· Sep 27, 2016

question on ExternalFreeze on windows platform --

All responses are appreciated.  I am new to both scripting and CACHE so please bear with me.  I am setting up a nightly backup script for freezing cache then backing it up and then thawing it back out.  Currently when I enter the freeze command I am getting a response of access denied even though my id has %all access.  I've tried passing the userid/password as a parameter in the externalfreeze command and passing it from a file.  I've used my id and lastly I used the _system id in the file.  What ID should I use for this or am I passing it wrong?

sample 1:  ..\bin\cache -s. -u%%sys ##class(backup.General).externalfreeze() <c:\temp\login.scr

sample 2:  ..\bin\cache -s. -u%%sys ##class(backup.General).externalfreeze(username="?????",password="???????")


Discussion (17)0
Log in or sign up to continue

Good Morning,  I have turned on Auditing and here is a screen shot of the record produced when I execute the freeze command.  It looks like even though I'm passing the password file that the process is using the unknownuser id.

Command is: 

I put the logfile parameter in but it doesn't create anything.

password file is:

?????<\n>          (userid)

???????<\n>       (password)




I just looked at the profile for the unknownuser and noticed that it failed due to the namespace %%SYS doesn't exist.  I removed one of the % signs and now the access denied message has quit coming up but the system is just sitting there and I'm not getting any response back to powershell nor to the console log.  When I enter the command ..\bin\cache -s. I get the same response and I have to hit ctrl-c to break in.  Screen below is what I'm getting now with the freeze or the -s. command.


Hi William,

I write this as a new answer, and not as a comment on the existing threads, as I think I could spot what your actual issue is, and hopefully also how to get your command working..

You indicated your Powershell command as follow:

sample 1:  ..\bin\cache -s. -u%%sys ##class(backup.General).externalfreeze() <c:\temp\login.scr

We can see that you took the syntax directly from the Backup.General class documentation, where the example is part of a batch file example, and as part of being a batch file, in Windows you will need to escape special characters like "%", typing them twice, so that the parameter -U%SYS becomes -U%%SYS when scripted.

The problem is that you are not scripting it as a batch file..

Look what happens when I use your syntax in my test environment:

PS C:\InterSystems\E20161\mgr> ../bin/cache -s. -U%%sys

Knoten: VM-WIN8, Instanz: E20161

Zugriff verweigert

That error translates to access denied, only in German..

Look now if I remove the double %% to the -U parameter:

PS C:\InterSystems\E20161\mgr> ../bin/cache -s. -U%sys

Knoten: VM-WIN8, Instanz: E20161


Success, I actually logged in %SYS!

And now I can even complete your original call to ExternalFreeze(), PowerShell-style:

PS C:\InterSystems\E20161\mgr> ../bin/cache -s. -U%SYS "##Class(Backup.General).ExternalFreeze()"
PS C:\InterSystems\E20161\mgr> ../bin/cache -s. -U%SYS "##Class(Backup.General).ExternalThaw()"

All of the above assumes that you have "Unauthenticated" allowed for your %Service_Console service, option that I understand you have?

I am not that great in PowerShell scripting at all, so my final examples are very, very basic, but the two following PowerShell do work for me and call ExternalFreeze() and ExternalThaw():


C:\InterSystems\E20161\bin\cache -sC:\InterSystems\E20161\mgr -U%SYS "##Class(Backup.General).ExternalFreeze()"


C:\InterSystems\E20161\bin\cache -sC:\InterSystems\E20161\mgr -U%SYS "##Class(Backup.General).ExternalThaw()"

Hopefully these examples will A) work for you too, and B) allow you to further continue your scripting work..

Keep us updated on your progress

Hello,  I want to thank everyone for there input it was a great help.  I have the powershell script working on my sandbox server.  two things were really important in getting it to work. that was different than what I had found in the documentation.  The first was using -U%SYS rather than _U%%SYS.  the second was putting the freeze command in double quotes like this "##Class(Backup.General).ExternalFreeze()". 

Today I migrated it over to my production server and I'm having one final issue.  Our production server is in lock down security mode and using the example of passing a file with the userid/password I still get access denied.    Tani do you have an example of using windows authentication and will it work with the powershell script? The < in the command <c:\login.scr causes errors in powershell indicating it's a reserved symbol.

William, for more info about using OS authentication see here from the docs. Specifically see also there a note regarding Kerberos on Windows and using Domain users. This might play better for you with your locked-down installation as OS authentication is not on by default (system-wide).

Assuming you want to use OS Authentication - you need to first make sure this on system-wide:

Then make sure it is on for the service (%Service_Console is this case):

And that you have a Caché User with the same name as the OS User (and that of course has the relevant authorization):

Then you should be able to run without having to authenticate separately to Caché.

For example opening the Terminal without getting prompted for login:

[ As opposed to the behavior without OS authentication enabled:


Hope this helps.

Thanks for providing useful information. Above mentioned approach works in windows command prompt. But through Cache Object script,

##Class(Backup.General).ExternalFreeze()  method response is incorrect. In case of ##Class(Backup.General).ExternalThaw() response works as expected because this method could  not expects credentials. Only issue with externalFreeze() method. Any help on this issue?