Access denied to maps

I have a nokia n8, i have downloaded all the software updates and the map updates, but whenever I try to go to maps get the message conn. failed access denied, I don't know why this is as I have wlan access at home i can open the maps but i am always at the mawson lakes interchange, i live some 40 kilometers south of this location, I don't have any other connection problems and often download games and apps from ovi store?
Peter
Solved!
Go to Solution.

@poider
Welcome to the forum!
Whilst realising that you are referring to South Australia can't remember whether Symbian Anna has been made available to you yet. Unfortunately if using this firmware you can no longer re-define an access point for positioning server = supl.mokia.com in Menu > Settings > Application settings > Positioning > Positioning server as you could in PR1.2
Have you tried Settings > Application Settings > Positioning > Positioning server > Server settings then tap on supl.nokia.com then change "Only in home network" to NO
Happy to have helped forum with a Support Ratio = 42.5

Similar Messages

HT1178 I have failed to Map the Airport Time Capsule to my windows 7 HP laptop as a mapped drive, error message is "access denied"

I have failed to Map the Airport time capsule to my windows 7 HP laptop, i followed all the installation steps and i get the error message "Access denied, you do not have permission to access this device, contact network administrator"

Did you install the airport utility for windows?
Is the windows computer set to home as network location.. it will not work if it is set to work or public.
Is the TC setup with all SMB type names, short no spaces and pure alphanumeric. No apostrophe.
Can you ping the TC from your computer? Open a command window and type ping and the tc name or its IP.
No response you will never be able to get connection .. it is usually firewall problem. Turn off firewall and internet security.
If it pings then simply type the IP directly into explorer.. \\TCIPaddress. (eg \\10.0.1.1 if the TC is at default)
That is usually the most foolproof method.

Adobe Reader 11.0.06 "There was an error opening this document. Access Denied"

Windows 7 64-bit
If I go into My Windows 7 Documents Library folder (which is redirected by Group Policy to a network share), I get "There was an error opening this document. Access Denied". If I then map a drive to the share, I can open the PDF without the error message.
I've read a workaround for some time now for older versions has been to uncheck Enable Protected Mode at startup under Security (Enhanced) in Preferences. I find this does work but this is probably not the best way to handle this situation.
I've also read one person removed the desktop.ini on the desktop to resolve.
Is there any official response from Adobe on this issue that I can be pointed too? Are others still having this issue?
We plan to update several thousand clients and I'd like resolve this issue before we do.

We tried 11.0.05, 11.0.06 and 11.0.07 with the same result on different computers with different local Admin accounts.
When we re-install 10.1.0 the issue is gone and Protected Mode is enabled.
We then returned to 11.0.06 or 11.0.07
I'm logged in with a local Admin account.
I turned on Protected Mode Logging and captured what happens when I attempt to double click a pdf file in my Documents Library with 11.0.06 installed. Access Denied.
I then doubled clicked the file from a drive mapped to the same share and the file opened.
[06:11/16:02:40] Adobe Reader Protected Mode Logging Initiated
[06:11/16:02:41] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:41] real path: \REGISTRY\MACHINE\Software\Adobe
[06:11/16:02:41] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:41] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:41] real path: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Adobe
[06:11/16:02:41] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:41] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:41] real path: \??\Volume{a758d00a-e81c-11e2-b856-806e6f6e6963}\$Extend\$Reparse:$R:$INDEX_ALLOCATION
[06:11/16:02:41] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[06:11/16:02:41] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:41] real path: \??\UNC\nawrcs-bbc1fs\mousers\u212940\Documents\Citrix Adding a Printer.pdf
[06:11/16:02:41] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[06:11/16:02:41] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:41] real path: \??\UNC\nawrcs-bbc1fs\mousers\u212940\Documents\Citrix Adding a Printer.pdf
[06:11/16:02:41] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:46] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:46] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:47] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \??\C:\Users\c702939\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
[06:11/16:02:47] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[06:11/16:02:47] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \??\C:\Users\c702939\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
[06:11/16:02:47] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[06:11/16:02:47] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:47] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:47] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:47] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:47] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:47] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:47] NtCreateKey: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \REGISTRY\USER\S-1-5-21-1691402968-2266345157-3523873211-67461\Software\Adobe\Adobe Acrobat
[06:11/16:02:47] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[06:11/16:02:47] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:47] real path: \??\C:\Users\c702939\Desktop\desktop.ini
[06:11/16:02:47] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[06:11/16:02:48] NtCreateFile: STATUS_ACCESS_DENIED
[06:11/16:02:48] real path: \??\C:\Users\c702939\Desktop\desktop.ini
[06:11/16:02:48] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

