Forum Discussion

ia01's avatar
ia01
Level 6
13 years ago

EV10.0.1 FSA Target - under Hidden Volume, Folder level permissions

Hi,

 

EV10.0.1 FSA Target - under Hidden Volume, what sort of folder level permissions are required?

For example for FSA target we have FILE01

 

File share SHARE1 pointing to D:\

In D:\ there is a folder FOL1, FOL1 has unique permissions for some users, not inhereting permissions from parent and Local system Administrators doesn't have any permission except Folder Owner permission and EV service account is part of local system Administrators

\\FILE01\SHARE1\FOL1\File1.doc 140716 12 Months Not Accessed - 1MB All files ARCHIVE *** Error *** - Error making file: \\?\UNC\FILE01\SHARE1\FOL1\File1.doc a placeholder file. Value does not fall within the expected 

Could this be a permissions issue?

What exact permission is required in that folder level for EV to be able to make placeholders? At the moment EV service account cannot even create a folder under that folder.

Many Thanks

  • You shouldn't need to do this, and I've just tested archiving and creating placeholders for a folder which the EVservice account did not have any access (could not even OPEN the folder)

    Maybe you are encountering an issue similar to the one detailed in this technote:

    http://www.symantec.com/docs/TECH168167

    You could of course be using an older version of the FSA agent. Which version did you deploy. And have you tried the EV9 sp3 + hotfix version (sometimes when EV versions are being developed in parallel, fixes get released at different times )

    Regards,

    Jeff

  • Ref : https://www-secure.symantec.com/connect/sites/default/files/EV%20Best%20Practice%20-%20FSA%20Implementation%20(June%202012).pdf

    page 3:

    It is recommended that the VSA have local administrator rights on a Windows file server target. However, there are situations where the VSA cannot be granted these rights. In these particular situations, it is recommended that the following be configured for the VSA on the Windows file server target:

     Add the VSA to the Power Users Group

     VSA either added to the backup operators group or granted backup privileges

     Grant the VSA Remote Launch and Remote Activation DCOM permissions

     Authorize the VSA account in WMI Control with the Remote Enable permission at the root level (see

    http://technet.microsoft.com/en-us/library/cc787533%28WS.10%29.aspx) and propagate to all subfolders

     Ensure that the VSA has Full Control on the share being targeted

     

    Regards,

    Jeff

  • Hi Jeff,

    VSA is local administrator on that file server.

    VSA has full control on Share.

    However some folders inside that share has unique permissions where VSA doesn't have permissions.

    So my question is do we have to apply full control NTFS permissions on those specific fodlers explicitly for VSA?

    Many Thanks

  • You shouldn't need to do this, and I've just tested archiving and creating placeholders for a folder which the EVservice account did not have any access (could not even OPEN the folder)

    Maybe you are encountering an issue similar to the one detailed in this technote:

    http://www.symantec.com/docs/TECH168167

    You could of course be using an older version of the FSA agent. Which version did you deploy. And have you tried the EV9 sp3 + hotfix version (sometimes when EV versions are being developed in parallel, fixes get released at different times )

    Regards,

    Jeff

  • Hmmm, makes sense, we have upgraded EV to 10.0.1 but some FSA agents are still 8.0.3 and 8.0.4. Maybe worth trying upgrading those FSA agents.

  • Absolutely. If nothing else because they (EV8 agents) aren't supported with EV10 ;)

    Regards,

    Jeff

  • You are right Jeff! After upgrading agents to V 10 all works fine now.

    Thanks