I created a SQL Server Agent job and here is the job detail.
The job owner is my windows domain login.
The type is OS (cmdExec)
Run as SQL Server Agent Service Account
Command:
powershell.exe -executionpolicy bypass -file "D:\MyFolder\myFile.ps1".
When I ran the job it returned an error stating "D:\MyFolder\myFile.ps1" does not exist.
When I run the same command from cmd prompt it works find.
My question is what can I do to make SQL Server Agent Service Account "see" the file?
Thanks,
It's a privilege issue. I just granted read/execute permission to the Network Service login which SQL Server Agent uses.
It works now.
And thanks for all your responses.
Related
I have a need to add a step (a batch file that needs to run on the application server) once my backup from db server is complete. I am thinking of using the PsEXEC. For whatever reason the command I am testing via the query window executes the batch file at the app server just fine but when I add the same command as step in SQL server agent job it is giving me the error "The process could not be created for step 1 of job 0x318474904D93B54A81BA8B1AEE891A13 (reason: The system cannot find the file specified). The step failed."
Here is the command line running just fine from the query window
EXEC XP_CMDShell 'psexec -accepteula -u domain\user -p psswordhere \appserverip -s -d cmd.exe /c "F:\MovefFilesTest\TheJob\MoveTest.bat"'
FYI: domain\user is local admin on both servers and the sql service and agent are running under this account. It is also a sysadmin on the sql server itself.
Your help is appreciated.
Also F:\ is a local drive on the app server. I am puzzled why it is working on the query window but not when added as agent job
I've tried everything I can think of and now need help.
I'm trying to run a SQL Server Agent job that has one step in it which executes a SSAS Command that processes a dimension.
When running it, the job fails with the following error:
<Error ErrorCode="3238395904" Description="OLE DB error: OLE DB or ODBC error:
Login failed for user 'MyDomain\MyUserName'.; 28000; Cannot open database
"MyDatabase" requested by the login. The login failed.; 42000."
Source="Microsoft SQL Server 2012 Analysis Services" HelpFile="" />
The error message is pretty clear, but I cannot figure out where the issue is to fix it.
This is running on a named instance that is a test copy of the main instance on the same server.
The named instance service for both the database engine and SQL server agent are running under the "MyDomain\MyUserName" account.
The "MyDomain\MyUserName" account is set up as a "sysadmin" on the instance and has rights to "MyDatabase"
The SSAS Database uses "MyDomain\MyUserName" as impersonation (which is the same setup as the original, which works).
The SSAS Command within the job step is set to "Run as" a "SQL Server Agent Service Account"
The job owner is "MyDomain\MyUserName".
I've added the "MyDomain\MyUserName" as a server administrator under SSAS security.
I've even added the "NT Service\SQLServerAgent" (from the main instance) and the the "NT Service\SQLAgent$MyNamedInstance" (from the named instance) as a server administrators under SSAS security.
Geesh. It was the Server that was being used in the step calling the SSAS Command. It was still pointing to the old instance. Updating it the point to the new instance worked.
How can I copy file from 1 server computer to another using xp_cmdshell with credentials.I have an application server and database server.I want to transfer a file from data server to application server by executing the xp_cmdshell command by using the network credentials of the application server. Iam using sql server 2012 and I have configured xp_cmdshell in the SQL Server.
I got "Access is denied" error when I tried to transfer file from my local computer to a specific folder in my shared network.
Please help me...
It's a guess of course.
From this MSDN article you can find that
The Windows process spawned by xp_cmdshell has the same security
rights as the SQL Server service account
that means that this windows service account should have rights to the shared folder - which is not true I believe in your case.
So, to fix this you can specify a xp_cmdshell Proxy Account and then xp_cmdshell will execute commands under this specified account
Example:
EXEC sp_xp_cmdshell_proxy_account 'SHIPPING\KobeR','sdfh%dkc93vcMt0';
I post this question to the other forums too but still cannot find any solution.
I create SSIS package to send file to SFTP server. It works fine when I execute the package with in the SSIS.
