pip install pywinauto). If you keep the server always logged in, maybe another trigger would be useful (from Jenkins slave if it's connected to Jenkins). But it must run not as a service (services can't access GUI).
I have a desktop application should behave differently depending on if an optional service is running. I was using the service control manager to check if the service was registered, and if so, whether or not it was running. This worked well until I realized that this seems to require the desktop application to run as administrator.
What would be the best way of checking these conditions (registered and running) in my desktop application, without requiring administrative rights?
You do not need admin rights to query the SCM for service information.
Call OpenSCManager() requesting SC_MANAGER_CONNECT access, then call OpenService() requesting SERVICE_QUERY_STATUS access. That will tell you if the service is installed or not. If so, then call QueryServiceStatus() to find out if it is running or not.
As I'm more familiar with the C# side, I'm not sure if there's a formal API for doing this in C++ that doesn't require some form of elevated privileges. That said, a couple of alternatives come to mind.
You could have your service open a server socket and listen on the localhost address (127.0.0.1) on a specific port. When your application starts running, it would connect to this address. If the connection succeeded, your service is running.
Another option would be to have your service create a named, system-level mutex when it starts running and close it when the service closes. Your application could check to see if the mutex exists. If it does, your service is running.
HTH
Hey all,
I'm having trouble with PerfMon on one system out of fifteen in a development environment. Accessing it from the local machine is fine but connecting to it remotely throws a "Cannot connect" error.
Each machine is running Win 2003, is connected to the same domain and I have admin rights to all.
There were some services set to disabled which are normally enabled by default so I've set these to match the other machines on the network - still have the same problem.
Any ideas?
Cheers
**Update**
Ok - I found it was the remote registry service not running correctly causing the above error; Once that was enabled Perfmon is now telling me "No such interface supported".
If I connect through Computer Management, it fails the first time, but the second attempt is successful. Connecting through perfmon fails everytime.
Fixed - for anyone that runs into this issue, hopefully this can help you..
Enabling Remote Registry fixed my first problem.
The second issue, "No such interface supported" turned out to be permissions issues within the registry. Apparently the machine had some pretty obscure permissions set to specific registry keys a long time ago, which are now irrelevant.
Resetting permissions with secedit fixed it up -
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
Perfmon counters are now accessible remotely.
We encountered the second issue - "No such interface supported" when attempting to "Connect to another computer" in Performance monitor.
All the rules and services are running.
We found the following:
If the user was added to the local admin group, they were able to connect to another computer (irrespective of belonging to the Performance Monitor group).
If the user was not a local admin and in the performance monitor group - we were unable to connect to another computer via the "Connect to another computer" context menu.
But we were able to add the performance counters. In Performance monitor when you add a counter there is an option to "Select counters from computer". We were able to connect to the counters on the remote machine this way. Also note that if you are planning on data collecting, you would need to set the correct credentials (by default it appears to run under a local system user).
I fixed my case as follows:
Add Firewall rule Performance Logs and Alerts from the predefined rule list.
From client, run the Performance Monitor as the remote user
Eg: runas /user:remote_machine\username "mmc perfmon.msc"
Of course, the user must be at least in the user groups "Performance Log users" or "Performance Monitor Users".
The reason why perfmon.exe do not want to connect to the remote server is, it wants to connect to the Perf Monitor and the Perf Logs (Data collections).
So you have to add the user account to also the Log User group and of course to the Monitor Users.
you don't need to be local admin on the remote server!
I have a script written in Visual Basic that starts a process (given to the script as an argument) on a remote system (again, given as an argument) using WMI. This script works fine when using an Administrator account on the remote system, but when using a non-administrator account, I get the following error:
ConnectServer Failed w/ (-2147024891) Access is denied.
I'd like to be able to run processes on remote systems as a non-administrator user with this script, and I'm pretty sure the problem is due to security settings on the remote system, but I've not been able to reset the right ones.
It sounds like you need to configure launch and activation permissions for this user, on the target machine, via DCOMCNFG. By default non-admin users do not have remote launch and activiation permissions.
Alternatively, depending on the operating system you are connecting to, there may be a "Distributed COM Users" group to which you can add your user. This group already has the appropriate permissions. The Distributed COM Users group was first included in Windows Server 2003 Service Pack 1 (DCOM Security Enhancements).
You can read more about WMI and DCOM permissions here. More detailed steps on how to configure WMI and DCOM are included in the serverfault thread Which permissions/rights does a user need to have WMI access on remote machines?.