HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

determining cause of Advanced Server access denied errors

 
Jess Goodman
Esteemed Contributor

determining cause of Advanced Server access denied errors

I started getting this message on my computer on a regular basis:

Message from (Adv. Server node) to (me) (time)

There were 5 access denied errors in the last x minutes. Please review the serverr's audit trail.

Is there anyway to determine what is causing the errors short of setting an audit for access failure on every file/diretory on every share?

I already set a failure audit on all of our Advanced Server shares with ADMINISTER command:

set file /audit=failure=all /apply=(nofiles,nosubdir) \\vms_nt\SHARENAME Everyone

And SHOW AUDIT POLICTY says:
Audit Event Success Failure
------------------ -------- --------
ACCESS Disabled Enabled

But SHOW EVENT/TYPE=SECURITY shows nothing.

Some of our shares encompass directory trees with many thousands of files and I don't want to have enable audit on all of them. I assume that would add a Pathworks ACL to all of the file headers.
I have one, but it's personal.
1 REPLY

Re: determining cause of Advanced Server access denied errors

We get this occasionally, the most usual cause being that someone who has an Advanced Server share mapped which reconnects at startup has changed their PC password but the Advanced Server either has not been changed or doesn't match - perhaps entered with the Caps Lock key on.

However, there is always something in the security log covering this.

Our audit policy shows:

Audit Event Success Failure
------------------ -------- --------
ACCESS Disabled Enabled
ACCOUNT_MANAGEMENT Enabled Enabled
LOGONOFF Disabled Enabled
POLICY_CHANGE Enabled Enabled
PROCESS Disabled Enabled
SYSTEM Enabled Enabled
USER_RIGHTS Disabled Enabled

With account management enabled you'd be able to see who had changed their password recently and perhaps tie this in?

Good luck!