Access denied error for BW Report iView..Please help :(

Hello All,
I have created a BW Report iView..containing a Bex query.
Have created the required BW system object too.
When I preview this iView, it asks me for BW system authentication....since am not mapped to this BW system.
Its alright till here......
Problem:
Now, when I copy paste the URL (URL generated when you preview this iView) into a new browser window, I get an error saying:
" An exception occurred while processing a request for :
iView : N/A
Component Name : N/A
Access denied (Object(s): <iView path>
Exception id: 02:57_13/02/06_0034_6204550
See the details for the exception ID in the log file "
I checked tha bove mentioned log and it says:
Permission check failed - Object <iView path> Pcd.Use Principal: Information not available with current trace level#
Changed the iView authentication scheme to every value present but it did not resolve.
Please help me resolve this.
Awaiting Reply.
Thanks and Warm Regards
Ritu

Hi Raja,
Firstly thanks for a quick response.
I did as per you suggested but it isnt working. Am getting the same error again.
Please refer to the log details below:
1.5#000F206F053800610000008100000A1000040CAA10AF2627#1139824470727#com.sap.portal.pcd.Gl.Admin#sap.com/irj#com.sap.portal.pcd.Gl.Admin#Guest#0##sapnw2_J2E_6204550#Guest#63f4e0f093d911da8b7b000f206f0538#SAPEngine_Application_Thread[impl:3]_1##0#0#Warning#1#/System/Server#Plain###Permission check failed - Object portal_content/Ritu/MIDAS/CEO_redalert Permissions: Pcd.Use Principal: Information not available with current trace level#
#1.5#000F206F053800610000008300000A1000040CAA10AF2963#1139824470743#com.sap.portal.pcd.Gl.Admin#sap.com/irj#com.sap.portal.pcd.Gl.Admin#Guest#0##sapnw2_J2E_6204550#Guest#63f4e0f093d911da8b7b000f206f0538#SAPEngine_Application_Thread[impl:3]_1##0#0#Warning#1#/System/Server#Plain###Permission check failed - Object portal_content/Ritu/MIDAS/CEO_redalert Permissions: Pcd.Use Principal: Information not available with current trace level#
#1.5#000F206F053800610000008600000A1000040CAA10AF4031#1139824470743#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#Guest#0##sapnw2_J2E_6204550#Guest#63f4e0f093d911da8b7b000f206f0538#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/System/Server#Java###Exception ID:03:24_13/02/06_0059_6204550
[EXCEPTION]
#1#com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/Ritu/MIDAS/CEO_redalert - user: Guest
 at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1932)
 at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:230)
 at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
 at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
 at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:435)
 at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
 at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:232)
 at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:153)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:385)
 at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:263)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:340)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:318)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:821)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:239)
 at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
 at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:147)
 at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
 at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
 at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
 at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:162)
Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/Ritu/MIDAS/CEO_redalert)
 at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:390)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1066)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1072)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1072)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1072)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1168)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1115)
 at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:909)
 at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:78)
 at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
 at javax.naming.InitialContext.lookup(InitialContext.java:347)
 at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1919)
 ... 26 more
==========================
The auth scheme of this iView is set to default
Please help me resolve this......
Awaiting Reply.
Thanks and Warm Regards,
Ritu
Message was edited by: Ritu Hunjan

EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
 1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
 EFS operations occur on the computer storing the files.
 EFS files are decrypted then transmitted in plaintext to the client's computer
 This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
 2) SOLVE by setting up WebDAV (efs files accessed through web folders)
 EFS operations occur on the client's local computer
 EFS files remain encrypted during transmission to the client's local computer where it is decrypted
 This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
 BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
 READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
 a) START ... CMD
 b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
 c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
 1 click START and type "Turn Windows Features On or Off" and open the link
 a) scroll down to "Internet Information Services" and expand it.
 b) put a tick in: "Web Management Tools" \ "IIS Management Console"
 c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
 d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
 e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
 f) click ok
 g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
 a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
 a) on the "Anonymous Authentication" and click "Disable"
 b) on the "Windows Authentication" and click "Enable"
 NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
 It can be by changing registry key:
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
 BasicAuthLevel=2
 c) on the "Windows Authentication" click "Advanced Settings"
 set Extended Protection to "Required"
 NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
 a) on the right side, under Actions, click "Add Allow Rule"
 b) set this to "all users". This will control who can view the "Default Site" through a web browser
 NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
 NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
 a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
 a) on the right side, under Actions, click "Edit Feature Settings"
 b) tick the box "Allow double escaping"
 *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
 These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
 This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
 a) set the Alias to something sensible eg "D_Drive", set the physical path
 b) it is essential you click "connect as" and set
this to a local user (on fileserver),
 if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
 NB: the user account selected here must have the required EFS certificates installed.
 See
here and
here
 NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
 This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
 The work around is on the \\fileserver create an NTFS symbollic link
 e.g. to share the entire contents of "D:\",
 on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
 in cmd in this folder create an NTFS symbolic link to "D:\"
 so in cmd type "cd c:\inetpub\wwwroot"
 then in cmd type "mklink /D D_Drive D:\"
 NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
 NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
 a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
 b) if some exist review existing allow or deny.
 Take care to not only review the "allow access to" settings
 but also review "permissions" (read/write/source)
 NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
 a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
 choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
 NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
 b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
 a) On Windows 7 you need only change one tiny registry value:
 - click START, type "regedit", open link
 -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
 -on the EDIT menu click NEW, then click DWORD Value
 -Type "DisableEFSOnWebDav" to name it (no speech marks)
 -on the EDIT menu, click MODIFY, type 1, then click OK
 -You MUST now restart this computer for the registry change to take effect.
 b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
 NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
 a) make sure WebClient Service is running
 (click START, type "services" and open, scroll down to WebClient and check its status)
 b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
 It should show the default "IIS7" image.
 If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
 c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
 e.g. http://localhost/D_drive
 If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
 a) make sure WebClient Service is running
 (click START, type "services" and open, scroll down to WebClient and check its status)
 b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
 eg if your server's computer name is "fileserver" go to "http://fileserver:80"
 It should show the default "IIS7" image. If not, check firewall and port blocking.
 Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
 c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
 A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
 a) click the "Connections" tab at the top
 b) click the "LAN Settings" button at the bottom right
 c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
 a) click START, type "regedit", open link
 b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
 c) click on "FileSizeLimitInBytes"
 d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
 a) click on "Security" (top) and then "Custom level" (bottom)
 b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
 SUCH an easy fix. SUCH an annoying problem on a clientpc
 NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
 e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
 e.g. CMD: net use * "http://fileserver:80/C_drive"
 If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
 a) On a clientpc, map network drive to http://fileserver/
 b) navigate to a folder you know on the \\flieserver is encrypted with EFS
 c) create a new folder, create a new file.
 IF it throws an error, check carefully you mapped to the WebDAV and not file share
 i.e. mapped to "http://fileserver" not "\\fileserver"
 Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
 d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
 e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
 If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
 If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
 a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
 If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
 a) see the last comment at the very bottom of
this page:
Points to consider:
 - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
 It is implimented above, see (11) above
 Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
 This one took me a long time to track down to "network location".
 Win 7 uses network locations "Home" / "Work" / "Public".
 If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
 This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
 FIX = either set IP address manually and specify a gateway
 FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
 FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
 By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
 Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

Access Denied Web Application with Claims authentication NTLM only when using secondary URL

