CreateProcessAsUser Error code 1314 or 2 Windows Job fails
search cancel

CreateProcessAsUser Error code 1314 or 2 Windows Job fails

book

Article ID: 90621

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Detailed Description and Symptoms

When running a job on a Windows agent started as a user other than SYSTEM, the following error messages are displayed in the Agent log:
U02001040 Error in function 'CreateProcessAsUser', error code '1314', error description: 'A required privilege is not held by the client.'.
U02001000 Job 'JOBNAME' could not be started. Error code '1314', error description: 'A required privilege is not held by the client.'.
 
Or
U02000005 Job 'JOBNAME' with RunID 'XXX' started.
U02001040 Error in function 'CreateProcessAsUser', error code '2', error description: 'The system cannot find the file specified.'.
U02001009 Agent cannot find file 'C:\Automic\Automation.Platform\Agents\windows\temp\JAAEIPNP.TXT.BAT'.

Investigation

Check your permissions for the user starting the agent.
Check the logon= setting in the agent's ini file.
Check to see if UAC (User Account Control) is turned on.

Environment

Product: Automic Automation

Component: Windows Agent

Version: any version

Resolution

Solution

  1. The Windows Agent requires certain additional rights under Windows in order to be able to use the Windows APIs that are listed below.
    The Agent requires these rights in order to process file transfers and start jobs in different user contexts. Although users are defined in the Automation Engine jobs, the Agent must still be able to log on with the privileges of the particular user, read user profiles and start Jobs, for example. Therefore, start the Agent via the Service Manager as a SYSTEM user.
    When you start the Agent as a regular user, however, you should install it with the recommended additional authorizations  (found under "User Rights Assignment" in the "Local Security Settings" on Windows) in order to make sure that it can process the above tasks:

    Act as part of the operating system
    Adjust memory quotas for a process
    Back up files and directories
    Log on as a service
    Replace a process level token
    Restore files and directories

    The right 'Log on as a batch job' is required when the option "Log on as a batch user" has been activated in the Windows Jobs of the AE system's Job objects.
    PLEASE NOTE: These cannot be implied through the group the user belongs to having the rights, the user itself must have the rights explicitly.

2) Be sure that the logon= setting in the Agent's ini file is set to logon=1

3) Be sure that UAC (User Account Control) is turned off (NOTE: Changing your UAC setting in Windows will require a restart of the Windows Server). 

4) Alternatively, if unable to turn off UAC, change Policy using gpedit.msc to Disable the following:

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > User Account Control: Run all administrators in Admin Approval Mode

5) Restart the server after making changes to the security settings.

Problem Persists:
If the above steps were tried and the error still persists, please contact Support and send the following:
*) A screenshot of the User Rights Assignments for the user starting the Agent (show each Windows OS Rights above)
*) The Agent log from startup and with the error reproduced
*) A screenshot showing that UAC is turned off

Additional Information

Documentation Reference:

https://docs.automic.com/documentation/WEBHELP/English/all/components/DOCU/21.0/Automic%20Automation%20Guides/Content/InstallAgents/InstallAgentWindows.htm?Highlight=act%20as%20a%20part%20of%20operating%20system

Powered by Wolken Software