Friday, January 25, 2013 1:07 AM
On my window 7 I am trying to create a proxy account for using SQL agent job to schedule a power shell script to run.
In SQL server, I created a credential using my own account (dba) and create a powershell proxy,
Then I created a sql agent job to run the powershell using the proxy, I get an error:
Unable to start execution of step 1 (reason: Error authenticating proxy mydomain\myusername, system error: Logon failure: the user has not been granted the requested logon type at this computer. ('Access this computer from network')). The step failed.
What does this mean, does this mean the proxy account will login to my computer from network?
I did check local policy setting, the setting for access this computer from network is setup for some network operators who did the installation of windows, but I am the administrator of the box, why cann't I access my own computer?
Monday, February 04, 2013 11:03 AMModerator
Please follow steps to create a proxy account:
- In Object Explorer, expand a server.
- Expand SQL Server Agent.
- Right-click Proxies and select New Proxy.
- On the General page of the New Proxy Account dialog, specify the proxy name, credential name, and description for the new proxy. Note that you must create a credential first before you create a proxy if one is not already available
- Check the appropriate subsystem for this proxy.
- On the Principals page, add or remove logins or roles to grant or remove access to the proxy account.
Make sure the proxy account is mapped to the Credential and you select the appropriate subsystems.
Running SQL Server Jobs using a Proxy Account: http://www.sql-server-performance.com/2010/sql-server-job-proxy-account/.
How to: Create a Proxy (SQL Server Management Studio): http://msdn.microsoft.com/en-us/library/ms190698.aspx.
TechNet Community Support
Monday, February 04, 2013 5:24 PM
Thanks, I followed the instruction of microsoft site of how to create proxy account.
I used my own domain account,(my network login) to create the credentials. I have no problem to make this work in a testing Server.
And I did the same process, but this doesnot work on my workstation which is a windows 7
the error is 'Access this computer from network'.
Does it mean my network account can access computer like the testing server from network,
but cannot access workstation from network?
Thursday, February 21, 2013 8:54 PMIt looks as if you have run afoul of User Rights Assignment. Your account has the right to log on locally, but not to log on from the network. SQL Agent uses a network clear text logon (type 8) to create a process from your proxy's credentials. Go to Local Security Policy under Administrative tools. Under Local Policies -> User Rights Assignment find the right to "Access this computer from the network." Your proxy credentials account must be given this right on the computer running SQL Agent. Also note that the SQL Agent service account (if not running as local system) must have Replace A Process Level Token right (as well as several others). See article MS143504 on MSDN for the gory details.
Friday, February 22, 2013 2:04 AM
Can I ask where does your powershell script reside on - your windows 7 wks or the sql server? Maybe the sql agent job cannot find your powershell script, my guess is your powershell scripts resides on your windows 7 which means you share out the folder and the job needs to access the script via a unc path.
I suggest you copy the script to your server, grant the proxy account NTFS read permisssions to the file/folder and remote desktop to the server and recreate the job.
- Edited by Woon Thong Friday, February 22, 2013 3:35 AM
Friday, February 22, 2013 9:19 PM
I think Pat McCombs answers the question , but not 100% sure.
I have no problem using the my own user account for credentail and running PS script on a testing server. The problem only happens at my workstation, and a copy of powershell script is on my local too, and i have no problem to run the ps script on my local, the problem is when i use proxy account on my local and run the job as a SQL agent.
Pat said to grant access in Access this computer from the network from security policy, but unfortunately it is grayed out, I cannot add my login, I see there are two accounts are there, one is domain admin, the other is workstaition admin who installed the computer.So I cannot change it to test if the problem comes from here.
I don't quite understand Access this computer from the network mean, everytime I login my workstation , I login to our domain, does it mean I do have access from network to the computer?