Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

4596

January 11th, 2013 06:00

CEPA Configuration: MSRPC ERROR / nt status = ACCESS_DENIED

Hi,

After enabling CEPA and validating the pool info (full output is below), I am seeing nt status = ACCESS_DENIED.  The firewall on the VEE machine is disabled and DNS is working.  Can anyone offer any insight as to what the ACCESS_DENIED error is referring to?

~]$ /nas/bin/server_cepp server_2 -pool -info      server_2 :
pool_name  = sepapool
server_required = No
access_checks_ignored = 961
req_timeout = 5000ms
retry_timeout = 1500ms
pre_events =
post_events = OpenFileNoAccess,OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir,CloseDir,FileRead,FileWrite,SetSecFile,SetSecDir

post_err_events = OpenFileNoAccess,OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir,CloseDir,FileRead,FileWrite,SetSecFile,SetSecDir

  CEPP Servers:
IP = 10.0.0.23, state = MSRPC ERROR, rpc = MS-RPC over SMB, cava version = , nt status = ACCESS_DENIED, server name = test.xyz.com

Thanks,

Mike

1.2K Posts

January 18th, 2013 12:00

Try specifying an MSRPC user and increasing your retry timeout - this might get a few more log entries in the server_log output.

1.2K Posts

January 11th, 2013 12:00

Have you assigned rights to the domain account you're using for VEE?  In the Celerra Management MMC snap-in, you assign a domain user with the privileges "EMC Event Notification Bypass" and "EMC Virus Checking".  Take a look at page 117 of the Event Enabler documentation.

You can also look at the server log with server_log server_2|grep CEPP to grab the CEPP errors.  Try grabbing the errors when you attempt to start the service.

4 Posts

January 15th, 2013 11:00

Thanks for the quick reply.  Rights have been assigned to the user account that's running the CAVA service.  My understanding is that the datamover authenticates with the CIFSSERVER$ machine account anyway unless an msrpc user value is set in the cepp.conf.  Would it help to specify a value for the msrpc user?

1.2K Posts

January 15th, 2013 14:00

Possibly - what does your cepp.conf file look like today?

Something like:

cifsserver=CIFSNAS01

surveytime=30

ft level=[1] {location=/fs_cepplogs01} {size=100}

msrpcuser=CAVAUSER1

pool name=ceppool

servers=10.20.22.10|10.20.22.11|10.20.22.12

preevents=OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified

postevents=CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir

posterrevents=SetAclFile,SetAclDir

option=denied

reqtimeout=5000

retrytimeout=1000

Your file might be a bit different.  Thanks!

4 Posts

January 15th, 2013 14:00

surveytime=10

pool name=sepapool \

servers= \

postevents=* \

posterrevents=* \

option=ignore \

reqtimeout=5000 \

retrytimeout=1500

4 Posts

January 18th, 2013 12:00

It looks like the CIFS server that was created was not joined to the domain and therefore couldn't authenticate.  After joining to the domain, the issue is resolved.  Thanks for the help Karl!

No Events found!

Top