I have a SharePoint 2010 server farm with 2 web front ends, an application server and a database server. Both front ends are internal to
our network and are not behind a load balancer.
NOTE THAT I HAD TO SUBSTITUTE hzzp with hzzp so that I had no links in the body of this post since I am not verified
I setup a new web application called "SharePoint 41171" with:
Public URL:
hzzp://testserver1:41171
Claims authentication
NTLM only: no forms auth
No SSL
New web site "SharePoint 41171"
New app pool
New content database
I create a top level site collection and name mydomain\myusername as the primary site collection admin
I am able to access this site as expected at
hzzp://testserver1:41171 with the aforementioned site collection owner id: mydomain\myusername
I add an alternate access mapping for a secondary URL for this web application in the Intranet zone:
hzzp://iwatest.mydomain.com
So my AAMs for the site read as:
hzzp://testserver1:41171
Default     hzzp://testserver1:41171
hzzp://iwatest.mydomain.com
Intranet     hzzp://iwatest.mydomain.com
When I attempt to log on to
hzzp://iwatest.mydomain.com with the same user name and password, I get "access denied".
I can access this site using
hzzp://iwatest.mydomain.com if I log in as the farm account. This is the only account that seems to work.
Side Note: If I create a separate web application without claims - just NTLM and create the same AAMs, I can login fine with the same secondary
URL and the same user name
IP address properly maps to this machine.
I reviewed the ULS logs and find the following:
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Monitoring
                nasq                        Medium Entering
monitored scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom))
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Logging Correlation Data
      xmnv                        Medium Name=Request (GET:hzzp://iwatest. mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Logging Correlation Data
      xmnv                        Medium Site=/          8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              General
                   8e2s                        Medium
Unknown SPRequest error occurred. More information: 0x80070005       8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Monitoring
                b4ly                        Medium Leaving
Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)). Execution Time=8.66003919492561   8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
Basically it tells me that access is denied. I didnt see anything that stood out here.
I found this article:
hzzp://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/ded9188b-ee03-4ef0-bb50-3ad138110e0c, which pointed me in the direction of ensuring that the portal
super user and portal reader accounts were properly added to my web application. I followed the every popular article on doing this:
hzzp://technet.microsoft.com/en-us/library/ff758656.aspx, but still no luck. As per the thread, I added the 2 domain accounts to the user policy with appropriate privilege
and then set them as the super user and super reader accounts via powershell, and yes I did prefix those names with "i:0#.w|mydomain\". To be exta sure, I repeated this for all web applications on this server with slightly different powershell steps
depending on wether or not claims was enabled on the web application.
The Claims to Windows Token Service is running.
I saw some mention of ensuring that the secure token service is running with a proper application pool account, but we are not running that service
and I cant imagine what that would have to do with my situation.
I have deleted and readded the web application and repeated these steps to no better effect.
I gave the mydomain\myusername full control for the web application through the user policy, ensured that it was indeed the primary site collection
owner and added it to the default site owners group. None of this helped.
I changed the application pool account to the farm account. No change in behavior.
Rebooted IIS and the machines many times along the way.
Further, when I attempt to sign in as a different user after being denied, I get "an unexpected error has occured message. I found the following
in ULS:
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Logging Correlation Data
xmnv     Medium              Name=Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Logging Correlation Data
xmnv     Medium              Site=/    cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 General
         8e2s                Medium              Unknown SPRequest error occurred.
More information: 0x80070005      cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Runtime
        tkau                Unexpected       System.NullReferenceException: Object reference not set to an instance
of an object.    at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser()     at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)            cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.74 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Monitoring
b4ly                Medium              Leaving Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)).
Execution Time=22.5439266722447           cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
By the way, this occurs for the farm account also after a successful login and an attempt to sign in as a different user.
Any help would be greatly appreciated

Thanks spadminspadmin:
I have, though I am not sure that what I've added there is correct:
The URL that I am trying to use to access the web application's IIS site is hxxp://iwatest.mydomain.com. I added a binding to the IIS site as follows:
Type    Host name                      port        IP address
http     iwatest.mydomain.com     41171     *
Is that correct?

