8 Replies Latest reply: Mar 28, 2013 8:27 AM by ippccunningham RSS

Access denied when running robocopy the second time to update changed files

kennethostnes
Currently Being Moderated

Hi,

we are migrating CIFS users files( profiles, homefolders etc) from Windows 2003 Clusters to Netapp Vfilers. Robocopy is one of the tools used for migration.

Robocopy options used:

robocopy Z:\files\ \\NetappVfiler\Users\files\ /E /SEC /COPYALL /ZB /R:0 /W:0/mir /np /xd "RECYCLER" "System Volume Information" "Thumbs.db" /log:robocopy1.log

 

The first copy runs fine. All catalogs/files and their security settings are the same on destination as the source.  
Also on files that is not owned by the admin user logged in when we use Robocopy.
Everything is just fine.

But when we try to run Robocopy the second time we got access denied on files that is not owned by the admin user.


robocopy Z:\files\ \\NetappVfiler\Users\fles\ /E /SEC /COPYALL /ZB /R:0 /W:0 /mir /np /xd "RECYCLER" "System Volume Information" "Thumbs.db" /log:robocopy1.log

Newer  10        New Text Document.txt

2011/11/16 13:13:02 ERROR 5 (0x00000005) Copying File Z:\files\New Text Document.txt

Access is denied.

 

Running a sectrace shows:

 

/files/New Text Document.txt

Wed Nov 16 13:13:03 CET [NetappVfiler@NetApp-V3240: sectrace.filter.allowed:info]: [vfiler: NetappVfiler: 3] Access allowed because the file is being opened for backup - Status: 1:142671872:0:0 - 172.17.12.24 - NT user name: \administrator - UNIX user name: pcuser(65534) - Qtree security style is NTFS and NT ACL is set on file/directory - Path: /vol/qt1/files/New Text Document.txt

Wed Nov 16 13:13:03 CET [NetappVfiler@NetApp-V3240: sectrace.filter.denied:info]: [vfiler: NetappVfiler sectrace index: 2] Access denied because 'Write' permission (0x2) is not granted on file or directory (Access denied because the requested permissions are not granted by the access control entries) - Status: 1:239075332:32:61 - 172.17.12.24 - NT user name: \administrator - UNIX user name: pcuser(65534) - Qtree security style is NTFS and NT ACL is set on file/directory - Path: /vol/qt1

 

NetApp-V3240> vfiler run NetappVfiler sectrace print-status 1:239075332:32:61

 

=====NetappVfiler

Access denied because requested permission is not granted on file or directory.

- Access allowed by share-level ACL.

- Access denied because the requested permissions are not granted by the access control entries.

NetApp-V3240>

 

Yes we know that we do not have the access to the file. The user we are using is an administrator in the windows domain and on the Vfiler. And is a member of the local Backup Operator on the Netapp Vfiler.

If we do a robocopy between two windows servers the job is run's fine on the same files, no access denied.


Do we have a problem with the backup opertator modus on Netapp. Is there a CIFS "Superuser" on Netapp we should be using?

More Like This

  • Retrieving data ...