login about faq

I have a C# Application that is a Windows Service. It is creating a simple CMD file with the following contents, which it sends to a .NET PROCESS to execute the CMD file:

"sftpg3.exe" -B "C:\tempSFTPScriptFile.ssh" hopUserProfile

The hopUserProfile is setup to use public key access method.

The ssh file has the following

lcd E:\DropRoot

get --preserve-attributes --checksum=sha1 --overwrite=yes *


If I run a windows command prompt and execute the CMD file, everything works perfectly. I am not prompted for anything, so it does not seem to be due to user interactivity issues.

However, my service shows a failure with the following errors, even though the service is running under the same domain account that created the profile, and that domain account has Admin rights.

Error: Could not connect to broker: OpenProcess failed: 5 / Failed to get process 4104 integrity level. / Trustworthiness of the client process cannot be verified. Refusing to serve unknown client. / Broker is already running. / Failed to start on-demand Broker.

The broker never shows a connection.

I am totally lost here, so any assistance would be most welcome.

asked Mar 24 '15 at 17:23

philipsDev's gravatar image


edited Mar 24 '15 at 17:24

So I think i've answered my own question. It appears that in Windows 2012, different credentials are used when a service issues a .NET PROCESS object to run an application. The errors are identical to those when trying to reference a profile created by a different user.


answered Mar 26 '15 at 15:52

philipsDev's gravatar image


The problem usually is the UAC (User Account Control). When you are an admin on new Windows computer (Vista and newer) and UAC is on, you have 2 identities and they do not trust one another. So the problem probably is that ssh-broker-g3.exe process has been started when you normally logged in to the machine. It has been started without elevated privileges. But when a service is started in Session 0, it starts all processes WITH elevated privileges. So now the connection broker (ssh-broker-g3), does not have rights to send communication handles to sftpg3 process.

You can easily fix this either:

  • By first stopping the ssh-broker-g3 process and starting it again with elevated privileges.
  • Or by by stopping the process and making sure no one else will start it. In that case sftpg3 will start it itself; when it needs it with correct UAC level.

This is a schizophrenic headache that Microsoft introduced in Windows Vista and would require major refactoring of the Tectia Client architecture to work seamlessly in all circumstances.


answered Jun 05 '15 at 10:05

Martin%20Dobsik's gravatar image

Martin Dobsik

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Mar 24 '15 at 17:23

Seen: 7,883 times

Last updated: Jun 05 '15 at 10:05

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.