RiskFabric Processing job step failure: Access is denied
search cancel

RiskFabric Processing job step failure: Access is denied

book

Article ID: 240260

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

Any or all of the nightly RiskFabric Processing job steps of type Operating system (CmdExec) fail and throw an error similar to the following:

The process could not be created for step <n> of job 0x9309FE9EE7E6794496873373CDCC1318 (reason: Access is denied). The step failed.

The job steps of type Operating system (CmdExec) and the executables they run are:

Step Name

Step

Executable

Arguments

Metric Collector 22 RiskFabricCollector.exe N/A
Update DB Utility Versions 23 TaskRunner.exe TaskRunner.Tasks.Custom.DBUtilitiesVersionUpdater
Send License Expiration Notifications 25 TaskRunner.exe TaskRunner.Tasks.Custom.SecurityNewsletterEmailTask spExpiringLicenseNotificationCheck
Send Scenario Step Up Emails 26 TaskRunner.exe TaskRunner.Tasks.Custom.SecurityNewsletterEmailTask spGetStepUpEmails "" "" spUpdateStepUpEmailSent
Send Email Notifications 27 TaskRunner.exe TaskRunner.Tasks.Custom.SecurityNewsletterEmailTask spGetFailedEmailsForResending "" "" spUpdateFailedEmailsForResending


NOTE
: This article also applies to the Bay Dynamics AD Connector Job which executes the Active Directory Connector Utility as part of Information Centric Analytics' (ICA) integration with Active Directory. When troubleshooting this error with the Bay Dynamics AD Connector Job, substitute the terms Bay Dynamics AD Connector Proxy for RiskFabric Nightly Processing proxy and Bay Dynamics AD Connector Credential for RiskFabric Nightly Processing credential.

Environment

Release : 6.x

Component : RiskFabric Processing

Cause

These job steps are executed by the SQL Server Agent (SQLAgent.exe) using impersonation via the RiskFabric Nightly Processing proxy. The proxy executes as the RiskFabric Nightly Processing credential, which points to an identity that is typically the service account you have designated as the owner of the RiskFabric database. The error described in this article will occur if the service account does not have rights to either access the path or executable specified in the job step, or if security software is blocking the SQL Server Agent from accessing these paths and/or executables.

Resolution

To resolve this error, ensure the RiskFabric Nightly Processing credential's identity account has rights to access the path specified in the failing job step(s), and confirm the path specified is valid. If applicable, create an exception or exclusion in your endpoint security software for SQLAgent.exe to execute RiskFabricCollector.exe and TaskRunner.exe.

To determine the account being used as the RiskFabric Nightly Processing credential's identity, follow this procedure:

  1. Open SQL Server Management Studio (SSMS)
  2. Connect to the Database Engine hosting the RiskFabric relational database
  3. In Object Explorer, navigate to Security > Credentials
  4. Right-click the RiskFabric Nightly Processing credential and select Properties
    The Credential Properties window opens
  5. In the Credential Properties window, note the account specified as the credential's Identity

For SQL Server Agent job steps of type Operating system (CmdExec), command names that contain spaces should be enclosed in quotation marks, with any switches or arguments placed outside the quotation marks, using the following syntax:

"<path>\<executable>" <arguments>

For example:

"E:\Program Files\Bay Dynamics\Database Utilities\TaskRunner\TaskRunner.exe" TaskRunner.Tasks.Custom.DBUtilitiesVersionUpdater