The Realm of the Verbal Processor

Jarvis's Ramblings

Access Denied

[Note: This is part 1 of a three part series. You might want to check out Part 2 and Part 3 as well.]

Okay…warning to the non-technical…this will be the most technical post I have made to date.

I am an SMS Architect for Campus Crusade for Christ. Our SMS 2003 environment is in Advanced Security mode. The way that Advanced Security operates is that to get access to other SMS servers or access to network shares and resources, it uses the computer account of the SMS Site Server. (i.e. if the SMS server is named Server1, it uses the computer account named “Server1” for accessing resources…not a user account which is the normal way.) Note: this is all in layman’s terms…

So recently we had an issue in our site where the SMS server (I’ll call SMS1) suddenly was no longer able to get to the source files of the Microsoft patches. These source files exist on a separate server that I will call File1. File1 has a folder that is shared (Share1). SMS1 (the computer account) has permission on this share/folder. This has been working fine for nearly two years.

So…the problem comes last week. Suddenly SMS1 is getting “Access Denied” when it tries to connect to the share. After checking the permissions, I have determined that the perms are correct…SMS1 does have permission, but it is still getting access denied. So, I set up other shares on other servers to test with. I got the same result on all of them…well, all but one. On one mysterious server the permissions worked as they should. After a couple of days of trekking down the wrong trails, I finally realized the difference. All of the servers that failed were running 32 bit versions of Windows Server 2003. The one that worked is running the x64 edition. I found another x64 server with the same result.

So…today I was on the phone with Microsoft support…for nine and a half hours. I had at least two and up to four Microsoft engineers on the phone with me all day today. Tomorrow morning, we are picking up where we left off. The next step is to reset the secure channel on the SMS1 computer account. Honestly, I’m not sure exactly what that means. I will say this…I was glad for the Microsoft PSS guy that was the lead on the issue today. All I know about him is that he is from Dallas and his name is Ed Walters. Ed…you are professional, friendly, and you do a great job of explaining the process that you are going through in troubleshooting. It also was very nice to have a PSS who listened to the process that I had already been through and didn’t make me go back through the same troubleshooting that I had already done. Good job, and thank you.

May 17, 2007 Posted by | tech | 2 Comments


%d bloggers like this: