EMC SourceOne Email Management File Restore Activity fails with “Permission Error (0x86044710).”

Article Number: 483073 Article Version: 2 Article Type: Break Fix



SourceOne for File Systems

When trying to restore the files previously shortcut, using File restore activity, the following file permission-related error shows:

Unable to verify that the user has required file system permissions to restore the file. Try restoring to an alternate location. (0x86044710)

Function: CExFileSystem::iWriteFileProperties

Error encountered checking permissions (0x80070423)

Function: CoExFileProvider::StoreDoc

Failed to restore file to original location

(000000002FA2F179A9A64B3E18708A1301F6951BEA98F76600). (0x86044701) The specified property FSC_TargetLocation does not exist

(0x86044002)

The issue was related with Windows File permissions not being applied properly to the files needed to be restored. Although Windows NTFS file/folder permissions stated that a particular end user and SourceOne account had full permission on those files, somehow Windows was not applying it.

Also, when running a File Restore Activity, the following NTFS security file/folder permissions need to be configured for the SourceOne service account :

–>Local Administrators group has the following rights:

–> Backup files and directories

–> Manage auditing and security log

–> Restore files and directories

–>Take ownership of files or other objects

  1. Remove and re-add the file permissions, disabling the option “Include inheritable permissions from this object’s parent” when managing NTFS permission on the problem file server foldername.
  2. Re-add any other identified users in this manner that lost file/folder permissions

Related:

  • No Related Posts

True Enterprise File Sharing and Access with Filr

qmangus

You need to keep your files and systems secure, however, your users may be sharing and storing files on cloud sharing solutions that are not secure and are not managed by your organization. There needs to be a balance between the functionality that your end users want and the security that your organization needs. IT, …

+read more

The post True Enterprise File Sharing and Access with Filr appeared first on Cool Solutions. qmangus

Related:

  • No Related Posts

Configure access control for PMS agent’s folder and registry

I need a solution

As far as I know, PMS Agent does not have its own protection.

So I would like to use SEP to block all access to the Agent-related folders and registry, and allow access only to the Agent process.

Which process should I grant permission(create/modify/delete)?

This is all I know.

the Agent-related folder

– %SystemDrive%Program FilesAltiris*

registry

– HKEY_LOCAL_MACHINESOFTWAREAltiris

– HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeAltiris

– HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallAltirisAgent

0

Related:

  • No Related Posts

App Layering error “A failure occurred while publishing the Layered Image: “Failed scanning a directory for files” because of Microsoft.MicrosoftOfficeHub

Recommended Solution: This issue has now been fixed in versions 4.6+ of App Layering. The simplest way to resolve this issue is to upgrade the latest version of the App Layering appliance.

* Update: This issue can also be caused by apps that use invalid windows file names. One example is CON.<anything>. CON is a reserved file name. In one case, CygWin was used to install a package which included /cygwin64/usr/share/avogadro/crystals/zeolites/CON.cif. The ELM will fail to copy this file because it is not a valid name. The only current solution is to delete the file.

For historical purposes, here is the original fix for those who are still using versions 4.5 or earlier of the App Layering product:

This error is most frequently caused by Microsoft OfficeHub. The “Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub” directory has a new type of reparse point that was recently invented by Microsoft, and ntfs-3g is currently unable to handle it. Thus, there is no way for our Linux virtual appliance (App Layering ELM) to correctly recognize these files. So we will need to remove them before working in App Layering. There is no negative effect to removing the OfficeHub files, as these files will be rebuilt automatically on end-user desktops.

The fix needs to be done in the VM or layer where the problem files are present. If the error occurs while publishing a VM (App Layering versions 4.x) or during desktop creation (versions 2/3.x), or while editing/creating layers, then you will need to execute the fix on the specific layer that is causing the issue. Usually, the problem is in the OS layer, so you would need to execute the solution on a new version of the OS layer. However, it is also possible that the offending files are on an application layer or the platform layer, so you may need to experiment to determine which layers the files are located on. If you cannot find them in file explorer for any of the layers, you should open a Technical Support case, and one of our engineers will be able to make that determination.

