cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Access denied

T1mmy
Level 3

‎05-27-2008 12:33 AM

Hi,

I keep getting "Access denied" errors to the Windows Server Agent 12 with one of our computers at our hosting environment. I have searched through the forums and haven't found a solution for my problem. I'm guessing that the main problem is that the computer in question is in another domain that is not under our control. I have tried to connect to the agent using both local administrator account and a domain account that has been granted local administrator rights with no success, Event log shows that windows authentication goes through succesfully but no connection to the agent can be made.

I'm not even sure of where to start troubleshooting this, since all information I get is this "Access denied" -error when trying to connect tot the machine through the media server. Does the agent store any logs or something that could help me find out some more detailed information on at what point does this error occur? I have tried most of the solutions and suggestions I've found but all with the same result so all help would be highly appreciated.
0 Kudos
6 REPLIES 6

T1mmy
Level 3

‎06-02-2008 02:26 AM

Anyone? The server in question is a very critical one and I'd very much appreciate for at least directions to where to start troubleshooting this issue.
0 Kudos

T1mmy
Level 3

‎06-18-2008 04:45 AM

Still no answers...

below is pasted the (cleaned) debug log of one failed attempt to login to the server through Backup Exec Server, would that be of any use?

Code:
[4956] DATE TIME ndmpRun: Control connection accepted : connection established between end-points aaa.bbb.ccc.ddd:10000 and eee.fff.ggg.hhh:4042
[4956] DATE TIME ndmpCreateConnection
[6036] DATE TIME ndmpdConnectionHandler: received connection(1320).
[6036] DATE TIME ndmpSendRequest: message:0x502
[6036] DATE TIME sent          seq#: 1 msg: 0x502
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmpdConnectOpen: protocol_version:4.
[6036] DATE TIME ndmpSendReply: message:0x900
[6036] DATE TIME ndmpFreeMessage: message:0x900
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmpdConnectOpen: protocol_version:3.
[6036] DATE TIME ndmpSendReply: message:0x900
[6036] DATE TIME ndmpFreeMessage: message:0x900
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmpdConfigGetServerInfo:
[6036] DATE TIME ndmpSendReply: message:0x108
[6036] DATE TIME ndmpFreeMessage: message:0x108
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmpdConfigGetAuthAttr:
[6036] DATE TIME ndmpSendReply: message:0x103
[6036] DATE TIME ndmpFreeMessage: message:0x103
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmpdPKCSSession: mode:start.
[6036] DATE TIME ndmpSendReply: message:0xf33b
[6036] DATE TIME ndmpFreeMessage: message:0xf33b
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmpdConnectClientAuth: auth_type:BEWS2.
[6036] DATE TIME BELogonUser: beclass::IsThisMe() returned error: 87
[6036] DATE TIME LogonType set = [LOGON32_LOGON_INTERACTIVE][0x2]
[6036] DATE TIME LogonUser(LOGON32_LOGON_INTERACTIVE-0x2) success
[6036] DATE TIME Successfully impersonated DOMAIN\user
[6036] DATE TIME WhoAmI( ) reports: DOMAIN\user
[6036] DATE TIME AssertRestorePrivilege() failed
[6036] DATE TIME ndmpSendReply: message:0x901
[6036] DATE TIME ndmpFreeMessage: message:0x901
[6036] DATE TIME ndmpProcessRequests
[6036] DATE TIME ndmp_recv_msg
[6036] DATE TIME ndmp_readit: Caught message on closed connection. Socket 0x528 len 0x0
[6036] DATE TIME ndmp_readit: ErrorCode :: 0 :
[6036] DATE TIME ndmp_process_messages: detected eof
[6036] DATE TIME ndmpFreeMessage: message:0x0
[6036] DATE TIME ndmpDestroyConnection
[6036] DATE TIME @@@@@@@MyCloseSocket called with sockfd = 1320(0x528) retval = 0

 

0 Kudos

Ken_Putnam
Level 6

‎06-18-2008 07:57 AM

Are youspeccifying a "connect as" in the job definition or are you connecting as the BackupExec Service Account?
 
Either way, logon to the media server as that ID and attempt to map a share on the problem server
0 Kudos

T1mmy
Level 3

‎06-19-2008 04:35 AM


@ken Putnam wrote:
Are youspeccifying a "connect as" in the job definition or are you connecting as the BackupExec Service Account?
 
Either way, logon to the media server as that ID and attempt to map a share on the problem server

Hi,

I'm using a "connect as..." account in the job definition and I can map a share on the problem server without any problems using the account in question.
0 Kudos

Ken_Putnam
Level 6

‎06-19-2008 08:54 AM

 
especially the note near the bottom
0 Kudos

T1mmy
Level 3

‎06-24-2008 12:22 AM

I've tried to connect as the local administrator account and a domain account that has been given local administrator rights on the server in question. I've also tried to run the agent service as these accounts as well as local system account and then tried to contact with the same credentials. Both of the machines are able to resolve each other's names and ip addresses.

My best guess is that there are some domain policies that are restricting the access to the agent service, could anyone give me a hint on what these policies might be?
0 Kudos