This post is more than 5 years old
4 Posts
0
4596
CEPA Configuration: MSRPC ERROR / nt status = ACCESS_DENIED
Hi,
After enabling CEPA and validating the pool info (full output is below), I am seeing nt status = ACCESS_DENIED. The firewall on the VEE machine is disabled and DNS is working. Can anyone offer any insight as to what the ACCESS_DENIED error is referring to?
~]$ /nas/bin/server_cepp server_2 -pool -info server_2 :
pool_name = sepapool
server_required = No
access_checks_ignored = 961
req_timeout = 5000ms
retry_timeout = 1500ms
pre_events =
post_events = OpenFileNoAccess,OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir,CloseDir,FileRead,FileWrite,SetSecFile,SetSecDir
post_err_events = OpenFileNoAccess,OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir,CloseDir,FileRead,FileWrite,SetSecFile,SetSecDir
CEPP Servers:
IP = 10.0.0.23, state = MSRPC ERROR, rpc = MS-RPC over SMB, cava version = , nt status = ACCESS_DENIED, server name = test.xyz.com
Thanks,
Mike
umichklewis
1.2K Posts
0
January 18th, 2013 12:00
Try specifying an MSRPC user and increasing your retry timeout - this might get a few more log entries in the server_log output.
umichklewis
1.2K Posts
0
January 11th, 2013 12:00
Have you assigned rights to the domain account you're using for VEE? In the Celerra Management MMC snap-in, you assign a domain user with the privileges "EMC Event Notification Bypass" and "EMC Virus Checking". Take a look at page 117 of the Event Enabler documentation.
You can also look at the server log with server_log server_2|grep CEPP to grab the CEPP errors. Try grabbing the errors when you attempt to start the service.
mikewp23
4 Posts
0
January 15th, 2013 11:00
Thanks for the quick reply. Rights have been assigned to the user account that's running the CAVA service. My understanding is that the datamover authenticates with the CIFSSERVER$ machine account anyway unless an msrpc user value is set in the cepp.conf. Would it help to specify a value for the msrpc user?
umichklewis
1.2K Posts
0
January 15th, 2013 14:00
Possibly - what does your cepp.conf file look like today?
Something like:
cifsserver=CIFSNAS01
surveytime=30
ft level=[1] {location=/fs_cepplogs01} {size=100}
msrpcuser=CAVAUSER1
pool name=ceppool
servers=10.20.22.10|10.20.22.11|10.20.22.12
preevents=OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified
postevents=CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir
posterrevents=SetAclFile,SetAclDir
option=denied
reqtimeout=5000
retrytimeout=1000
Your file might be a bit different. Thanks!
mikewp23
4 Posts
0
January 15th, 2013 14:00
surveytime=10
pool name=sepapool \
servers= \
postevents=* \
posterrevents=* \
option=ignore \
reqtimeout=5000 \
retrytimeout=1500
mikewp23
4 Posts
0
January 18th, 2013 12:00
It looks like the CIFS server that was created was not joined to the domain and therefore couldn't authenticate. After joining to the domain, the issue is resolved. Thanks for the help Karl!