Solution 1: PowerShell

On the OS layer, running the following two PowerShell commands (from the command prompt as administrator) might be able to remove the folders without manually setting permissions and deleting them Sometimes, manually deleting the folders can be a long and painful process. Make sure to run the PowerShell commands as the admin that originally created the image. It is possible that OfficeHub may already be staged for the original user, and will deny removal from the following script if that is the case.

powershell -command "& {Get-AppxPackage -name Microsoft.MicrosoftOfficeHub -AllUsers | remove-appxpackage}"powershell -command "& {Get-AppxProvisionedPackage -online | Where-Object {$_.DisplayName -like "*Microsoft.MicrosoftOfficeHub*"} | remove-AppxProvisionedPackage -online}

Solution 2: Manually changing the file permissions, and then deleting them

Make sure that the files are located in the “Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub” directory. The files will need to be deleted out of this folder, and typically you’ll need to take ownership and change permissions in order to remove them.

Additionally, on Windows 10 Enterprise machines, you may also need to check and remove the OfficeHub directory from “usersAdministratorappdatalocalpackagesMicrosoft”

Lastly, make sure Program Files/WindowsApps/Deleted/Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbweb6a07f30-3c9c-4a53-867e-42e7a1f58db8* is empty.

In extreme cases, the $recycle.bin may also need to be completed deleted.

The following command will delete the $RECYCLE.BIN – then the OS will refresh and recreate it automatically, without any artifacts from OfficeHub.

RD /S /QDrive-Letter:$Recycle.bin

Related:

  • No Related Posts

VNX: CAVA error VC: 3: 32: Server ‘x.x.x.x’ returned error ‘FAIL’ when checking file

Article Number: 480920 Article Version: 2 Article Type: Break Fix



VNX Event Enabler,VNX1 Series,VNX2 Series,Celerra

While virus checking is running, in the logs an error indicating that the VC service has failed to check it:

2016-03-29 11:38:44: VC: 3: 32: Server ‘x.x.x.x’ returned error ‘FAIL’ when checking file ‘root_vdm_idmount_pathfilename.ext’

The ‘FAIL’ message occurs when a scan request is opened (the VC service on the data mover sends a request to the CAVA servers) and when the CAVA server tries to open it the file is not found. This means that the file was deleted before it could be scanned. There are some scenarios where this could happen:

  • One way this occurs is if the file was a cookie, temporary file, or lock file. Microsoft office, for example, creates temporary files that follow the format ~$<original_filename.xxxx>. These files normally disappear when the file is saved or closed, and if this happens quickly the file can disappear before it has a chance to be scanned, leading to the FAIL message in the data mover log. The filenames that are failing scans usually identify this as the source of the issue.
  • Another way this can occur is if the file has a special ‘disposition’ on it. In SMB and SMB2 the user can set a disposition ‘delete on close’ when opening a file. If the file that is referred for scanning is opened by another user with this disposition set, the file is deleted before it can be scanned, leading to the FAIL message in the data mover logs. This option can be seen in packet traces by looking at SMB ‘Create’ or ‘SetInfo’ calls, but will be set by the user doing the deleting, and probably not the CAVA servers. This can make things difficult because normal traffic must be monitored (not just the AV server) to determine who is setting the flag.

The best resolution is to stop what is deleting the file (the external users deleting the file). This may mean disabling the use of temp files in office, or storing other temp files or cookies to a local directory instead of a shared one. If this cannot be done, then alter viruschecker.conf to exclude these types of files from being checked by altering the ‘excl’ line to exclude ~$*.* (for office files), *.tmp or any other extension that may be causing these errors.

viruschecker.conf:

CIFSserver=<CIFS server on data mover>

addr=<configured CAVA servers>

excl=~$*.*:*.accdb:*.laccdb:*.ldb:*.mdb:*.pst:*.tmp:????????

masks=*.*

shutdown=viruschecking

additional resources:

https://support.microsoft.com/en-us/kb/211632 (Description of how Word creates temporary files)

https://wiki.wireshark.org/SMB2/SMB2_FILE_DISPOSITION_INFO (SMB2_FILE_DISPOSITION_INFO addresses ‘delete on close’) feature

Related:

  • No Related Posts

VNX: User has write permission but gets “permission denied”

Article Number: 484656 Article Version: 3 Article Type: Break Fix



VNX/VNXe Family,Celerra,VNX1 Series,VNX2 Series

User is unable to write to a filesystem, but has “full control” NTFS permissions.

