On Windows Server 2003 R2 SP2 with latest security patches we installed SQL
Anywhere 11.0.1.2276.

dbsrv11.exe was installed as a windows network service with rather simple
configuration:

-n MySRV
-o C:\log.txt
C:\YY\myfile.db
-n MyDB

Service is running with System-Account, and may interact with the desktop.
Service is starting automatically.

After rebooting the server everything worked well, so we did not change
anything for weeks.

Yesterday we detected by incident that if the user named "Administrator" (i.
e. the sole user with Administration rights on this host) is logging out of
the server's local console, the dbsrv11 is shutting itself down, with the
log entry that the server is shutting down due to the host is shutting down
(which is not true!). We couldn't believe it so we repeated it for a few
times and it happend ALWAYS.

While this is strange, next thing is even more strange.

We modified the service to not run with System-Account, but instead to run
as the user "Administrator" -- and the mystery is gone. When "Administrator"
logs out from the server's local console, dbsrv11 NOW is NO MORE shutton
down.

I do not believe in ghosts, so I hope that anybody can tell my why this
happens and why it did not happen before. Actually I am the only one who
knows the password of the Administrator account, so nobody can have changed
anything. Maybe it is possible to inject security constraints into
standalone server (not being registered with any domain)???

Thanks
Markus

When a user logs out, all processes that interact with the desktop are sent a KILL message. So if
you run the database server to interact with the desktop, it will receive a KILL message from the OS.

As you've found, not allowing the database server to interact with the desktop resolves the issue.

--
Joshua Savill
Sybase Inc. - Product Manager


Markus KARG wrote:

Josh,

this does not explain the behaviour I described in my original message.
Please read it again carefully: The SYSTEM ACCOUNT's process is stopped when
ADMINISTRATOR is logging off, while the ADMINISTRATOR's own services (not
manual processes!) DO NOT STOP when he logs off. That is the reverse of what
you explained!

Regards
Markus

"Josh Savill [Sybase]" <no_spam_jsavill_no_spam (AT) sybase (DOT) com> schrieb im
Newsbeitrag news:4ab0ef0b$1 (AT) forums-1-dub (DOT) ..

Can you check that this behaviour still occurs if you disable "interact
with desktop"?

-chris

Markus KARG wrote:

Hi Markus,

Markus KARG wrote:
This has more to do with the "re-parenting" of the process when the
LOCAL SYSTEM account is being used - instead of acting like a service,
it acts more like an application running as that user once they're
logged in:

From: http://msdn.microsoft.com/en-us/libr...02(VS.85).aspx

"Services running in an elevated security context, such as the
LocalSystem account, should not create a window on the interactive
desktop because any other application that is running on the interactive
desktop can interact with this window. This exposes the service to any
application that a logged-on user executes."

Which also explains why the service "disappears" when the user logs out.
In your other use case, the Administrator "service" is still running as
a "service" since no "re-parenting" needs to occur.

---

This is also why this feature was removed in Vista, for this very
security reason:

http://en.wikipedia.org/wiki/Shatter_attack

Cheers,

--
Jeff Albion, Sybase iAnywhere

iAnywhere Developer Community :
http://www.sybase.com/developer/libr...ere-techcorner
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
SQL Anywhere Patches and EBFs :
http://downloads.sybase.com/swd/summ...&timeframe =0
Report a Bug/Open a Case : http://case-express.sybase.com/cx/

Yes, it did also occur when disabling that. Unfortunately that is a
customer's server, so I have no live access to do more tests.

"Chris Keating (Sybase iAnywhere)" <keating_nospam (AT) sybase (DOT) com> schrieb im
Newsbeitrag news:4acb3821 (AT) forums-1-dub (DOT) ..

Jeff,

actually I do not see why that quote would explain the actual behaviour
described by me. Can you elaborate a bit? Microsoft just says that this
Windows is accessible by other processed, but it does not say that this
necessarily means that the service is getting stopped when logging out from
the console.

Thanks
Markus

"Jeff Albion [Sybase iAnywhere]" <firstname.lastname (AT) ianywhere (DOT) com> schrieb
im Newsbeitrag news:4acceb63$1 (AT) forums-1-dub (DOT) ..

Markus,

It explains the behaviour in the sense that by exposing a service using
the 'Interact with desktop' feature, it now acts like a process that the
user launched (exposing it to other processes) as opposed to running it
just in session '0' (without the 'interact with desktop' feature, which
keeps the process isolated. This "Session 0" is where the service is
launched if it's under the "LOCAL SYSTEM" account). Obviously, we can't
speak to the specific Microsoft internals and this behaviour is
certainly not limited to just our product.

As you've already discovered, turning off 'Interact With Desktop'
reverts this behaviour - this is recommended to ensure process isolation
(particularly in a Terminal Services environment), and is not
recommended for use in future Windows versions since this feature has
now been deprecated with an annoying nag-screen:

http://en.wikipedia.org/wiki/File:Wi...ces_dialog.png

Other questions beyond this should really be directed to Microsoft - the
process isolation model on Windows is definitely theirs to explain.

Regards,

Markus KARG wrote:
--
Jeff Albion, Sybase iAnywhere

iAnywhere Developer Community :
http://www.sybase.com/developer/libr...ere-techcorner
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
SQL Anywhere Patches and EBFs :
http://downloads.sybase.com/swd/summ...&timeframe =0
Report a Bug/Open a Case : http://case-express.sybase.com/cx/

ok, thanks

Markus

"Jeff Albion [Sybase iAnywhere]" <firstname.lastname (AT) ianywhere (DOT) com> schrieb
im Newsbeitrag news:4ad4a33a (AT) forums-1-dub (DOT) ..