| Author |
Message
|
| rcrippen |
 Posted: Wed Sep 01, 2004 5:56 am Post subject: Unable to access system services error |
 |
|
Apprentice
Joined: 01 Aug 2002
Posts: 45
Location: Rochester, NY
|
I've got the following problem:
Windows 2000 running V5 of WBIMB broker component. I restarted the broker this morning and am now getting system errors in the event viewer that indicate that an exception was thrown during an SQL call. There are additional error events being logged indicating the datasource name could not be found and the user id could not be used to access the data source. I can successfully test the broker's ODBC connection with the service user id.
What is puzzling is that this is happening on two different servers at the same time.
I have tried to restart the database services to see if that was an issue and all the db2 services stop except the 'DB2 - DB2-0' service. It gives me an error that the service did not return a return code and this could be a possible system or service error.
When I try to execute 'mqsichangebroker', 'mqsisetdbparms', or 'mqsistart' commands from the command line, I get the following response:
BIP8012E: Unable to connect to system components.
This command was unable to connect to required system services.
Check your system log for failure information. Ensure that the user name used to
issue this command has the required permissions to modify NT services. Reissue
the command when this has been resolved.
This has been running successfully for the last couple of months. The Windows SA says that the service user id has not had its permissions changed even though that is what I'm suspecting is the problem.
Has anyone seen anything like this or offer any help as to where to look for the resolution?
Thanks,
Rob Crippen |
|
| Back to top |
|
 |
| PGoodhart |
| Posted: Wed Sep 01, 2004 6:07 am Post subject: |
|
|
Master
Joined: 17 Jun 2004
Posts: 278
Location: Harrisburg PA
|
I'd guess you are right about the user id. I got that error when I was trying to install MQ on windows using an id that didn't have admin rights.
_________________
Patrick Goodhart
MQ Admin/Web Developer/Consultant
WebSphere Application Server Admin |
|
| Back to top |
|
|
| rcrippen |
| Posted: Wed Sep 01, 2004 7:27 am Post subject: |
|
|
Apprentice
Joined: 01 Aug 2002
Posts: 45
Location: Rochester, NY
|
As I suspected, the service user id had its administrative rights removed last night. Thanks for the response PGoodhart.
Problem solved.
Rob |
|
| Back to top |
|
|
| rcrippen |
| Posted: Wed Sep 08, 2004 8:34 am Post subject: |
|
|
Apprentice
Joined: 01 Aug 2002
Posts: 45
Location: Rochester, NY
|
Even though I thought the problem was solved, it has returned...
The problem now is the Security and Support group for the Windows platforms doesn't allow 'full Adminstrator' privileges on a user id that also allows interactive logon privilege.
Does anyone know exactly what adminstator privileges are required to allow a service user id to run the broker and also allow that user to remotely log onto the system.
The security policy 'powers to be' are requiring me to list the specific adminstrative privileges that are needed in order to support the broker on the windows platform.
Thanks for any help.
Rob Crippen |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Sep 08, 2004 9:27 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| rcrippen wrote: |
The security policy 'powers to be' are requiring me to list the specific adminstrative privileges that are needed in order to support the broker on the windows platform.
|
Tell them they are listed here.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| PGoodhart |
| Posted: Wed Sep 08, 2004 9:28 am Post subject: |
|
|
Master
Joined: 17 Jun 2004
Posts: 278
Location: Harrisburg PA
|
Ok, now you have a problem...
I know that this is not completely documented.
Here are the administrative things that I know of:
1. Start and stop services (this is the big one)
2. Edit the registry (during installation)
3. Bind to ports.
4. Add and change users (during installation)
5. Add user groups (during installation)
6. Spawn processes (another big one)
Really you are going to be in a world of hurt if you can't get your security goons to back down.
_________________
Patrick Goodhart
MQ Admin/Web Developer/Consultant
WebSphere Application Server Admin |
|
| Back to top |
|
|
| PGoodhart |
| Posted: Wed Sep 08, 2004 9:30 am Post subject: |
|
|
Master
Joined: 17 Jun 2004
Posts: 278
Location: Harrisburg PA
|
Good idea Jeff, by the time they figure out that this isn't really in any of the documentation, we will have a new version of Windows... (2006)
_________________
Patrick Goodhart
MQ Admin/Web Developer/Consultant
WebSphere Application Server Admin |
|
| Back to top |
|
|
| rcrippen |
| Posted: Wed Sep 08, 2004 10:01 am Post subject: |
|
|
Apprentice
Joined: 01 Aug 2002
Posts: 45
Location: Rochester, NY
|
Thanks Patrick and Thank you Jeff for the laugh!
That doc is the only place I could find that referenced any kind of listing of requirements for access privileges. I can't just say "Look, this document lists the requirements", this is a "large" support vendor that requires their own documentation to be submitted to request any exceptions to their security policies. Therefore, they are forcing me to "list all privileges that I require" duh!
Unfortunately, listing 'full Administrator" privilege is not enough and will not be acted upon favorably-so I've been told anyway!
I'll continue to keep my fingers crossed that I can 'persuade' them to make this exception.
Thanks again for your help.
Rob |
|
| Back to top |
|
|
|
|