“Everyone” group added to filesystem permissions with Read/Execute and now other users with Read/Write/Execute cannot write to the filesystem.

Note: This issue is not specific to VNX/Celerra but rather all Windows NTFS permission functionality.

In Windows Advanced NTFS Security permissions, the effective permissions are applied with the lowest permissions first.

If an Active Directory group is added to a file/folder permission, and the new group has less control than any preexisting groups/users, any user that is included in this new group will have the effective permissions with the least control applied first.

Consider this Scenario:

There is a share on the data mover with the path “/filesystem1/share1”.

The “share1” folder has the following permissions:

  • “Everyone” group has read/execute permission.
  • “nas_user” group has read/write/execute permission.

A user named “user1” logs in and is part of both “Everyone” and “nas_user” Active Directory groups.

​When “user1” attempt to write to a file to the share “share1” directory they are denied access.

“user1” is denied access because the permissions from “Everyone” group is effective permission and applied first as it is the permission with the least amount of control.

An active directory group was added to a file/folder permission that has less control than a preexisting user/group in the same directory.

To correct the permission issue, the Active Directory Domain Administrator needs to consider the permission structure and re-apply the appropriate effective permissions.

In reference to the above scenario, some examples to correct the issue would be:

  • Remove “user1” from the “Everyone” group. (least intrusive)
  • Add write permission to the “Everyone” group.
  • Remove the “Everyone” group from the share’s permissions.

You can identify the issue with two ways:

  • You can have the customer check from a windows client in the advanced security properties of the folder/file as well as checking the group properties.
  • You can run an ACL dump and CRED report of the file/directory and user from the control station of the VNX/celerra.

Checking through Windows Client:

This example is with local groups, however the user may be using Active Directory, and would need to check in Active Directory Users and Computers.

  1. Check which permissions are applied to the folder — note that the box in RED is the user with read/write/execute permission, and the box in GREEN is the group showing the effective ready/execute permissions because “user1” is included in the “users” group.
user_permissions
  1. Verify any groups included in the permissions and see if the affected user is included in the group with the least amount of permissions.
User-added image

Checking through Control Station ACL / CRED dump:

Run the following two commands on the controls station. You must know the path to the share and/or file, the user account name trying to access/write, the data mover/vdm name, the customer domain name, and the CIFS server name.


$ server_cifssupport <vdm/server_name> -cred -name <username> -domain <domain_name> -compname <cifs_server_name>
$ server_cifssupport <vdm/server_name> -acl -path /filesystem1/share1

Use the following output to compare the CRED report with the ACL DUMP Report:

CRED Report:

$ server_cifssupport <vdm/server_name> -cred -name <username> -domain <domain_name> -compname <cifs_server_name>
ACCOUNT GENERAL INFORMATION

Name : user_name

Domain : DOMAINNAME

Server : CIFSSERVERNAME

Primary SID :

S-1-5-15-xxx9ff8-6bc5c62-6b635f23-1fc521 <<< User SID


UID : 23xx70

GID : 32xx8

Authentification : KERBEROS

ACCOUNT GROUPS INFORMATION <<< groups that this account is part of

Type UNIX ID Name Domain SID

NT 4294967294 Everyone S-1-1-0 <<< SID of Everyone group

ACL DUMP REPORT:

$ server_cifssupport <vdm/server_name> -acl -path /filesystem1/share1
Path : /filesystem1/share1

UID : 10xx5

GID : 40xx1

Rights : rwxrwxr-x

owner SID : S-1-5-xx-1-27c9

group SID : S-1-5-xx-2-9f4d

DACL <<< this section is the permission formation for the above path

USER 23xx70 S-1-5-15-xxxx9ff8-6bc5c62-6b635f23-1fc521 <<< user SID same as above

ALLOWED 0x2 0x1201ff RWX— user has read/write/execute

ALL S-1-1-0 <<Everyone SID from above

ALLOWED 0x9 0xa0000000 R-X— << Everyone has only read/execute

In Summary:

Using the Windows NTFS Security permission guidelines and referencing the highlighted output, we can determine that “Everyone” has read/execute, and the user has “read/write/execute.