Access denied when jsp writes to a`network file system

Hi
Can anyone help. Im having big problems with my web application which was working fine when it was hosted on a tomcat windows NT machine. The application was recently upgraded to a Windows 2000 machine. My jsp page which has to write to a network drive can no longer do so. I keep getting ACCESS DENIED.
My jsp page is as follows:
<html>
<head><title>test</title></head>
<body>This is a test page
<jsp:useBean
id="sendSMS"
scope="page"
class="podsystembeans.phonetrackbeans.FileWrite"
/>
<%
String sms = sendSMS.testIO();
out.println(sms);
%>
</body></html>My javabean is as follows:
package podsystembeans.phonetrackbeans;
import java.io.*;
public class FileWrite
 public String testIO(){
 try{
 // Create file
 FileWriter fstream = new FileWriter("R:/outt.txt");
 BufferedWriter out = new BufferedWriter(fstream);
 out.write("Hello Java");
 //Close the output stream
 out.close();
 }catch (Exception e){//Catch exception if any
 System.out.println("Error testing : " + e.getMessage());
 return "success";
}OBSERVATION
If i try and write the file to the local machine for example C and D drives then it works. If i try and write the file to R drive which is another windows 2000 machine then i get access denied. Also if i try and write to a L drive which is a windows NT machine then i get the same message too.
If i run the above bean as a stand alone application with
public static void main
and I run it then it will work and write to any drive on the network.
Everytime my application fails to write to the network drive my windows machine shows the mapped drives with a red cross on it. I have applied the latest service packs and i have followed microsofts suggestions editing the registry autodisconnect keys. But i am still having problems and it is my java app which is causing it.
SETTINGS
Windows 2000 service pack 4
Tomcat 5 installed on d drive
java 5 installed on c drive
mapped network drives to other machines , the network is a 192.168.1.x network
regards
antek

Hi
Thanks for the pointer, I am trying to follow the suggestion and I want to know is the server.policy same as catalina.policy in tomcat under the conf folder. Also in this policy do i write the ip addresses of the machines i want to access?
Thanks
Antek

Access denied error for Java application on 2630

Hello!
I have bought a 2630 recently. Now I have installed a small Java application that tries to store some data in the phones memory. However, each time the application tries to do so, I get a "java.lang.SecurityException Access denied" message and the application states that it could no save its data. I have set the security settings for that particular application so that the phone should ask before each access to the file system. In fact, before I get the error message, the phone asks whether the application may write data to the file system. But still answering that question with "yes" I get the Access denied error message. Now I am puzzled. By the way, the application uses JSR-75 which the 2630 should support.
Anybody any ideas?
Regards,
Volker

RESOLVED!
I was able to create file from java application on Nokia 2630. Here is how:
1. root C:/ is mapped to folder "Downloads"
2. The folders does not show with their names
3. there are 2 folders in C:/ predefgallery and predefjava
4. in predefgallery there are several predefined folders e.g. predefrecordings is one of them
5. I am able to create file inside predefrecordings, creating file in upper folders is denied
6. user created folders aro NOT shown at all
7. I had to manualy confirm reading of data many times and writing data once.
I hope this can help to other Nokia users since I did not find this anywhere.
Luke

GPP Delete policy not working on Windows Server 2008 R2 RDS when deleting shared printers with status access denied.

Hi!
I Have one AD Security group for each shared printer, I have one GPP that map the printer if the user is in the security group that belong to the printer. And one GPP to delete the printer if the user is NOT member of the security group. The security group
is also applied in “Security” tab on the printsrv with PRINT rights and “everyone” is removed. This works 100 % on Windows 7 clients and Windows 2003 Terminal Servers. But on Windows 2008 R2 RDS this dont work.The Delete Policy will not delete the shared
printer. No warning in any logs, and the gpresult shows that the gpo setting applyed sucessfully. The only way I can make the Delete policy work is if i give the user print rights on the printer on the printsrv. Looks like for the policy to work on 2008
R2 the user must have print rights on the printer object on the printserver. The GPP Delete Policy will not delete printers that have status : access denied. Anyone else had this problem?

Hi,
Based on your description, it seems that we need to give users appropriate permissions, for the error
Access is denied is more or less related to permissions.
However, we can avoid deploying the GPP printer delete policy. As far as I know, we can use Item-Lvel Targeting of GPP to push the shared printers
to the targeted users or groups.
Regarding ILT, the following articles can be referred to for more information.
Preference Item-Level Targeting
http://technet.microsoft.com/en-us/library/cc733022.aspx
Security Group Targeting
http://technet.microsoft.com/en-us/library/cc772471.aspx
Best regards,
Frank Shen

