Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

But the log you have posted does not show that WinSCP.exe process was started although not impersonated. It shows that the process did not even start.
Nisha

Debug log file is getting created and I can see these errors there. But it complains of access writing to session file, though both of them are in the same location.
And as you confirmed .Net assembly is getting impersonated but the child process is not, hence the error.
Getting this error on Session.Open method.
Any idea what is preventing the child process in getting impersonated, even on assigning the 2 properties ExecutableProcessUsername and Password.

The service ID is assigned Allow log on local and Logon as Service access under Local Security Policy.

Thanks.
martin

Re: Impersonation in Windows service

Before you wrote that you get an error when creating session log file. But now it seems that you are never even able to start WinSCP.exe process (so it never even gets to the point, where it would starting writing the log file). So was your previous conclusion incorrect? Or did something change?
nisha

Impersonation in Windows service

Thanks Martin for the reply, my actual issue is this,

I have a Windows service installed as (Logon as Network Service).
Spawn a thread and using Impersonation (username: someuser), invoke a method to FTP files that uses WINSCPNet.dll code.

1. I get the following error in this case
[0013] Waiting for request event

[0008] Exception: System.TimeoutException: Timeout waiting for WinSCP to respond - WinSCP has not responded in time, There was no output.Response log file \\xyz.com\abc\winscp_log.xml was not created. This could indicate lack of write permissions to the log folder or problems starting WINSCP itself.
   at WINSCP.Session.CheckForTimeout(String additional)
   at WINSCP.Session.Open(SessionOptions sessionOptions)
[0008] Session.Cleanup entering
[0008] Terminating process

2. Along with Impersonation, I tried assigning same value to ExecutableProcessUsername (someuser) and ExecutableOrocessPassword
ExeSessionProcess.InittializeConsole entering

[0008] Trying event _2832_508747780_879
[0008] Creating event WinSCPCOnsoleEvent_2832_50874780_879
[0008] Created event WinSCPCOnsoleEvent_2832_50874780_879 with handle 1568 with security D:(A;;0X1f0003;;;S-1-5-21-1454471165-2077806209-1801674531-9593873), new True
[0008] Event _2832_50874780_879 is unique
[0008] Creating event WinSCPCOnsoleEvent_2832_50874780_879
[0008] Created event WinSCPCOnsoleEvent_2832_50874780_879 with handle 1832 with security D:(A;;0X1f0003;;;S-1-5-21-1454471165-2077806209-1801674531-9593873), new True
[0008] Creating event WinSCPCOnsoleEvent_2832_50874780_879
[0008] Created event WinSCPCOnsoleEvent_2832_50874780_879 with handle 732 with security D:(A;;0X1f0003;;;S-1-5-21-1454471165-2077806209-1801674531-9593873), new True
[0008] Acquiring communication structure
[0008] Acquired communication structure
[0008] Releasing communication structure
[0008] Released communication structure
[0008] Job Created
[0008] Job set to kill all processes
[0008] ExeSessionProcess.InitializeConsole leaving
[0008] ExeSessionProcess.InitializeChild entering
[0008] Will run process as someuser@domain
[0008] Granting access to window station
[0008] Granting access to desktop
[0008] Starting "D:\Apps\SSH Tools\WinSCP.exe" /xmllog="\\xyz.com\abc\winscp_log.xml" /xmlgroups /xmllogrequired /nointeractiveinput /dotnet=595 /ini=null /log="\\xyz.com\abc\winscp_session.xml" /loglevel=1 /console/consoleinstance=_2832_50874780_879
[0008] ExeSessionProcess.InitializeChild leaving
[0008] ExeSessionProcess.Start leaving
[0008] Exception: System.ComponentModel.Win32Exception (0X80004005): Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at WinSCP.ExeSessionProcess.InitializeChild()
at WinSCP.ExeSessionProcess.Start()
at WinSCP.Session.Open(SessionOptions sessionOptions)

3. If I install Windows Service as (someuser), everything works fine

Looks like WinSCP.exe is still getting invoked as network service and not the provided credentials of ExecutableProcessUsername (someuser) and ExecutableOrocessPassword.

Appreciate your input to get impersonation working.
martin

Re: Access needed on the folder to generate session debug log

The debug log is generated by the WinSCP .NET assembly within your .NET process.
While the session log file is generated by WinSCP.exe child process.
That's what probably causes the difference.
Is this only problem you are facing? Or are you actually facing a different problem, which you are trying to solve by logging? Like these?
https://winscp.net/eng/docs/message_library_timeout_waiting_to_respond
https://winscp.net/eng/docs/message_cannot_initialize_external_console
nisha

Access needed on the folder to generate session debug log

Hi,

I am using 5.9.5.0 version of WinSCP from .NET code.
It is able to generate debuglog files in the shared folder, but throws ‘Access denied’ error for sessionDebug file which is also a different file name in the same folder location.
Is there an elevated access that is required for the account running the WinSCP code to generate sessionDebug file?
Currently the account has read/write but not Full Control access on the shared folder.

Thanks. Let me know if you need more details.