Since the user is part of the “everyone” group, the effective permissions for the user is read/execute.

Related:

  • No Related Posts

Install and Use Citrix Files

Install

Download the installer DMG. Open the installer package and follow the prompts to install Citrix Files. You will be required to provide an administrator password to complete the installation.

User-added image


After installation, a volume named “Citrix Files” will appear. You may access this volume by clicking on the ShareFile menu bar item and then clicking the folder icon. It will also appear in the Favorites sidebar in Finder windows. This volume displays all of the files and folders from your ShareFile account.

Sign in

User-added image

When starting the ShareFile Desktop app for the first time, you are prompted to sign in with your ShareFile Credentials.

Basic Operations

Citrix Files allows you to manage the files in your ShareFile account the same way that you would manage files normally through Finder.

Operation Description
Open and Edit

Double click on a file in the Citrix Files folder. Make any edits necessary and then save the changes.

User-added imageUser-added image
ShareFile uploads the edited file.

User-added image

Download

Drag and drop file(s) or folder(s) from the Citrix Files folder to another folder on your computer.

User-added image
You may also copy and paste files and folders.

Upload

Drag and drop file(s) or folder(s) from the Citrix Files folder to another folder on your computer.

You may also copy and paste files and folders.

Delete Right click on a file or folder and select Move to Trash.

User-added image
You may also drag files and folders to the trash.
Move

Drag and drop file(s) or folder(s) from one location in the Citrix Files folder to another.

User-added image

New Folder Create a new folder in Citrix Files folder.

User-added image


Icon Overlays

Files and Folders will have an icon overlay representing the status of that item. The following defines what each icon overlay represents:


User-added image

Right Click Menu


User-added imageUser-added image


When you right click on a file or folder within Citrix Files, you will see some additional options. These options give you access to the functions available in ShareFile for these items. Options will vary based on the types of files or folders you have selected, permissions, and account settings.

Operation Available For Description
Share Files and Folders Copy Link – Copies a ShareFile download link. Link settings will be determined by the Share options in your Preferences.

Email with ShareFile – Send a download link through email. Email options may be customized before sending, or by modifying default options in your Preferences.

Email with mail app – Opens the Mail app in Mac OS. A new message is generated that contains a ShareFile download link

Initiate Approval – (For a single file only) Initiate an approval workflow on a file
Request Files Single Folder Copy Link – Copies a ShareFile upload link. Link settings will be determined by the Share options in your Preferences.

Email with Citrix Files – Send a upload link through email. Email options may be customized before sending, or by modifying default options in your Preferences.

Email with mail app – Opens the Mail app in Mac OS. A new message is generated that contains a ShareFile upload link
Check Out Single File Check Out a file to prevent other users from making changes
View Details Single File or Folder View detailed information for a file or folder. The details window provides access to multiple file versions, notes, or checkout details
Refresh Contents Single Folder Folder contents should update automatically as changes are made, but you may refresh contents manually using this function

Additional actions are available under More Options.

User-added image

Operation Available For Description
Download Files and Folders For file(s) and folder(s), download allows you to download file(s) or folder(s) to a specific location on your computer.

Note: For improved performance, use this option for large file downloads or downloading a large number of items. These downloads are optimized for bulk operations and do not store data in the cache.
Upload Single Folder Right click on a folder and upload allows you to upload files and folders from a specific location on your computer.

Note: For improved performance, use this option for large file uploads or uploading a large number of items These downloads are optimized for bulk operations and do not store data in the cache.
Manage Permissions Single Folder Add users to a folder, modify folder permissions, and copy folder permissions from one user to another.
Add to Favorites Single File or Single Folder Adds the file or folder to the Favorites folder.
Preview Single File Stream a video file without downloading it (Available for .mp4, .ogg, .ogv, and .webm file types).


Menu Bar Icon

This icon displays the current status of Citrix Files. A spinner over the icon indicates activity.

Uploads in progress or edits that are being saved back to ShareFile will be indicated by a spinner. You will also see a spinner when navigating to a folder. The spinner indicates that the contents of a folder are being fetched and should appear after the spinner disappears.


