I’m trying to get this fixlet to run using a domain admin user. Even though I’m putting the password in correctly, I get the following error : Command failed (RunAsLocalUser failed to logon: 1385) wait (action:222350)
Depending on the different ways i have tried to run this, I have also received this error:
Command failed (Override keyword is unknown for this command.) override (action:222340)
Can anyone point me in the right direction for running this as a domain user?
action uses wow64 redirection {not x64 of operating system}
override wait
runas=localuser
user=ids\admin
password=required
asadmin=true
wait “{pathname of system folder & “\cmd.exe”}” /Q /C “{(pathname of client folder of current site) & “__Download\Oracle12cExport.bat”}”
My post at Tip - Action Override User settings may be helpful, but those options look correct to me (looks like the last example I have on that page).
Error 1385 in particular maps to “The user has not been granted the requested logon type at this computer”, which means the password is correct but the account is not allowed to log on. I’m actually not sure whether we are triggering an Interactive or Batch type logon with our overrides.
Best-practices are that a Domain Admin should not be granted logons to workstations. You might need to check with your AD team to see what account you should use for admin access on workstations, or you may need to set up a new AD account with local Admin rights to the machine.
Thanks. The batch file that is being run needs to be run as a domain admin. Also, the machines that I need to run this on are servers and not workstations. I am the AD team and this account has local admin rights to all the servers.
I actually used that post that you linked in order to write this fixlet. Great post and very useful information . For now, I will just keep trying different ways to get it to work. At one point the fixlet successfully ran to completion but it did not appear to run the script
I’d check the Local Security Policy \ User Rights Assignments on one of the servers, in particular “Allow log on locally”, “Deny log on locally”, “Log on As a batch job”, and “Deny logon as a batch job”.
For testing the security policy, it’s probably easiest to log on to the server with your account, and then use “Run As” to try to launch a command prompt as the service account/admin account that you’re using here - if it’s a security policy issue, that login should be rejected too.
One thing I would recommend is to test your user locally outside of BigFix. Login to the machine that is erroring with another user, use runas and make sure that the account is ok. Windows permissions are a bit “funny” sometimes - you may have Admin rights but if you attempt to configure a service to run with that account for the first time it still attempts to give the account ability to start services explicitly, so make sure whatever the tool/script you attempt to package does run ok with a different account and then continue with attempts to try to package it… If it’s not working outside of BigFix, you won’t get it working through BigFix…
My logon error has been resolved. Now i’m receivng an exit code 1 when trying to run the batch file. do you have any tips for troubleshooting this issue? I can run the batch file manually with no issue. when running the batch file manually, it launches a second command window. Could that be the issue? My new script is shown below:
createfile until __EOF
set ORACLE_SID=dcsdb1
set ORACLE_HOME=C:\oracle\product\12.1.0\dbhome_1
cd C:\oracle\product\12.1.0\dbhome_1\bin
start expdp user/password schemas=dcsdba directory=EXPDIR dumpfile=(IDSPRODP1_011923%U.DMP,IDSPRODP2_011923%U.DMP,IDSPRODP3_011923%U.DMP,IDSPRODP4_011923%U.dmp) logfile=IDSPROD_011923.log FILESIZE=2G PARALLEL=32
__EOF
move __createfile c:\scripts\12cExport.bat
override wait
runas=localuser
user=ids\admin
password=required
asadmin=true
wait “{pathname of system folder & “\cmd.exe”}” /Q /C “{(pathname of client folder of current site) & “c:\scripts\c:\scripts\12cExport.bat”}”
You have “c:\scripts” twice in the same path. If that’s how you have it in the actionscript it would cause Exit Code =1 (generally, means incorrect path)
createfile until __EOF
set ORACLE_SID=SID
set ORACLE_HOME=C:\oracle\product\12.1.0\dbhome_1
cd C:\oracle\product\12.1.0\dbhome_1\bin
start expdp DB/DBUSER schemas=schema directory=EXPDIR dumpfile=(IDSPRODP1_011923%U.DMP,IDSPRODP2_011923%U.DMP,IDSPRODP3_011923%U.DMP,IDSPRODP4_011923%U.dmp) logfile=IDSPROD_011923.log FILESIZE=2G PARALLEL=32
__EOF
move __createfile c:\scripts\12cExport.bat
override wait
runas=localuser
user=ids\admin
password=required
asadmin=true
wait “{pathname of system folder & “\cmd.exe”}” /Q /C “{(pathname of client folder of current site) & “c:\scripts\12cExport.bat”}”
Actually, I should have caught this last time as well, but just stopped looking as soon as I noticed the path… What are you trying to do with the relevance clause? As you have it it will produce some kind of path with two paths combined that won’t get you anywhere… It will evaluate to something like:
Is there anyway to use this override setting with just 4 dos commands rather than a wait to run a batch files?
for some reason, when we run this with a batch file, it skips two on the exports but when we just run the commands seperately, it exports all 4 exports.
from the documentation that i’ve seen online, it needs to be used with the wait command.
if not, i will try to break this into two batch files to see if it will export all four.
You can’t just put the commands into actionscript - you need to wait/run/waithidden/runhidden anythng that is external to actinscript, whether that is a batch file, powershell or a Windows executable.
Your set of wait <whatever.exe> would each need the overrides to be declared immediately before
. For now, I will just keep trying different ways to get it to work. At one point the fixlet successfully ran to completion but it did not appear to run the script 
