This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Running OnBase as a Window Service does not work with Interactive Authentication if the Service Logon is set to Local System, Local Service or Network Service

AdamShaneHyland
Employee
Employee

‎11-22-2011 06:28 AM

Running OnBase as a Windows Service displays an error when attempting to start the service.  The OnBase system is configured for Interactive Authentication and the Windows Serice is configured to run as the Local System account.  The same error is displayed when attempting to user the Local Service and Network Service accounts under the Utils | Windows Service | Service Logon Settings in the OnBase Config.

Labels:
0 Kudos
1 REPLY 1

AdamShaneHyland
Employee
Employee

‎11-22-2011 06:37 AM

First lets start of with a bit of backgroun.  There was two different authentications taking place; the first is the Windows Service running as the domain account within the Windows Active Directory environment and the second is the OnBase user specified under the Service Setting in order to login to the OnBase database.  If you have MANAGER and PASSWORD configured under the Service Settings to login to the OnBase database and have a domain account configured under the Service Logon Settings, the Windows Service will login to the OnBase database as the MANAGER account meaning that all access in OnBase will be designated by the permissions set on the MANAGER user account.

 OnBase Config:

Service Setting username: MANAGER | Service Logon Setting: domain\user               

Effective Setting:

( Windows Service [domain\user] ( OnBase [MANAGER] ) )

If you leave the login blank under the Service Settings  and specify a domain account under the Service Logon Settings, the Windows Service will run as the domain account and the AutoLogin settings will login to the OnBase database as the account running the service.  That means all OnBase permissions must be assign to the domain account.

OnBase Config:

Service Setting username: blank | Service Logon Setting: domain\user 

Effective Setting:

( Windows Service [domain\user] ( OnBase [domain\user] ) )

To answer the question, the reason is because Interactive Authentication is configured and the OnBase Client is attempting to login to the OnBase database as the built in workstation account.  If you leave the login under the Service Setting blank and specify the Local System, Local Service or Network Service accounts under the Service Logon Settings, the Windows Service will run as the respective build in Local Workstation account.  OnBase will attempt to use the account running the Windows Service to login to the OnBase database.  Since these build in accounts (ie Local System, Local Service or Network Service) do not have OnBase user accounts it will fail (also note that it is not possible to configure accounts in OnBase for these Local Workstation accounts).  The below example is if you set the username blank under the Service Setting tab and configure the ‘Use Local System Account’ under the Service Logon Settings tab.

OnBase Config:

Service Setting username: blank | Service Logon Setting: Local System

Effective Setting:

( Windows Service [Local System] ( OnBase [Local System] ) )

 

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC