I've written a VBScript to connect a Win2k3 SP2 server to multiple Win2k3 + SP2 & WinXP + SP3 machines via WMI in order to query the systems Win32_OperatingSystem and Win32_ComputerSystem classes.
Set loWMISvc = GetObject("winmgmts:{impersonationLevel=impersonate,authenticationLevel=Pkt}\\" & lsStore & "\root\cimv2")
Note: 'lsStore' is the IP address of the computer system I successfully connection too prior.
I then attempt to create a new object to the remote system where it keeps returning a permission denied error (output of script):
21/11/2011 1:17:50 PM SUCCESS: Established connection to store
D:\Program Files\SUREfire Systems\Support\MG\QueryStores\QueryStores.vbs(244, 5) Microsoft VBScriptruntime error: Permission denied: 'GetObject'
Despite setting the objects ImpersonationLevel and AuthenticationLevel monikers as exepected, WMI also appears installed correctly on client and remote system. The initial connection to remote system is for the local administrator user also.
What else could be the cause the permission denied error that I'm not seeing? Any help would be appreciated.
I believe I've resolved my own query. A 'permission denied' error relates to the UAC so therefore you need to execute a script using the same level of access and permission as per the remote system. I simply ran a DOS command prompt running it as the admin user account on the client system and GetObject was successful.
Although an admin account would appear the same on two different systems, this proves you need to ensure the same level of access and security is adhered too ;)
Related
Im using Open SSH and trying to use ssh-add on windows server 2012 but keep receiving the following error
Could not add identity "C:\Users\SERVICE_ACCOUNT/.ssh/id_rsa": agent refused operation
I have made sure all my permissions are intact with all files within C:\Users\SERVICE_ACCOUNT.ssh
Icacls C:\Users\SERVICE_ACCOUNT\
C:\Users\SERVICE_ACCOUNT\ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
CP\SERVICE_ACCOUNT:(OI)(CI)(F)
Icacls C:\Users\SERVICE_ACCOUNT\.ssh
C:\Users\SERVICE_ACCOUNT\.ssh CP\SERVICE_ACCOUNT:(OI)(CI)(F)
I have tried ssh-add using a different user on my windows and im able to successfully do so without any issues, i have also made sure that the permissions for the other user match my service account as well
I am trying to install informatica 10.4 on windows but while domain creation, it is throwing me permission issue, but i am running the installer as admin and took the command from logs which was giving issue and ran it in cmd as admin but still the same issue.
I feel installer is trying to add permissions for wrong domain / user.
How to change that to correct domain / user?
error:
OutPut : [ICMD_10033] Command [generateEncryptionKey] failed with error [[INFASETUP_10000] [FrameworkUtils_0006] The encryption key file cannot be generated. [[FrameworkUtils_0022] Failed to find user name [WORKGROUP\SYSTEM] during Informatica service startup, and so cannot grant read and write permissions on the node configuration directory to the user. Verify that the user that started the Informatica service is valid. If you are a Local System User, you can ignore this message as you inherit the read-write permissions.]..].
I installed Oracle 18c on a Windows Server 2016 VM with the following options: Software only, single instance database, Standard edition 2, Use virtual account.
When I try to run ORADIM command to create a database, the command never returns control to the prompt and I have to close it forcedly.
There aren't any error messages in oradim log file, the instance has been created as well as all the related Oracle Services.
The only error I was able to find in Windows Event Viewer is related to Oracle VSS Writer service:
"Volume Shadow Copy Service error: The process that hosts the writer with name Oracle Vss Writer - XXXX and ID {yyy} does not run under a user with sufficient access rights. Consider running this process under a local account which is either Local System, Administrator, Network Service or Local Service."
My understanding is that ORADIM command is not returning because the Vss service start fails, can someone confirm thiscould be the case? Is ORADIM command compatible with virtual user installation and what do I need to do to have it working?
If this is a test database then:
Create a local or domain user for this Oracle instance such as Ora
Add this user to the ora_dba group in the local windows groups and users
Change the account the Oracle database and VSS Writer Service runs under (if they exist at this stage of the install) to this account
Run OraDim again using this account
I was able to confirm that oradim command freezes because of the Oracle Vss Service start failure: I launched the oradim command, as soon as the Oracle Vss Writer Service was created I modified the associated Log On user to LocalService and started the service, oradim command immediately returned control to the command window.
Thus I came up with this workaround in my installation script that seems to work, although I suppose there might be a better solution:
start oradim -new -sid %ORACLE_SID% -startmode manual
SET ORACLEVSS_NAME=OracleVssWriter%ORACLE_SID%
:VSSSRVCLOOP
SC QUERY %ORACLEVSS_NAME% > NUL
IF NOT ERRORLEVEL 1060 GOTO SVCCREATED
TIMEOUT 5 > NUL
GOTO VSSSRVCLOOP
:SVCCREATED
net stop %ORACLEVSS_NAME%
SC CONFIG %ORACLEVSS_NAME% obj= "NT AUTHORITY\LocalService" password= ""
net start %ORACLEVSS_NAME%
Today I try to rollback one hyperV vm which is domain joined.
When it is rolled back and started, it displays following error:
The trust relationship between this workstation and the primary domain
failed.
I tried solution to log off domain and rejoin domain. It throws following error:
"computer name is already existing in domain"
I also tried solution from following post:
http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx
http://support.microsoft.com/kb/325850
with command to sync account password:
netdom resetpwd /s:server /ud:domain\User /pd:*
Throws following mesage:
The machine account password for the local machine could not be reset.
Access is denied.
At last the issue is fixed by:
1.Export target vm snapshot
2.Import exported snapshot
3.Log in to new vm and unregister from domain
4.Rename vm computer name
5.Rejoin to domain
But I do not think it is a good solution
I was seeing this issue running a windows 10 guest on a Windows 10 HyperV. The following fixed it.
Logon to the VM using a local admin account and run powershell and execute
Reset-ComputerMachinePassword -Server [MyDomainController] -Credential
[MyDomain\administrator]
What is the workaround for WMI remote connection failure with Access Denied error when client runs with Local System account?
I tried to run script under local system account on the client which connects to remote WMI (namespace: root\cimv2) using local administrator credentials of remote machine. But WMI connection failed with the following error. The remote server has firewall enabled and client has firewall disabled. Both client and remote server has windows 2012 R2 OS.
Access is denied.
Win32::OLE(0.1709) error 0x80070005: "Access is denied"
What could be the reason for this error? The same script worked when ran from another client machine.