New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Vice Admiral Vice Admiral
Vice Admiral
974 views

Need to have RAS run as a Windows Domain Account ... having issues

Jump to solution

I need to have NRAS run as a Windows Domain account so it can talk to a MS Cluster usign the PowerShell cmdlets that came with the OO 9.00.05 content patch.

 

My question is on how to install OO in general.  Right now this is a brand new single OO server with the RAS the that comes it.  When installing it as the local administrator and then changing the RSJRAS service "Log on As" option, RAS isn't happy.  Studio no longer can valid its RAS path and the content patch installers fail with a HTTP 404 Not Found exception.  Since I installed OO originally as the local administrator I'm pretty sure this is the issue.  I confirmed this by changed RSJRAS back to Local System and the 9.00.05 content patch installed just find.  So this is a permissions issue.

 

When you know you're going to run RAS as a domain login, what the process to get this one ?

 

Do you install OO as the domain account (rather than the local admin account) ?  <I'm not a Windows guy and I don't play on on TV either> If so, does the domain account need to be given rights to install software on the machine ?

 

Or, can you install as the local administrator and then change permissions or something on the a specific folder structure for RAS so the domain account its running can use/update things as needed ?

0 Likes
1 Solution

Accepted Solutions
Highlighted
Vice Admiral Vice Admiral
Vice Admiral

Gotta love Google.

 

The issue is permissions like I thought.

 

Going into the Windows File Explorer and then adding the domain account with Full Control to everything under the "c:\Program Files\Hewlett-Packard\Operations Orchestration" fix it.  With RAS running as the domain account and this permissions update, Studio now verifies its RAS Path fine and the OO SAS 9.00.05 content patch installer worked fine.

 

All better 🙂

View solution in original post

0 Likes
2 Replies
Highlighted
Vice Admiral Vice Admiral
Vice Admiral

Gotta love Google.

 

The issue is permissions like I thought.

 

Going into the Windows File Explorer and then adding the domain account with Full Control to everything under the "c:\Program Files\Hewlett-Packard\Operations Orchestration" fix it.  With RAS running as the domain account and this permissions update, Studio now verifies its RAS Path fine and the OO SAS 9.00.05 content patch installer worked fine.

 

All better 🙂

View solution in original post

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Instead of having RAS run as a domain account. I think the best practices is to use a ' OO System account' within your flow.

 

Under OO Configuration, Create a System account adding your Domain User account and Password information.  Then within your operation that calls the powershell script set the username & password field of the operation to type -> 'Credentials" and then pick  the System account system account you created.

 

The operation it self  will 'run as' that domain account.  Your ras service should not have to run as a domain account. A single flow can use multiple 'OO System Accounts' to access various systems within your network.

  

We also do this so that our Security group can audit and maintain the Domain Accounts, they can change the account password in the System Account configuration at will, and all the flows that reference that account get the new credentials. The developers/admins don't have to know the account/password to use the account in their flow.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.