Skip to main content
  • EN

I have a workspace that kicks of a PowerShell script via a PythonCaller that kicks off another script under the context of another user. This works perfectly on my desktop but once uploaded to FME Server the second PowerShell script fails to execute.

 

The issue arises somewhere after Start-Process begins executing. The log file to which I am redirecting output is wiped out after I write to it when I create it. This is the first thing Start-Process does when RedirectStandardError parameter is used. The problem is my second log is never created which is the first step in my second script. However, no error is produced not in the FME job log or Windows Log on the server.

 

Has anyone tried to use Start-Process on FME Server? Are there configuration steps required by FME Server?

 

PythonCaller

class FeatureProcessor(object):
 def __init__(self):
 self.scriptOutput = str('')

 process = subprocess.Popen(c"powershell.exe",
  "\\\\fileshare\\scripts\\RunAsSvcAcct.ps1"],
  stdout=subprocess.PIPE)

 self.scriptOutput = process.communicate()l0]
 logger = fmeobjects.FMELogFile()
 logger.logMessageString(self.scriptOutput)
pass

 

RunAsSvcAcct.ps1

Write-Host "RunAsSvcAcct WorkingDir: $(Get-Location)"
# Create log files
 $runAsStdOut = "RunAsSvc_Paycom_StdOut-$(Get-Date -Format "yyyymmddTHHmmss").log"
 $runAsStdOut = -join(".\",$runAsStdOut)
 $runAsStdErr = "RunAsSvc_Paycom_StdErr-$(Get-Date -Format "yyyymmddTHHmmss").log"
 $runAsStdErr = -join(".\",$runAsStdErr)

# Create credentials object  
 $username = "username"  
 $password = "password"  
 $securePassword = ConvertTo-SecureString $password  
 $credential = New-Object System.Management.Automation.PSCredential $username, $securePassword  

# Kick off script as service account  
 Write-Host "`nUpdateADUsers workingDir: $($workingDir)`n"  
 Start-Process powershell.exe -Credential $credential -ArgumentList (
"-executionpolicy bypass",
"-File "".\SecondScript""") -WorkingDirectory "C:\" -RedirectStandardOutput $runAsStdOut -RedirectStandardError $runAsStdErr

 

SecondScript.ps1

# script running another user
$runAs = "Running as $(oSystem.Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object Name)"
Write-Host "Running as: $($runAs)"
# The Write-LogMsg creates a file if it does not yet exist
Write-LogMsg -filePath ".\mylog.log" -msg "Begin processing... `n"

Does the powershell execution policy allow for running scripts? On our machines we can run powershell commands without issue, but cannot run powershell scripts unless they are digitally signed.

Does the powershell execution policy allow for running scripts? On our machines we can run powershell commands without issue, but cannot run powershell scripts unless they are digitally signed.

The initial script runs without issue. I think it would throw an exception on the first one if it was an ExecutionPolicy issue.

Have you looked in the FME Server log files for additional messages that could explain the behavior? My first hunch would be to look in fmeprocessmonitor.log.

Does the FME Server service user have the rights to execute this script? What happens if you log into the server as the service user and try to execute the Powershell script manually?

Have you looked in the FME Server log files for additional messages that could explain the behavior? My first hunch would be to look in fmeprocessmonitor.log.

Does the FME Server service user have the rights to execute this script? What happens if you log into the server as the service user and try to execute the Powershell script manually?

I was able to execute the scripts successfully while logged into the server as the service account. The issue appears to be with kicking off a second process via the PS process that FME kicks off. Is there some issue with trying to do this?

Have you looked in the FME Server log files for additional messages that could explain the behavior? My first hunch would be to look in fmeprocessmonitor.log.

Does the FME Server service user have the rights to execute this script? What happens if you log into the server as the service user and try to execute the Powershell script manually?

Also, I checked the fmeprocessmonitor.log and could not find any errors or warning.

I was able to execute the scripts successfully while logged into the server as the service account. The issue appears to be with kicking off a second process via the PS process that FME kicks off. Is there some issue with trying to do this?

Is the FME Server Engine service user running as local system or as a domain user?

If it's local system, try again using a domain user (e.g. yourself).

If it's already a domain user, verify that it has the necessary rights.

Also, have a look in the Windows event log.

Is the FME Server Engine service user running as local system or as a domain user?

If it's local system, try again using a domain user (e.g. yourself).

If it's already a domain user, verify that it has the necessary rights.

Also, have a look in the Windows event log.

The FME Engine Service is running as a service account that is a domain user. I have checked windows logs and cannot find any error messages.

The only information I can glean from the windows logs is that the start process fails to run with credentials. When I kick off the script I get the 4 below logs to the Windows.PowerShell.Operational log (Only 3 when running from FME). When the scripts are run directly on the server you can see the User as the 'RunAsAccount' which is the proper account. The logs produced from running the scripts via FME Server have user as the service account running the engine service.

 

Running directly on server

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:12:04 PM

Event ID: 40961

Task Category: PowerShell Console Startup

Level: Information

Keywords: None

User: DOMAIN\\svc_myRunAsAccount

Computer: FME-server

Description:

PowerShell console is starting up

------------------------------------------------------------------------------------

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:12:04 PM

Event ID: 53504

Task Category: PowerShell Named Pipe IPC

Level: Information

Keywords: None

User: DOMAIN\\svc_myRunAsAccount

Computer: FME-server

Description:

Windows PowerShell has started an IPC listening thread on process: 7980 in AppDomain: DefaultAppDomain.

------------------------------------------------------------------------------------

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:12:04 PM

Event ID: 40962

Task Category: PowerShell Console Startup

Level: Information

Keywords: None

User: DOMAIN\\svc_myRunAsAccount

Computer: FME-server

Description:

PowerShell console is ready for user input

------------------------------------------------------------------------------------

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:12:04 PM

Event ID: 4104

Task Category: Execute a Remote Command

Level: Warning

Keywords: None

User: DOMAIN\\svc_myRunAsAccount

Computer: FME-server

Description:

Creating Scriptblock text (1 of 1):

# my script

ScriptBlock ID: 465b4b7c-a8a4-42fc-8a63-904b761d2208

Path: \\\\path\\to\\script\\script.ps1

 

Running from FME server

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:09:44 PM

Event ID: 40961

Task Category: PowerShell Console Startup

Level: Information

Keywords: None

User: DOMAIN\\svc_myFMEEngineAccount

Computer: FME-server

Description:

PowerShell console is starting up

------------------------------------------------------------------------------------

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:09:44 PM

Event ID: 53504

Task Category: PowerShell Named Pipe IPC

Level: Information

Keywords: None

User: DOMAIN\\svc_myFMEEngineAccount

Computer: FME-server

Description:

Windows PowerShell has started an IPC listening thread on process: 2912 in AppDomain: DefaultAppDomain.

------------------------------------------------------------------------------------

Log Name: Microsoft-Windows-PowerShell/Operational

Source: Microsoft-Windows-PowerShell

Date: 11/18/2019 1:09:44 PM

Event ID: 40962

Task Category: PowerShell Console Startup

Level: Information

Keywords: None

User: DOMAIN\\svc_myFMEEngineAccount

Computer: FME-server

Description:

PowerShell console is ready for user input

Reply


Community Stats

30,177
Posts
114,554
Replies
37,842
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.