none
Log in as ssh user "admin" fails with "unable to generate user token for admin as i am not running as system" RRS feed

  • Question

  • Open ssh server on windows 10 is configured to log on as local "Administrator" user. Logging to ssh server as user "administrator" works fine. But logging in as local "admin" user fails with "get_user_token - unable to generate user token for admin as i am not running as system".

    User administrator has been granted right to "replace process level token".

    When ssh server is configured to logon as "local system" user, login as both "admin" and "administrator" user works fine but commands such as "net time" fails with "Access is denied" error.

    admin@UVM-70A3CB5F C:\Users\admin>powershell.exe "& {NET TIME /DOMAIN:test.com /SET /Y; if ($?) {exit 0} else {exit 1}}"                                                                      

    System error 5 has occurred.                                                                                                                                                                                                                                                                                                                                      

    Access is denied.  

    Wednesday, June 12, 2019 8:00 AM

All replies

  • Hello YogeshSingh1,

    I am not so familiar with this new feature in Windows 10. However, I found an article which may related to your question, I suggest you refer to the content in the article( especially the section that sets permissions ) to see if it is useful.

    How to Enable OpenSSH Server in Windows 10

    Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 13, 2019 8:55 AM
  • Thanks Leon. I had already configured Open SSH server on window 10 by following the instructions in the same link as suggested by you. The above issue was observed after successful configuration and start of ssh server. This issue is still there .

    Thursday, June 13, 2019 10:16 AM
  • Hi YogeshSingh1,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    If you have any updates during this process, please feel free to let me know.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 14, 2019 9:33 AM
  • Thanks Leon. I did uninstall and reinstall of Open SSH Server. Open SSH Server by default is configured to be run  as "Local System" account. I have added privilege in security policy to "replace a process level token" to "Local System" account. Now I am able to login as local "administrator" user through ssh session and run all the commands successfully. I am also logged in as local "administrator" to my windows 10 system. 

    I am also able to login as "admin" user now (which is a local administrator user). As "admin" user, I can run powershell commands such as "Set-ItemProperty", "Get-ItemProperty", "Get-SmbMapping" etc. successfully but running "New-SmbMapping" command fails with "windows system error 1312". 

    Command and Error

    <style type="text/css">p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures} span.s2 {font-variant-ligatures: no-common-ligatures; color: #ff3b1e} span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000} </style>

    admin@UVM-70A3CB5F C:\Users\admin>powershell.exe New-SmbMapping -LocalPath Z: -Persistent 1 -RemotePath \"\\ABEFS-30f8c0.test.com\home\" -UserName \"administrator@test.com\" -Password "test"                                                                                                                                                                                        

    New-SmbMapping : A specified logon session does not exist. It may already have been terminated.                                                                                                             

    At line:1 char:1                                                                                                                                                                                            

    + New-SmbMapping -LocalPath Z: -Persistent 1 -RemotePath "\\ABEFS-30f8c ...                                                                                                                                 

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                                                                                     

        + CategoryInfo          : NotSpecified: (MSFT_SmbMapping:ROOT/Microsoft/...MSFT_SmbMapping) [New-SmbMapping], CimException                                                                              

        + FullyQualifiedErrorId : Windows System Error 1312,New-SmbMapping        

    Monday, June 17, 2019 2:37 PM
  • I have noticed that when I login as "administrator" to windows 10 and also login as "administrator" user through ssh, New-SmbMapping Command works if no password is specified.

    New-SmbMapping command fails if password is specified with "Windows System Error 1312".

    Monday, June 17, 2019 6:09 PM
  • Hi YogeshSing1,

    I also suggest you post in the PowerShell forum: https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell to ask if it is a “double hop” problem in powershell.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 18, 2019 9:09 AM