I'd ask that you specify

Bill Slobodnik · ‎04-01-2014

I'm running TES 6.1 and am running the system with the "use passwords to run windows jobs" option (no option due to one particular application we use Tidal for). In every windows server I am finding issues whenever running jobs while the server is not logged in as that Runtime user. Ideally I would like to be able to execute jobs while the server is logged off, otherwise I need to log these servers back in after every reboot. Is there a way to set this up in a job or within the agents?

Bill Slobodnik · ‎04-01-2014

Update- Ran the same script (Bat file that calls Powershell script) in scheduled tasks using the same user account while logged off the server, job ran without issues. I checked the run whether user is logged in or not option on the task. What will provide the same fuctionality in Tidal?

Joe Fletcher · ‎04-02-2014

Hi,

I suspect this is the same kind of problem I've just run into running unattended powershell. (see posts from a couple of days ago)

The fix was to install the agent as the intended runtime user. This in turn may present you with problems elsewhere if there is a need to run under more than one user. Yo may also have problems if there is any intermediate authentication required that might normally be part of the login process.

In my own case its a failure with web content gateway authentication that causes the most problems but I think some of these types of issue can be overcome using judicious profile setup.

Cheers

Joe

Bill Slobodnik · ‎04-04-2014

Thanks Joe, I have a case open with Tidal support as well. I may try that your suggestion as well to at least test. I'll update this post if we figure out a workaround.

Olaf Schroeder · ‎04-28-2014

I'd ask that you specify which OS this is occurring on so the Tidal community can better respond. The security introduced in Windows 2012 and even Windows 2008 have more restrictions that past Windows server versions.

Check that you're running "cmd.exe /C whatever command" because that insures the Windows command line shell (and all that goes with that into memory) when running Windows powershell commands or batch files.

I still favor a good old-fashioned Windows agent. In at least a few cases, we setup more than one agent per Windows machine when we have a special run-time users to run-as. I'm still not convinced of the using "Use passwords to run windows jobs" just yet as there can be too many issues depending on which release of Windows are in place. Most IT shops are going to have everything from Windows 2003 server to Windows 2012 server in play at the same time.

I know even without that option I had to sit down with my network administrators and give ourTidal service account user special permissions to do things normal login users are not allowed to do.

Using one standard Mydomain\svc_TIDAL service account across your enterprise and have your network administrator give it the appropriate permissions is the place I'd start. Getting test Tidal jobs setup on any new OS should be an adminstrator's first responsibility before their developer community stumbles on an issue when they release on a newly introduced OS platform.

Running windows jobs while logged off