Home > Error Solution, Lotus Notes Solution, Lotus Notes Tutorial > How to fixed Scheduled agent returns error: ‘You are not authorized to use the remote console on this server’

How to fixed Scheduled agent returns error: ‘You are not authorized to use the remote console on this server’

May 6th, 2010 Leave a comment Go to comments

The SendConsoleCommand is a LotusScript back-end method, introduced in Lotus Notes/Domino 6. This method can be used in a scheduled agent on a server to send console commands to the current or to a remote server. However, a Scheduled agent running session.SendConsoleCommand can return the following error message:

“You are not authorized to use the remote console on this server”.

This error can be generated in 2 different scenarios, and the error can be resolved by modifying the Server document, then rebooting the Domino server:
Scenario A. When attempting to issue the console command from an agent on the same server as where the command will be issued:

EXPLANATION: In the first case, the error can occur because the agent signer did not have rights to run the console on the Domino server, even though the agent signer had full admin access rights and rights to run unrestricted methods and operations on the server. In order for the scheduled agent using session.SendConsoleCommand to complete successfully, the signer of the agent may also need to be listed in the Full Remote Console Administrators field in the Server Document on this Domino server.

Scenario B. When attempting to issue the command to a remote server (i.e. the agent resides on a different server than the one where the command is being issued):

EXPLANATION: In the second case, if the back-end scheduled agent issues a Console command to a different, remote Domino server, this server (Server A–the server where the agent runs) must be listed in the “Full Remote Console Administrators” field of the Target server (Server B) document. (This field can be found in the Administrators section on the Security tab of the Server document). Server A must be listed in Server B’s ‘Full Remote Console Administrators’ field because Server A will issue the console command to Server B. The console command will NOT be sent on behalf of the agent signer.

In addition, for programmatic access to ServerB, for example, ServerA must be listed in the “Trusted Servers” field of ServerA. The field help for the “Trusted Servers” field reads as follows:

“Names of servers that are trusted to assert the identities of users to this server, and thus are trusted by the current server to have authenticated those users. Used for remote agent access and xSP.”

Thus, in order to programmatically send console commands to another Domino server, the server issuing the command (or the server running the agent) must be listed in these 2 fields of the remote server’s Server document:

–Full Remote Console Administrators field
–Trusted Servers field

Sample Code: (Agent running on ServerA):

Dim session As New NotesSession
serverName$ = “ServerB/Acme”
consoleCommand$ = (“tell amgr sched”)
consoleReturn$ = session.SendConsoleCommand(serverName$, consoleCommand$)
Print consoleReturn$,, consoleCommand$

Log Output from Server A successfully running the agent (with amgr debug):

<date time> AMgr: Start executing agent ‘sendconsolecommand’ in ‘SendConsole.nsf’ by Executive ’1′
<date time> AMgr: ‘Admin One/Acme’ is the agent signer of agent ‘sendconsolecommand’ in ‘SendConsole.nsf’
<date time> AMgr: ‘Agent ‘sendconsolecommand’ in ‘SendConsole.nsf’ will run on behalf of ‘Admin One/Acme’
<date time> Agent ‘sendconsolecommand’ in database ‘SendConsole.nsf’ signed by ‘Admin One/Acme’ is running in Full Administrator mode
<date time> Agents delayed 60 seconds to provide an opportunity for the remote debugger to attach.
<date time> AMgr: Agent (‘sendconsolecommand’ in ‘SendConsole.nsf’) Printing: Command has been executed on remote server. Use ‘Live’ console option, in future, to view response from server.
<date time> AMgr: Agent ‘sendconsolecommand’ in ‘SendConsole.nsf’ ran successfully; elapsed time was ’6070′ ticks
<date time> AMgr: Agent ‘sendconsolecommand’ is scheduled to run next at: 12/08/2005 03:16:39 PM

Sample Output from Server B (server receiving the remote console command from ServerA):

> tell amgr sched
Command has been executed on remote server. Use ‘Live’ console option, in future, to view response from server.
<date time> Remote console command issued by ServerA/Acme: tell amgr sched

Supporting Information:
When programmatically accessing remote servers, you will also need to list the remote server as a trusted server.

From the Admin help Topic “Restricting Administrator Access”:

Administrator access rights are granted hierarchically. The privilege hierarchy looks like this:
o Full access administrator — gets all rights and privileges of all administration access levels listed.
o Administrator — gets all rights and privileges of database administrator and full-console administrator (but not system administrator).
o Full console administrator — gets rights and privileges of view-only console administrator (but not system administrator)
o System administrator — gets rights and privileges of restricted system administrator

You do not need to list a user individually in each field. Adding a user to the highest level of administrator access automatically grants that user all privileges listed for more restricted access levels below in the hierarchy. “

Viewed 7519 times by 2423 viewers

Categories: Error Solution, Lotus Notes Solution, Lotus Notes Tutorial Tags:
  1. No comments yet.
  1. No trackbacks yet.