User-added image

Dashboard

Clicking on the menu bar icon will open the dashboard.

Recent Files – Files that have been uploaded or edited will appear in the list of recent files. Double click on a file to open it.

Workflow button – Open up a window containing Workflows where you can view

Open Citrix Files Folder – Opens the Citrix Files location in Finder

User-added image

Overflow Menu

This provides access to Preferences, Send Feedback, Help Launch Website, and Quit.


User-added image

Provide a rating for the app and leave detailed comments.

Help – Provides links to support and legal resources. This menu also allows you to report a technical problem with the app to the development team.

Launch Website – Opens the ShareFile website.

Quit – Quits the App.

Preferences – Opens the Preferences for the App.

Preferences

Preference

Description

Account

Log out – Logs you out of your account. Cached files are deleted

App Settings

Cache – Hover over the ? for details and cache usage

Clear Cache – This removes ached files

Reset App settings – Removes folder structure archive and cached files. Doing this will quit and relaunch ShareFile for Mac to please save any work before resetting

Uninstall – This uninstalls the application. Administrator permissions are required.

Share Options

Notifications – Set default notifications that are applied when sharing

Security – Set defauly security options that are applied when sharing

Open and Edit

Open and Edit has been tested with the following applications:

  • Adobe Acrobat Reader DC
  • Adobe Photoshop
  • Keynote
  • Numbers
  • Microsoft Excel 2008, 2011, 2016, 2017
  • Microsoft PowerPoint 2008, 2011, 2016, 2017
  • Microsoft Word 2008, 2011, 2016, 2017
  • Pages
  • Preview
  • Sketch
  • TextEdit

Other applications will be tested and fully supported during the course of the Beta program. Please report any issues you experience with open and edit.

Users are welcome to use ShareFile for Mac with any application, however when using applications that are not listed above, we recommend saving local copies before uploading to ShareFile until compatibility has been tested.

Feature Issue Workaround
Installation

Users installing for the first time on OS X 10.13 (High Sierra) will need to allow the kernel extension to load.

  1. Click Open System Preferences.
  2. Click Allow.

The app will finish launching automatically.

User-added image

Finder Folder names that contain an umlaut or an acute accent mark may appear twice in Finder.

User-added image
    None.

    Finder Some files may not display as expected in a folder. Right click on the context menu and select to refresh. If the folder content still appears incorrect there may be a problem with the folder structure archive. Open Preferences and select “Reset App Settings”.
    Finder

    Copying and pasting content from one folder in ShareFile to another folder in ShareFile may be slow.
    Perform the copy operation from ShareFile WebApp.

      Finder

      Quick look (preview) for files does not work unless the file has been opened previously.
      User-added image
      None.

      Open & Edit/Upload

      Uploads may fail for various reasons such as:

      • Network connectivity is down.
      • Permission to upload an item has been revoked.
      • Connection to ShareFile is lost.
      • If internet connectivity is lost, uploads will be retried automatically when connectivity is restored.
      • If an upload cannot be completed, it is moved to the recovery folder to prevent data loss. Click on the notification in the recovery folder.
      Upload

      Warning – The document … is on a volume that does not support permanent storage.

      User-added image

      It is safe to ignore this message. Apple has a built in versioning system that is available on volumes with the Mac OS Extended (HFS+) file system. ShareFile for Mac mounts your ShareFile account as a volume that does not use this file system format and may trigger this message when closing applications. Versioning on documents is available with ShareFile’s own versioning option. To access other versions of a document, you may right click on a file in the ShareFile volume and select view details.

      Dismiss the warning message, and check “Do not show this message again” if desired.

      Upload Files that are embedded packages (.app, .pkg, .band, etc.) do not upload properly and may cause folders performance issues after upload. Compress these files to a .zip and upload the zip.

      Upload Opening a compressed zip file (or other file archive) within the ShareFile drive will fail if the compressed file contains folders. Upload the files and folders without compression.

      Citrix Files gives you access to the files on your ShareFile account by making them available as a storage drive (like an SD card or a thumb drive). This drive needs to mount itself into your Mac’s file system before files can be accessed from ShareFile. If the Citrix Files app experiences an issue with mounting, the app menu bar icon will show a warning symbol. You will need to ensure the drive mounts properly before you may use Citrix Files.

