RiskFabric Processing job step failure: Access is denied
Article ID: 240260
Updated On:
Products
Issue/Introduction
Any or all of the nightly RiskFabric Processing job steps of type Operating system (CmdExec) fail and throw an error similar to the following:
The process could not be created for step <n> of job 0x9309FE9EE7E6794496873373CDCC1318 (reason: Access is denied). The step failed.
The job steps of type Operating system (CmdExec) and the executables they run are:
Step Name |
Step |
Executable |
Arguments |
| Metric Collector | 22 | RiskFabricCollector.exe |
N/A |
| Update DB Utility Versions | 23 | TaskRunner.exe |
TaskRunner.Tasks.Custom.DBUtilitiesVersionUpdater |
| Send License Expiration Notifications | 25 | TaskRunner.exe |
TaskRunner.Tasks.Custom.SecurityNewsletterEmailTask spExpiringLicenseNotificationCheck |
| Send Scenario Step Up Emails | 26 | TaskRunner.exe |
TaskRunner.Tasks.Custom.SecurityNewsletterEmailTask spGetStepUpEmails "" "" spUpdateStepUpEmailSent |
| Send Email Notifications | 27 | TaskRunner.exe |
TaskRunner.Tasks.Custom.SecurityNewsletterEmailTask spGetFailedEmailsForResending "" "" spUpdateFailedEmailsForResending |
NOTE: This article also applies to the Bay Dynamics AD Connector Job which executes the Active Directory Connector Utility as part of Information Centric Analytics' (ICA) integration with Active Directory. When troubleshooting this error with the Bay Dynamics AD Connector Job, substitute the terms Bay Dynamics AD Connector Proxy for RiskFabric Nightly Processing proxy and Bay Dynamics AD Connector Credential for RiskFabric Nightly Processing credential.
Environment
Release : 6.x
Component : RiskFabric Processing
Cause
These job steps are executed by the SQL Server Agent (SQLAgent.exe) using impersonation via the RiskFabric Nightly Processing proxy. The proxy executes as the RiskFabric Nightly Processing credential, which points to an identity that is typically the service account you have designated as the owner of the RiskFabric database. The error described in this article will occur if the service account does not have rights to either access the path or executable specified in the job step, or if security software is blocking the SQL Server Agent from accessing these paths and/or executables.
Resolution
To resolve this error, ensure the RiskFabric Nightly Processing credential's identity account has rights to access the path specified in the failing job step(s), and confirm the path specified is valid. If applicable, create an exception or exclusion in your endpoint security software for SQLAgent.exe to execute RiskFabricCollector.exe and TaskRunner.exe.
To determine the account being used as the RiskFabric Nightly Processing credential's identity, follow this procedure:
- Open SQL Server Management Studio (SSMS)
- Connect to the Database Engine hosting the
RiskFabricrelational database - In Object Explorer, navigate to Security > Credentials
- Right-click the RiskFabric Nightly Processing credential and select Properties
The Credential Properties window opens - In the Credential Properties window, note the account specified as the credential's Identity
For SQL Server Agent job steps of type Operating system (CmdExec), command names that contain spaces should be enclosed in quotation marks, with any switches or arguments placed outside the quotation marks, using the following syntax:
"<path>\<executable>" <arguments>
For example:
"E:\Program Files\Bay Dynamics\Database Utilities\TaskRunner\TaskRunner.exe" TaskRunner.Tasks.Custom.DBUtilitiesVersionUpdater
Feedback