But when I tried to run via SQL agent it keeps on running without sending the file until I stops the job by force.
I add the proxy account too but no solution.
My script to run the package is
option batch on
option confirm off
open sftp://UserName:Password#SFTP server Name :22001 -timeout=240
cd ToAA
option transfer binary
put C:\test29022016.csv
mget *.csv
Exit WinSCP
close
exit
Kindly help to solve this issue
Attached find the SSIS package details:
SQL server credentials:
SQL Process Keeps on Running:
SQL Job:
SQL Credentials:
The only difference between you running the package manually, and the SQL Agent running it as a job, is the account that is running the package. In the first case it is your account, and in the second case, it is the SQL Agent's account.
So if it works in the first case, and not the other, then the problem is that the SQL Agent lacks some permission that you have.
Have your network/security administrator give the SQL Agent all the same permissions you have and it will work.
To find out exactly what permission is missing, try logging into your computer as the SQL Agent's account, and run the package in Visual Studio, and see what error message occurs.
I found a work around and I am using windows task scheduler with the help of batch file to run SSIS.
We are running deployment scripts using pstrami. Part of the deployment is to execute database migrations. The migrations are using an connection string with Integrated Security.
When the script executes on the remote machine the migrations fail with a sql error saying Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
The person executing the script is a domain administrator. Other deployments that we run execute the remote scripts with the user who started the process.
The problem is that the credentials are not hopping to SQL Server for integrated security. You need to do the following:
On the server (the one that is making the SQL Server connection, as administrator run:
Enable-WSManCredSSP -Role server
On the client machine, as administrator run:
Enable-WSManCredSSP -Role client -DelegateComputer YOUR_SERVER_NAME
To open this up to all servers, you can run:
Enable-WSManCredSSP -Role client -DelegateComputer *
Finally, your invoke command make sure you run -authentication credssp. An example:
invoke-command -computername $remoteServer -authentication credssp -scriptblock { write-host "hello!" } -credential $credentials
This is the scenario:
You run the pstrami(deployment) script from desktopA. The script pushes your installation files to serverA. Then on serverA the scripts are run remotely as the person inititating the script from desktopA. One of the steps is to run a sql database upate with fluentmigrator using a connection string paramter using "integrated security" and the database is on serverB.
Connection string example:
$migration_db_connection = Data Source=serverB;Initial Catalog=PropertyDb;Integrated Security=SSPI;
.\migrate.exe /conn "$migration_db_connection" /db SqlServer /a $migration_assembly /profile DEBUG
Pstrami uses the powershell command invoke-command which uses the account you are running the script under as the default user. So, what happens is that when you run the script from desktopA as "jonDoe" it then authenticates on serverA. So your pstrami scripts run under "jonDoe" on serverA. When you execute the fluentmigrator script on serverA as "jonDoe", fluentmigrator returns an error Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. In IIS, you run into an interesting situation when you need to access another resource off of the IIS server and certain fairly common situations occur. When using Integrated Security, anonymous access is disabled, and impersonation is turned on, a Windows security measure kicks in and doesn't allow your site to access resources on any network servers. (http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx)
This is how I got around the Windows Authentication and the Double Hop problem I ran into. Run your migration scripts directly on your sql database server and include it as a server target in your pstrami environments.
Example:
Environment "dev" -servers #(
Server "serverA" #("InstallWeb")
Server "serverB" #("RunMigrations")
)
More on Double Hop
http://www.spdoctor.net/Pages/message.aspx?name=login-failed-for-user-bdc
http://www.sqlservercentral.com/blogs/sqlsandwiches/2011/06/20/double-hop-of-doom/
I am not able to comment on your question and posting this as an answer. I will update the same later.
It may be due to SQL Server not having the login account for your windows login account. If that is the problem please add the logged in user to the SQL Server in the remote machine.
If this is already addressed, then you have the option of giving Rights as DB_Owner to " NT AUTHORITY\ANONYMOUS LOGON " on the SQL Server as well as on the specific database you are using.