      Reconnect the Drive

      1. Click the Citrix Files menu bar icon.
      2. Click Reconnect.
      User-added image


      Relaunch the App

      You may need to relaunch Citrix Files app in case the app experiences an issue with mounting.

      1. Close any files that may be open in Citrix Files (Ex: You have opened a Word document in Citrix Files).
      2. Click on the Citrix Files menu bar icon.
      3. Click on (…).
      4. Select Quit.
      5. Open Citrix Files app in your Applications folder.


      Reinstall Citrix Files

      Citrix Files installs a kernel extension or kext to mount the drive.

      1. Click the Citrix Files menu bar icon.
      2. Click on (…).
      3. Select Preferences.
      4. Click Uninstall and Confirm.
      5. Download and install Citrix Files again.

      Related:

      • No Related Posts

      Connector Sharing

      Connector sharing allows you to share files stored in on-premises Network Shares and SharePoint locations, as well as other file storage services like Dropbox or Box. When sharing on-prem files, a copy of the file is uploaded to the sender’s File Box.

      This feature allows you to:

      • Share on-prem files securely via the Email with ShareFile or Get a Link options, without granting recipients access to your on-premises storage location.
      • Share files stored in other file storage services via the Personal Cloud Connectors feature.
      • Share files stored in a Connector with IRM protections. Click here for information on Protected Sharing. (This capability requires StorageZones Controller 4.2 or later)


      System Requirements

      • StorageZones Controller 3.4 or later (if sharing on-prem files, not required for Personal Cloud Connector sharing)
      • Microsoft .NET 4.5.2 installed on the StorageZones Controller Server

      Plan Requirements

      • This feature is available for Enterprise accounts

      User Requirements

      • To share a file from a connector location, you must be an Employee user with the “Use Personal File Box” permission.
      • An Employee user’s ShareFile Username must match the user’s email address in Active Directory.
      • Users must be on the same Windows Active Directory domain as the StorageZones Controller.
      • Client users cannot utilize this feature.


      Enable Connector Sharing


      View Only Support

      • In order to share a file from your Connector as a View-Only message, you must have a View-Only enabled File Box.
      • Click here for more information on enabling View-Only Sharing.
      • This feature requires SZC v3.4.1 or later.

      Share a File from Connectors (Web App 4.6 and later)

      Navigate to the Network Share or SharePoint location where your file is stored. To share, right-click a file and choose Email with ShareFile or Get a Link.

      This feature allows you to share on-premises files with the same customizable Notification and Security message options available for files stored on ShareFile servers. The Expiration Policy you set in Message Options will override that of the File Box. When sharing on-premises files, your file is copied to the File Box where it is subsequently downloaded by your recipient. Your recipient does not download files directly from your on-premises storage location. Due to this behavior, please allow your file time to upload to the File Box when using the Get a Link option.


      Note Regarding File Version

      Your file is copied to the File Box when it is sent. Due to this behavior, your recipient will receive the version of your file as it was at the time of the share. Updates to your file are not automatically uploaded to the File Box. If you update your file, you must compose another message to send the latest version of the file.


      Supported Apps

      Connector Sharing is supported on the following ShareFile apps:

      • ShareFile for Android v4.1 and later
      • ShareFile for Windows 10 v4.1 and later
      • ShareFile for iOS v4.0 and later
      • ShareFile Web App v4.6 and later
      • ShareFile Plugin for Microsoft Outlook v3.9 and later
      • ShareFile Desktop App v1.4 and later.


      Note Regarding Restricted Zones

      A user cannot use this feature if their File Box is located on a Restricted Zone.


      Note regarding Users Provisioned by XenMobile

      User accounts provisioned by a XenMobile server do not receive File Box access. ShareFile recommends provisioning users via the User Management Tool or manually enabling the “Use personal File Box” permission for each user.


      Known Issues

      • If the user attempting to share from a CIFS Connector has an on-premise File Box, the share may fail. In the event of this error, ShareFile recommends using NTLM authentication.


      Limitations

      • Folders cannot be shared using this method

        Related:

        • No Related Posts