Problem Description
Following a recent NetBrain Integrated Edition upgrade or organization Windows Security/Patch update the NetBrain Benchmark System Task is running much slower than previously observed.
One common issue that NetBrain Technical Support has discovered is that local security policies have been implemented that prevent the NetBrain Worker Server Service from executing properly.
Steps to Reproduce
- Validate that the NetBrain Benchmark execution time has increased (for example, from 1-2 hours to 10+ hours) with no changes to the Device Scope or other Benchmark Advanced Task Settings.
- Check the log of Worker Server (RMAgent), and perform a findstr/search for the following RMAgent ERROR in the log file:
NetBrain Tip: Consult the NetBrain Knowledge Base article for service log locations to locate the Worker Server Service RMAgent log file.
- Using Microsoft Remote Desktop (or equivalent), connect to the Worker Server Service machine with an account that has Administrator privileges.
- In the 'Services' Manager, the NetBrainWorkerServer service should be starting as user of 'NT Service\NetBrainWorkerServer'.
- Run the secpol.msc command in the command line to open the Local Security Policy console
- Locate the item Increase scheduling priority under Local Policies-User Rights Assignment:
- Double-click Increase scheduling priority.
- Confirm the presence of the 'NT SERVICE\NetBrainWorkerServer' user. If the user is not present in the dialog, this is an indication that the NetBrain Worker Server Service does not have the proper security assignment to execute properly (see image below).
Cause
NetBrain Technical Support has observed this scenario occur following upgrade from NetBrain IE7.x to NetBrain IE8.x releases as well as at customer accounts where the Windows servers undergo regular security policy updates and Windows patching.
Resolution
- The customer's SecOps team will need to grant/add the permission for 'NT SERVICE\NetBrainWorkerServer' to this policy setting.
Open a command prompt and open the Services console by typing Services.msc, then press Enter.
Scroll down to the NetBrain Worker Server service.
Right-Click the NetBrain Work Server service, then click "Restart".
Re-execute the NetBrain System Benchmark Task
Workaround
If the SecOps team will not allow the special permission to the NetBrain Worker Server Service user (or there will be a significant delay), the NetBrain Worker Server Service can have its Log On user updated to start as the Local System account.
Open a command prompt and open the Services console by typing Services.msc, then press Enter.
Scroll down to the NetBrain Worker Server service.
Right-Click the NetBrain Work Server service, then click "Properties".
In the Log On tab, click "Local System Account", then click "Apply".
Restart the NetBrain Worker Service and re-execute the NetBrain System Benchmark Task.
NetBrain Tip: It is highly recommended for customer to grant the permission for Worker Server account long term instead of running as Local System account for process security isolation. Once the proper security policy is implemented, re-execute these steps to configure service log on to the account NT SERVICE\NetBrainWorkerServer with empty password.