Solved

Service Logon Only Works As Administrator

Posted on 2008-06-12
9
267 Views
Last Modified: 2010-04-20
Hi All - I have a service running on our Windows 2003 Server system that runs great when it logs on as Administrator.   I would much rather have it run as a different user.   I created a new user and added the user to the Administrators group.  Now when the service tries to logon it fails with a COMException error 80004005.   Switching the service back to Administrator and it works great.  Interestingly when the service runs on an XP or Vista machine it runs fine with the new user.  First question is are there capabilities that 'Administrator' has beyond what you get by being in the Administrator group?  Is it possible to add those capabilities to the new user?  Apparently, Service Logon is one of those.  Finally, I understand that a likely meaning of the 80004005 is a permission violation.  I have every directory where something resides for the service set to have full control for the Administrators group, but no luck.  Thanks in advance...
0
Comment
Question by:RobbieBarns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 100 total points
ID: 21767067
If it must run with administrator permissions then in ADUC right click on Administrator and select Copy to create a new account - this will then have all the memberships that Administrator has, (Administrators, Domain Admin, Enterprise Admin, Schema Admin, GP Creator/Owner) and use that.
0
 

Author Comment

by:RobbieBarns
ID: 21767138
Thanks for trying - tried it.  No luck, it told me that it was add "logon as a service" to the new/copied user but get the same error when it tries to logon.
0
 
LVL 22

Assisted Solution

by:cj_1969
cj_1969 earned 100 total points
ID: 21874790
As noted, this appears to be a permissions issue.
If not file based, is there any communications taking place?  DB access or something?
Being a member of hte administrator's group should give access to all of the functionality of the machine but if there is user level access to a resources (such as a database) then this could/would be controlled by the actual user ID that the service is running under.

Based on this ... http://www.experts-exchange.com/Microsoft/Applications/Microsoft_Dynamics/Q_22932717.html
I believe you have a permissions issue ... something is configured to authenticate the user account and not by group.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:RobbieBarns
ID: 21878607
HI - the COM object that is being run by the service is Visual Fox Pro 9 COM Server (exe).  The error I get references the OnStart method of the COM object where database opens and writes are taking place to the server that the service is running on.  I've double-checked those directories to be sure that the Administrators group has Full Control on each and they do.

I implemented the advice of a previous post so that now the ServiceLogonUser belongs to the Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners and Schema Admins - groups.

A later method in the COM server also reads and renames files on another 2003 server outside of it's domain.  I tried adding Modify permissions to the file directories on that machine for Enterprise Admins of the home domain (the domain where the service is running).  Could this be the area of the problem?  The home Administrator still works and the new ServiceLogonUser doesn't.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 21885263
My guess is that this line is where you might be having problems ... "where database opens and writes are taking place "  ... How are you connecting to the database?  My guess is that something is trying to use the account that is running the code to conenct to the database and it cannot do that now.
0
 

Author Comment

by:RobbieBarns
ID: 21891534
So I've taken out ALL logic out of the COM object.  Even the HELPSTRINGs, even tried taking out the lines that I think were critical:

SYS(2335, 0)
SYS(2340, 1)

And same error with ServiceLogonUser and fine with Administrator.  The only things in the object are PROCEDURE names, RETURN, ENDPROC lines.  Same problem.  Interestingly, taking out the 4 variable definitions 'myvar1=0' lines at the top create memory violations when missing (I'm guessing I'd need to re-register the COM object to get rid of these).

I"m wondering if the C# logic in the installer class needs more for non-Administrator users:

            this.serviceProcessInstaller1.Account =  ServiceAccount.NetworkService;
            this.serviceProcessInstaller1.Username = "";
            this.serviceProcessInstaller1.Password = "";

Any help is greatly appreciated!  Do we know for sure that Windows Server 2003 supports user defined logon names?


0
 
LVL 22

Expert Comment

by:cj_1969
ID: 22059200
Any success with this?
I was thinking baout this and it could very well be a permissions issue with the COM object or something along those lines ... i ran into problems a while back where permissions for executing code were removed from some of my IIS servers.
0
 

Accepted Solution

by:
RobbieBarns earned 0 total points
ID: 22071975
Thanks for thinking about it, but this is just running and an internal LAN and so I don't think that IIS is involved.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question