Hi,
I think Paul put his finger on it... it seems to be security problem and
not a firewall problem, which makes sense since those machine were able to
save before.
To confirm that, I granted administrator priviledges to the legato
account, and it succeeded. I checked to be sure, and the System account
already had full control on both roots (c and d).
The Backup Operators also had Read rights on both roots.
I know this machine has been locked as hell by the admin (registry sec,
file sec, user rights, etc...) cuz it's a pki system... so that's the
cause of the problem...
The question that remains is : what are the bare bone minimum rights that
must be set on a particular server (in my case nt4 ) so that legato works
? I'm talking about User Rights, File Permissions, and registry security.
I haven't found one document that clearly specifies all of this.
Has this already been covered in this list ?
Thanks a lot for the help !
Alexandre Déry
Technician
Direction des services d'inforoute
DGT / SSIGRI
1500-E, rue Jean-Talon Nord 1er étage
Sainte-Foy (Québec) G1N 4T6
Téléphone: (418) 646-9273
Télécopieur: (418) 528-0418
Paul.White AT adic DOT com
2003-04-09 06:20
Pour : networker AT listmail.temple DOT edu, Alexandre.Dery AT
SCT.GOUV.QC DOT CA
cc :
Objet : RE: [NetWorker] "! no output" error message
Alexandre,
I think you will find that if you look at the permissions of the root of
the D:\ drive you will find that the account that the "NetWorker remote
Exec" service is running as (SYSTEM by default) has no access permissions
to the root of the D:\ drive.
This commonly occurs when someone tries to make a box more secure, they
open up permissions on the root of a drive and delete all the "un-needed"
accounts, this is a high possibility in your case if they are web servers
behind the firewall?
When you run a manual backup/recover its processed with the account you
are logged in with at the time, when you run a scheduled backup from the
server it uses the account specified in the service setup in control
panel, in this case it has no permissions to access the drive and you get
that very helpful and descriptive "NO OUPUT!" error.
Which ever account you have the "NetWorker remote Exec" service running
as, SYSTEM or a dedicated backup account, then grant access permissions
for this account to the root of the "D:\" drive.
Hope that helps
Regards
Paul
Paul White BSc (Hons), Pre-Sales Systems Engineer
Advanced Digital Information Corporation (ADIC) Europe
------------------------------
Date: Tue, 8 Apr 2003 18:14:07 -0400
From: Alexandre =?iso-8859-1?Q?D=E9ry=2Fdgt=2Fsct?=
<Alexandre.Dery AT SCT.GOUV.QC DOT CA>
Subject: "! no output" error message
Hi,=20
I have a little backup group of 3 machines (behind a Checkpoint NG FP3=20
Firewall) that were backuping well for some time.... Last tuesday we did a
=
manual backup from one of these servers, swaped the server with another=20
one (same config, including legato passwords and version) and successfully
=
recovered the data that was manually backuped previously. Since then,
my=20 nightly full backups stop working. All the servers in this group
have this =
error:=20
server=5Fname : D:\ : !no output
I tried opening all the ports, no luck. Recreating the client object,=20
didn't work. Inscreasing the retries and timeout values, nothing.
Moving=20 server to another group, nope ! And of course I rebooted the
server.=20
I checked the Networker docs and did what they said (mminfo to check if=20
the data is backuped [it is not], there's plenty of free disk space on the
=
server, ports are opened...etc..)
I'm all out of ideas here... Somebody throw me a rope, please ! ;)
Networker system setup :=20
Compaq Proliant 1600 + 5 compaq dlt drives + Windows NT4 SP6 + Legato=20
Networker 5.7
Thanks a lot !
Alexandre D=E9ry
Technician
Direction des services d'inforoute
DGT / SSIGRI
1500-E, rue Jean-Talon Nord 1er =E9tage
Sainte-Foy (Qu=E9bec) G1N 4T6
T=E9l=E9phone: (418) 646-9273
T=E9l=E9copieur: (418) 528-0418
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
|