none
A call to 'CreateProcessAsUser' failed with error code: '1314'.

    Question

  • Hi!

    Have a problem to execute xp_cmdshell with a proxy user in MSSQL2005 (9.00.2047.00). The error is:

     

    Msg 15121, Level 16, State 10, Procedure xp_cmdshell, Line 1

    An error occurred during the execution of xp_cmdshell. A call to 'CreateProcessAsUser' failed with error code: '1314'.

     

    The proxy user is a local administrator on the sql server machine. The proxy user have “Replace a process level token” rights thru the group SQLServer2005MSSQLUSer (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=627221&SiteId=1).

     

    I have even tried to use a domain administrator as proxy user, but the same error occur.

     

    What is wrong? I have search the internet a lot and found that many people have this problem without any answer.

     

    Thanks in advance,

    John

    Monday, March 26, 2007 7:16 AM

Answers

All replies

  • Monday, March 26, 2007 8:01 AM
  • For an English version of the page, see http://support.microsoft.com/default.aspx/kb/248391/us.

    Note that the proxy account should be set using sp_xp_cmdshell_proxy_account.

    Thanks
    Laurentiu

    Monday, March 26, 2007 8:23 PM
  • UPS,

    it was a mistake of my part, thanks for the adjustment to english URL.

     

    THX Laurentiu Cristofor

    Tuesday, March 27, 2007 5:57 AM
  • Unfortunately the article 248391 didn’t help.

     

    Act as part of the operating system.

    >Added the proxy user to this policy group

     

    Increase quotas.

    >Quotas isn’t active on this machine

     

    Replace process level token.

    >Added the user to this policy but was already member here thru the SQLServer2005MSSQLUser group.

     

    Log on as a batch job.

    >Added the user to this policy but was already member here thru the SQLServer2005MSSQLUser group.

     

    Also, make sure that the local SQLAgentCmdExec account has "Log on as a batch job" permissions.

    >This account was already added to the policy group.

     

    After the above changes was performed the machine was rebooted. 

    I also tried to using sp_xp_cmdshell_proxy_account to set the proxy account. But the same error occurs.

     

    I’m out of ideas!!

    Tuesday, March 27, 2007 6:42 AM
  • Hi,

    one more question, have you test it with a user who is  a member of  the sysadmin fixed server role?

     

     - because xp_cmdshell will be executed under the security context in which the SQL Server service is running, when the user is not a member of the sysadmin group, xp_cmdshell will impersonate the proxy account.

     

    CU

    tosc

     

    InsideSQL.de

     

    Tuesday, March 27, 2007 9:37 AM
  • I have tested to use my personal domain account as proxy user with the same error. My account is domain administrator, hence sysadmin. I just tried to register the proxy user in sql and added sysadmin role without success. The same error!! Should I try to restart the machine? Must wait for the evening then.

     

    If I try to run xp_cmdshell everything works great (because my sysadmin role?). But for all non admin accounts this error occurs.

    Wednesday, March 28, 2007 9:46 AM
  • Hi,

    yes you must restart the entire server, not just the SQL Services, in order for any changes made to user rights permissions to take effect!

     

     John.Jonsson wrote:

    If I try to run xp_cmdshell everything works great (because my sysadmin role?). But for all non admin accounts this error occurs.

     

    Yes, it's because xp_cmdshell is invoked by a user who is a member of the sysadmin fixed server role, xp_cmdshell will be executed under the security context in which the SQL Server service is running.

    You have to specified the proxy account, by using sp_xp_cmdshell_proxy_account!

    Code Snippet
    EXEC sp_xp_cmdshell_proxy_account 'ADVWKS\Max04', 'ds35efg##65";
    GO 

     One more question, did you use xp_cmdshell local or by remote? - plz try a local use.

     

    CU

    tosc

     

    InsideSQL.de

    Wednesday, March 28, 2007 11:15 AM
  • It works now!!! After I restarted the server it worked. During the restart sql 2005 sp2 was installed. Could that have something with the solution?

     

    Thanks for all help!

    Friday, March 30, 2007 6:24 AM
  • Hi John.Jonsson,

     

    YES  - restarting the entire Server.

     

    CU

    Friday, March 30, 2007 7:57 AM
  • It's not SP2, it's the restart.

     

    Thanks

    Laurentiu

    Friday, March 30, 2007 5:17 PM
  • Hi Laurentiu,

    that`s what I mean.

     

    THX

    tosc

    Friday, March 30, 2007 5:21 PM
  • Hi,

     

    One question - can I use local machine account as CmdProxyAccount or I have to use a domain one?

    Second question - can I use as CmdProxy the same account SQL service is running on?

     

     

     

    Thx

    Michal

    Friday, February 22, 2008 9:01 AM