Reputation: 222
LsaAddAccountRights Custom Action Returning Error Code in Windows Server 2012
I have a custom action which is used to elevate users to be able to log on as a service. This gets run during the installer. It works fine for years on every Windows operating system up until Windows Server 2012. When the below code is run on this version of Windows instead of getting a long back of 0 for success I get a different error code back.
LsaAddAccountRights(
IntPtr PolicyHandle,
IntPtr AccountSid,
LSA_UNICODE_STRING[] UserRights,
long CountOfRights)
The problem is the code appears to be different every time and is a very large number, e.g. 102938473.
I run the error code through the following method to get the error code but this returns a different large number which doesn't appear to be a valid error code.
LsaNtStatusToWinError(long status)
I have tried looking these error codes up, but with no luck. They seem to be randomly generated and nonsensical.
If I ignore the returned error code, It appears that the user is successfully allowed to log on as a service. So everything appears to be working, except I am getting an error code back. I could ignore this error code, but what happens when it is a valid error, I may ignore it in the future.
Extra Information
I can run the code that is in the Custom action fine on its own in a console application without error. Only when it is part of the wix installer it seems not to work.
Upvotes: 0
Views: 335
Answers (2)
Reputation: 11
Issue could be with the return type of LsaAddAccountRights in C#.
I was able to solve the issue by changing the return type of LsaAddAccountRights in C# from long to UInt32. Found this information here . This change must be done for LsaNtStatusToWinError and LsaClose as well.
Upvotes: 1
Reputation: 55591
I'd take a look at the WiX Util extensions's User element. The name attribute can be a property. Using the CreateUser, LogonAsService and UpdateIfExists attributes you can take an existing account and grant it the rights. Or perhaps you have more code that you can refactor.
Upvotes: 0
Related Questions
- Wix Custom Action fails to create SymbolicLink on Windows 7
- Custom Action in C# used via WiX fails with error 1154
- Error 2896 using a WiX C#/.NET 4 custom action
- Wix error 1721 related to CustomAction
- Wix: MSI failing: Error 3: -2147287038
- Running CustomAction in wix as elevated user
- CustomAction error with IIS : UnauthorizedAccessException
- Why might LsaAddAccountRights return STATUS_INVALID_PARAMETER?
- WiX msi custom action not running on limited privileges on Windows 7
- Managed(C#) custom action in WIX doesn't work (error code 1154)