CA WA Agent cannot switch user or run jobs as another user
search cancel

CA WA Agent cannot switch user or run jobs as another user


Article ID: 138483


Updated On:


Workload Automation Agent


WA Agent cannot switch user and fails with this error.

CAWA_E_20020 Logon failed for USER due to: The user name or password is incorrect.. Error code: 1326 


Release : 11.3, 11.4 , 11.5

Component : CA Workload Automation System Agent


If the WA Agent is not running as System or Service account then process may not have several privileges.  When running the Agent as a user, the agent may only be able to run jobs as the user that starts the agent.  This is due to local and domain group policies.  Open command prompt and run the following commands.

gpresult /Scope User /v

gpresult /Computer User /v

The above provides all the policies enabled as user and on computer.


Check the permissions that are most likely restricting the agent to become another user.  The following are some examples of permissions.

TEST_WS-SPSS-UserRightsAssignment Filtering: Denied (Security)

TEST_WS-ProcessLevelTokenOverride Filtering: Denied (Security)

The following shows that user has to be part of administrators group to impersonate another user

GPO: TEST_MS_Baseline_Policy_2.0

                Policy: ImpersonatePrivilege

                Computer Setting: Administrators

                                   LOCAL SERVICE

                                   NETWORK SERVICE


GPO: TEST_MS_Baseline_Policy_2.0

                Policy: TakeOwnershipPrivilege

                Computer Setting: Administrators

Note: Consult Windows Administrator or Microsoft Doc for more details on the permission.  The Windows or Domain Administrator will have to decided to enable users to be able to run or impersonate as other users.

Additional Information

Check this link for more information on granting additional privileges to User.