Alternate Credentials for Package Servers fails with authorization errors

Article:TECH11409  |  Created: 2005-09-09  |  Updated: 2005-09-09  |  Article URL http://www.symantec.com/docs/TECH11409
Article Type
Technical Solution


Issue



The main Notification Server (machine a) and a Package Server (machine b) and a file server (machine c) are on one subnet.  On another subnet a machine acts as both a Package Server and a file server (machine d) – for performance reasons. If a DFS share is setup and the root is on (B) and (D) for each subnet respectively and alternative credentials are defined for Package Servers, as well as a secondary location (to make administration easier), it fails with authorization problems.

Symptoms in the error log
<event date='Mar 17 12:24:10' severity='1' hostName='NTMAGS21' source='CFileSecurity' module='AeXNSCPackageServer.dll' process='AeXNSAgent.exe' pid='4784' thread='4452' tickCount='346360000' >
  <![CDATA[Unable to set security for file '\\eu.sappi.com\eu\swdistr\packages\nld', Error:Access is denied(5)]]></event> <event date='Mar 17 12:24:10' severity='1' hostName='NTMAGS21' source='CFileSecurity' module='AeXNSCPackageServer.dll' process='AeXNSAgent.exe' pid='4784' thread='4452' tickCount='346360000' >
  <![CDATA[Unable to set security for file '\\eu.sappi.com\eu\swdistr\packages\nld\Adobe', Error:Access is denied(5)]]></event> <event date='Mar 17 12:24:10' severity='1' hostName='NTMAGS21' source='CFileSecurity' module='AeXNSCPackageServer.dll' process='AeXNSAgent.exe' pid='4784' thread='4452' tickCount='346360015' >

Environment



Notification Server 6.0

Cause



It is important to note that permissions are set on custom locations. To give the computer full control, set the permissions and remove the full control permission for the computer account, thereafter the permissions can no longer be set.

Solution



The solution is to not give the computer account full control, only read/write access. In this case the files will get downloaded, copied and moved properly, but there will still be access denied messages in the log. The problem with logging will be corrected in a future release, and enhancements will be added to better support this scenario.

Legacy ID



1754


Article URL http://www.symantec.com/docs/TECH11409


Terms of use for this information are found in Legal Notices