Sparx Systems Forum
Enterprise Architect => Automation Interface, Add-Ins and Tools => Topic started by: skiwi on February 08, 2011, 08:00:31 am
-
We are installing the Keystore Service (http://www.sparxsystems.com/products/ea/floating_licenses.html), and our practice is to run services under dedicated Active Directory accounts (instead of Local System for example)
Can anyone please tell us the minimum permission set they found were required for the service account on the Server where the Service is installed to
(Our Active Directory created service accounts all belong to the Domain Users group only – so further permissions will be required on the server where the service is installed)
-
Sparx support have been unable to help us on this one,
so if any of you could get your SysAdmins who have installed this on a corporate server to tell us what the minimum permissions they set the service account up with I'd appreciate it
tia
-
Please, does anyone run the Key Store on a network server ?
Our situation:
The Key server fails to run when configured with a domain (AD) service account without full administrative privileges.
The domain service account is a member of the standard Microsoft Domain Users AD group.
On the server where the service is installed, the service account is also ‘Log on as a Service’, ‘Act as part of the operating system’ and ‘Log on as a batch job’ user rights assignment (through Local Security Settings)
Note that using the local system account it works but does not meet our internal security requirements.
We need to be able to run the application using a domain (AD) service account and without full administrative privileges
When we run the Keystore as a service the service appears to terminate with any messages or logs generated to send to Sparx.
-
The permissions we gave to the service
(http://i306.photobucket.com/albums/nn245/copperkiwi/Sparx/EAServicepermissions.png)
The service start message
(http://i306.photobucket.com/albums/nn245/copperkiwi/Sparx/ServiceStartmessage.png)
The event log
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 7/03/2011
Time: 10:41:28 a.m.
User: ***\***
Computer: *******
Description:
The Sparx Systems Keystore Service service was successfully sent a start control.Followed by
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 7/03/2011
Time: 10:41:28 a.m.
User: N/A
Computer: *******
Description:
The Sparx Systems Keystore Service service entered the stopped state.
Note how it terminates immediately without any message.
Please, I really need some help on this one.
-
Is there anyone at all out there who is using the key server and has it installed on a Windows network in an AD environment?
-
Why can't Sparx help with this - after all it's their software !
We run with the Key Store on a network server, but we don't run the key store service. Everyone just picks up a shared key from the key store file. This works OK.
-
Why can't Sparx help with this - after all it's their software !
I wish I knew, the response I get is
As seen in your screenshots - your service account appears to have full permissions to the key store directory in the file system. This would suggest that your problem is most likely with your Local Security Policy configuration.
Unfortunately our response is still the same as before -
There is no documentation currently available regarding the specific permissions required in the Local Security Policy configuration and unfortunately we do not have the resources available at this time to investigate these security configuration requirements.
which is not unreasonable, but I have a situation where I have no diagnostics available from the product that allow us to determine the issue, or provide further information to Sparx.
So our SysAdmins say they don't know what to do next, and Sparx say they can't help!
(and did I mention that we just upgraded 8 of our licences to floating,
all I can say is that after three months we are not getting value for money)
Hence my requests to the community ...
-
Isn't there any escalation procedure? For a standard product service there should be one! A supporter (New Zealand isn't too far from Australia) should come and fix it at the customer site. And if it's too far they need to send someone from an affiliate company. Well....
I guess the problem is the price here. Above is valid for licenses where a single one is above $10.000. Maybe it's an idea for Sparx to offer payed premier support?
q.
-
Do the logs tell you anything? The user you run the service as will require file system access to the directory that the service is installed under (and any subdirectories).
The service user will also need permission to create COM objects.
If there's no entries in the logs, I'd hazard a guess that it's a file system issue, otherwise I'd go with COM.
Michael
PS No longer working for Sparx so any further correspondence may be sporadic!
-
And apparently I still have a red account....
-
I wonder wether your former colleagues have read RFC 1925 thoroughly. Funny it fits not only for networking...
q.
-
And apparently I still have a red account....
Of course if it were up to me, you'd be [size=72]B&[/size]
8-)
PS See you Sunday...
-
And told to shut up.
But before you do shut up, you only have another 5300-odd postings to catch up with Midnight, who now appears to be back and upping the ante (welcome back David!). So come on lad, hop to it!
-
Just to close this, in our case this was fixed by providing the correct permissions to access COM, and by changing the SysAdmin [smiley=cry.gif]