Access is Denied when accessing files on remote server thru XP_CMDSHELL (was working last week)

Last Post 20 Jun 2007 04:22 AM by lneville. 2 Replies.
AddThis - Bookmarking and Sharing Button
Author Messages
lneville
New Member
New Member

--
20 Jun 2007 12:39 AM
I am using XP_CMDSHELL to run 2 Windows commands (from a SQL 2005 SP2 server) that access files on a remote server (called webserver). The two commands are:

1. cscript.exe \\webserver\wwwroot\Eur_SaveProductImages.vbs
2. dir \\webserver\wwwroot

Up until very recently this worked fine. Now I am getting Access Is Denied errors:

For #1:
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
CScript Error: Loading script "\\webserver\wwwroot\Eur_SaveProductImages.vbs" failed (Access is denied. ).

For #2:
Access is denied.

This happens if the above commands are run through a job, or directly with Query Analyzer as SA.

I understand that XP_CMDSHELL commands are run in the security context of the SQL Server startup account. The SQL Server startup account is called SQLServer and this account exists on both webserver and the database server. On both servers the username & password are identical and the user is in the local Administrators group. The two servers are in a workgroup.

Things I have tried (with no effect):

1. Restarted the servers
2. Deleted and recreated the SQLServer login on both servers
3. Changed the startup account for SQL Server through the SQL Server Configuration Manager to another account and back to SQLServer.

The most revealing tests are these:

1. If I log into the database server myself using the SQLServer account I can run the above commands in a Command Prompt with no problem

2. I installed SQL 2005 Express SP2 on webserver using the same startup account (SQLServer). If I run the same XP_CMDSHELL commands as above but accessing files on the database server, the commands work!
So, an XP_CMDSHELL command run under SQL Express using the local SQLServer account to access a remote server works, but an XP_CMDSHELL command run under SQL Server using a local SQLServer account (that is supposedly identical to the same named account on the other server) does not work !!?!?!?

It is almost as if XP_CMDSHELL commands run under SQL Server are NOT using the SQLServer startup account, but using some other weaker account. How can I tell if this is true?

How can I get this back working (as it was a week ago). The only thing I can think that happened on the servers to cause this is the installation of Windows Updates.

Thanks

lneville
New Member
New Member

--
20 Jun 2007 04:22 AM
I checked the permissions - Administrators have Full Control on the share.

I don't think file/folder permissions can be the answer because as I said, if I log into the DB server interactively using the same account as SQL Server uses (SQLServer account) I can run the commands that I am running through XP_CMDSHELL.
lneville
New Member
New Member

--
20 Jun 2007 04:58 AM
No, there is no proxy account. Also, I think even if there was one, when I execute the command as SA it wouldn't be used.


Acceptable Use Policy
---