Offline Files sync gives Access Denied on Windows 8.1 Enterprise

A small number of our staff have now been issued with Windows 8.1 Enterprise hybrid tablet computers, however there is a problem with using Offline Files on them - when synchronising, it responds "Access Denied".
The tablets have Windows 8.1 Enterprise with all the latest updates on them. Staff users have a home folder on the network under \\server\staff\homes\departmentname\username which gets mapped to U: and their My Documents is redirected there. The server is currently
Windows Server 2003 R2 SP2.
We have tried:
Resetting the Offline Files cache using the FormatDatabase registry key
Using Group Policy Objects to force Offline Files synchronisation at logon and logoff
Clearing the local cached copy of the user's profile from the machine and getting them to log back on to recreate it
Setting up Offline Files event logging to the event viewer - this provides no useful information as it only logs disconnect/reconnect and logoff/logon events
Forcing Group Policy update using gpupdate /force
Forcing synchronisation using PowerShell and https://msdn.microsoft.com/en-us/library/windows/desktop/bb309189%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
As suggested by http://support.microsoft.com/kb/275461 we gave the All Staff security group Read permissions on F:\Staff (which is the one that is shared as \\server\staff) and then blocked inheritance for folders below that
We also checked the following:
The CSC cache has not been relocated
No error 7023 or event 7023 errors relating to Offline Files are present in the event logs
The Offline Files service is running
The OS is already Windows 8.1 Enterprise, so installing the Pro Pack is not applicable
In HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\UserState\UserStateTechnologies\ConfigurationControls all the values are set to 0 and not 1
We do not use System Center Configuration Manager
No errors were found in the Folder Redirection event logs
None of these solved the problem, does anyone have any suggestions?
Here is the error we are seeing:
Thanks,
Dan Jackson (Lead ITServices Technician)
Long Road Sixth Form College
Cambridge, UK

Hi,
Generally speaking, this problem is most probably occurs at File Server Client.
Firstly, please check the sharing file Sync Settings.
Shared file properties\Sharing\Advanced Sharing\Caching
Also check shared file user list, make sure these problematic user account have full permission.
On the other hand, could you able to access to the shared file directly in Windows Explorer?
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Yes, the user can access the shared folder in Windows Explorer. The user has the following permissions:
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
Create Files/Write Data
Create Folders/Append Data
Write Attributes
Write Extended Attributes
Delete
Read Permissions
Here is a screenshot of how the Caching settings are set up on the top-level Staff share.

"Access Denied" opening PDF from network UNC path.

Can't open pdf file from network path when opening from Adobe Reader any versions. Opening other files such as word, excel etc that is not opening in Adobe Reader works just fine.
Steps to reproduce bug:
Create a shared folder with three folder deep. \\Servername\SharedDrive\FolderLevel1\FolderLevel2\FolderLevel3\
Give user explicit access to "FolderLevel3" with read and execute rights
Enabled "Protected Mode at StartUp" on Adobe Reader X or XI
Make sure there are some PDF files in FolderLevel3
On the user windows session "do not map the share drive", open explorer to "\\Servername\SharedDrive\FolderLevel1\FolderLevel2\FolderLevel3\" directly.
Double click the PDF files in the folder and it will be blocked with an error Access Denied.
Turn off Protected Mode at StartUp and it load fine
Map the location to a Drive Letter and it load fine
Use Adobe Professional and it works fine
Use Nuance PDF reader and it works fine
Not the ideal solution but if we gave users access to read at "SharedDrive" folder, FolderLevel1 and FolderLevel2 then they are able to read the PDF file. We would rather NOT DO THIS. They are blocked from the lower level for a reason......
Results:
Expected results: If it works on PRO it should work on Reader...

Hi Ayenoy,
Please provide the following information:
1) Adobe Reader version on your machine.
2) OS you are using.
3) Is your machine or the shared drive a part of any special file system like DFS etc.
4) Is the user a normal admin/standard user or a special user with roaming profile and folder redirections?
Thanks,
Shakti K

[SOLVED] mount.nfs4: access denied by server

Hi folks. I seem to be having a bit of a problem getting nfs4 to work. I am trying to mount a share from alpha (my fileserver) onto charlie (my workstation). Both of these are new Arch systems and I haven't had any nfs working yet, although I have with other distros on the same hardware.
Fileserver (alpha) config:
# /etc/exports
/files 192.164.1.0/24(rw,sync,fsid=0,no_subtree_check)
# /etc/hosts.allow
sshd: 192.168.1.0/255.255.255.0
nfsd: 192.168.1.0/255.255.255.0
rpcbind: 192.168.1.0/255.255.255.0
mountd: 192.168.1.0/255.255.255.0
idmapd: 192.168.1.0/255.255.255.0
statd: 192.168.1.0/255.255.255.0
[General]
Verbosity = 3
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
/dev/sda1 /boot ext3 defaults 0 1
/dev/sda2 swap swap defaults 0 0
/dev/sda5 / ext3 defaults 0 1
/dev/sda6 /var ext3 defaults 0 1
/dev/sda7 /home ext3 defaults 0 1
/dev/sda8 /files ext3 defaults 0 1
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
nfsd /proc/fs/nfsd nfsd rw,nodev,noexec,nosuid 0 0
DAEMONS=(syslog-ng network netfs rpcbind nfs-common nfs-server hal @alsa @crond @openntpd @sshd)
[root@alpha ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda5 19228276 879492 17372036 5% /
none 507792 140 507652 1% /dev
none 507792 0 507792 0% /dev/shm
/dev/sda1 93307 15887 72603 18% /boot
/dev/sda6 19228276 372632 17878896 3% /var
/dev/sda7 19228276 176224 18075304 1% /home
/dev/sda8 902688436 204872 856629640 1% /files
[root@alpha ~]#
Workstation (charlie) config:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
UUID=437982b2-5c84-4f53-954d-cf43f8b4e707 / ext3 defaults 0 1
UUID=97d79d76-357a-4f4e-8513-f181bff6af62 /boot ext3 defaults 0 1
UUID=d8525095-9b97-4439-932f-8f4e0236cce1 /home ext3 defaults 0 1
UUID=ffba933b-af93-407c-b1b8-69d1cc5be146 swap swap defaults 0 0
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
alpha:/ /files nfs4 defaults 0 0
[General]
Verbosity = 3
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
DAEMONS=(syslog-ng network crond alsa hal fam rpcbind nfs-common netfs)
[root@charlie ~]# mount -a
mount.nfs4: access denied by server while mounting alpha:/
[root@charlie ~]#
This happens even after both systems are rebooted. Can anyone spot what I am missing?
Thanks for looking.
Last edited by dgregory46 (2009-10-21 01:04:09)

Now I really feel stupid. A little proofreading would have saved me a big headache. In /etc/exports I was exporting to 192.164.1.0/24 while my network is the more standard 192.168.1.0/24.
It works fine now, although I did take phaul's suggestion and added my main share "inside" the nfs4 root.

Java.security.AccessControlException: access denied

Hi all
While deploying my portal application lots of following exceptions are thrown. Please guide me how I can solve this issue
<Aug 16, 2007 12:27:43 PM PKT> <Warning> <Management> <BEA-400409> <Exception fr
om ApplicationFilePoller while checking for changes in application appsdirDteP
ortal_dir, directory GHQPortal.
java.security.AccessControlException: access denied (java.io.FilePermission D:\b
ea\user_projects\domains\portalDomain\applications\DtePortal\GHQPortal read)
at java.security.AccessControlContext.checkPermission(Ljava.security.Per
mission;)V(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(Ljava.security.Permiss
ion;)V(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(Ljava.security.Permission;)
V(Unknown Source)
at java.lang.SecurityManager.checkRead(Ljava.lang.String;)V(Unknown Sour
ce)
at java.io.File.list()[Ljava.lang.String;(Unknown Source)
 at java.io.File.list(Ljava.io.FilenameFilter;)[Ljava.lang.String;(Unknow
n Source)
 at com.bea.p13n.management.ApplicationFilePoller.searchDirs(Ljava.lang.S
tring;Ljava.util.Map;)V(ApplicationFilePoller.java:719)
 at com.bea.p13n.management.ApplicationFilePoller.searchDirs()Ljava.util.
Map;(ApplicationFilePoller.java:708)
 at com.bea.p13n.management.ApplicationFilePoller.check()V(ApplicationFil
ePoller.java:671)
 at com.bea.p13n.management.ApplicationFilePoller.access$200(Lcom.bea.p13
n.management.ApplicationFilePoller;)V(ApplicationFilePoller.java:145)
 at com.bea.p13n.management.ApplicationFilePoller$PollerThread.checkAllPo
llers()V(ApplicationFilePoller.java:997)
 at com.bea.p13n.management.ApplicationFilePoller$PollerThread.run()V(App
licationFilePoller.java:953)
 at java.lang.Thread.run()V(Unknown Source)
 at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Sourc
e)
Thanks

Hi
Thanks for reply bposner. I am using 'weblogic' user to deploy the application. Please help me to dig out this problem.
This problem seems linked with Java Security manager. How can I disable Java Security Manager or what permission should I add in security file to resolve this problem.
Thanks
Edited by arafique393 at 08/16/2007 11:23 PM
Edited by arafique393 at 08/17/2007 4:47 AM

ARX "Access Denied" with SymLink

Please refer to this thread--
http://forums.adobe.com/thread/755480?tstart=0
--there are commonalities, but it's somewhat different so I'm starting a new thread.
Client is Win 7/x64, server is SBS2008 SP2. The remote share is a DFS share. I'm able to open files with ARX from \\domain.local\DFSRoot\DFSFolderName, but not from a Symbolic Link to the DFSFolderName folder. The path the SymLink displays is C:\Users\Public\Desktop\DFSFolderName. When I try, I get this message:
Adobe Reader
There was an error opening this document. Access denied.
[OK]
Turning off Enable Enhanced Security in Preferences/Security (Enhanced) makes no difference.
Did not have this problem with AR 9.4.
If I map a drive to the DFS share, I seem to be able to open files from the drive map or the UNC, regardless of the setting of Enable Enhanced Security.

I have what appears to be the same issue, except I encounter the issue when I try to access a file on my local drive in a folder that is a Symbolic Directory Link. Without making any changes to ARX or anything else, I can get ARX to open the file simply by accessing the file using its actual folder path. Maybe this will help...
C:\Folder1\MyPDF.pdf
Result: No probblem. This is the actual folder, and ARX can open the "MyPDF.pdf" file without issue.
C:\SymLink\MyPDF.pdf
The "SymLink" folder is a symbolic directory link to the "C:\Folder1" folder. There is only 1 MyPDF.pdf file. Both paths reference the same file.
Result: ACCESS DENIED. This error is using the Adobe "Cannot open... access denied" message, not a file system or Windows error message.
NOTE - Unchecking "Enable Protected Mode at startup" does prevent this problem! (Edit -> Preferences, bottom of "General" section). However, if you want the added security offered by protected mode, then you will need to avoid the use of symbolic links until Adobe addresses this issue. I am using version 10.1.4, the latest released version as of 10-06-2012 (October 6, 2012).
I have recreated this in multiple ways, with many different types of PDF documents, which were created by three different applications. I have already spent too much time researching this, and found my workaround for this until it is addressed by Adobe. In every case, it breaks ONLY when I try to access the file using a symbolic link in the path name. Note that Windows 7/8 uses symbolic directory links in a few instances, and if someone uses those folders to store PDF's, they could have problems.
NOTE - Anyone can create a symbolic link in Windows 7/8 by using the "mklink.exe" command at a command prompt. It is included with Windows. I have not tested whether soft or hard links to the file itself will cause the problem, but I could upon request if anyone thinks it wouldn't be time wasted. The time I can spend on a PC at one time is limited since a car accident, but I will do it if it could help other avoid the problem that I banged my head against a wall trying to figure out.
I hope this help others facing this issue, and I hope Adobe addresses this issue in an update very soon.
-TSForrest
Good luck and happy hunting!

View access denied to Subject .. on ProvisioningTask: Worflow

Good Morning!
I am using Identity Manager 8.1, I am creating a Workflow for end users but I have the next error when I am ejecuting the work flow, "View access denied to Subject .. on ProvisioningTask: Worflow".
The next is the activity:
<Activity id='1' name='Get Requester View'>
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getView'/>
<Argument name='type' value='User'/>
<Argument name='id'>
<ref>accountId</ref>
</Argument>
<Argument name='authorized' value='true'/>
<Argument name='options'>
<Map>
<MapEntry key='noFetch' value='true'/>
</Map>
</Argument>
<Variable name='view'/>
<Return from='view' to='user'/>
</Action>
<Transition to='Is Requestor a Manager'/>
<WorkflowEditor x='62' y='21'/>
</Activity>
Any body can help me? Where is the error?.
ATTE: Felipe Forero

Have you added you new workflow to end user tasks ?

Access denied to maps

Similar Messages

Maybe you are looking for