Admin share access denied via cluster name

on a windows 2008 two node failover cluster if access \\node1\e$ it works fine. But i am not able to access using cluster name \\cluster network name\\e$.
has anyone faced same issue, kindly advise

Hi,
As in other answers and my post above this is no longer the working method. If you looked at the "
\\cluster-name\c$ " the CNO has no C drive ! this is only a network name!
It is not common that you access the cluster disks other than the node disk by \\CNO\
you should connect \\nodename\c$ and if there is a cluster file share you could connect as
\\Filenodename\sharename and not
\\CNO\sharename if the CNO moves to a other node and the named e$ is than on the other node. Bad way to access the data!
so C$ should only been accessed by \\clusternodename\c$
Greetings, Robert Smit Follow me @clustermvp http://robertsmit.wordpress.com/ “Please click "Vote As Helpful" if it is helpful for you and Proposed As Answer” Please remember to click “Mark as Answer” on the post that helps you

Similar Messages

550 Access denied - Invalid HELO name

Can someone tell me if this error message is my problem or the recipients? 99% of our email goes through fine, but we now have 3 customers we get this error from. The email was sent from Snow Leopard Server 10.6.5. I did an MX check and MXToolbox reported back my ISP's IP address and not the static IP address of our server.
Return-Path: <MAILER-DAEMON>
Delivered-To: [email protected]
Received: by mail (Postfix)
id CBBB646C13E; Thu, 30 Dec 2010 11:26:53 -0600 (CST)
Date: Thu, 30 Dec 2010 11:26:53 -0600 (CST)
From: [email protected] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: [email protected]
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="4B5E246C13C.1293730013/mail"
Content-Transfer-Encoding: 7bit
Message-Id: <20101230172653.CBBB646C13E@mail>
This is a MIME-encapsulated message.
--4B5E246C13C.1293730013/mail
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host mail.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<[email protected]>: host THEIRSERVER.com[66.117.3.196] said: 550 Access denied -
Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)
--4B5E246C13C.1293730013/mail
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; mail
X-Postfix-Queue-ID: 4B5E246C13C
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Thu, 30 Dec 2010 11:26:51 -0600 (CST)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; THEIRSERVER.com
Diagnostic-Code: smtp; 550 Access denied - Invalid HELO name (See RFC2821
4.1.1.1)
--4B5E246C13C.1293730013/mail
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Received: from localhost (localhost [127.0.0.1])
by mail (Postfix) with ESMTP id 4B5E246C13C
for <[email protected]>; Thu, 30 Dec 2010 11:26:51 -0600 (CST)
X-Virus-Scanned: amavisd-new at MYSERVER.com
Received: from mail ([127.0.0.1])
by localhost (MYSERVER.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id XlYy8X32jZDY for <[email protected]>;
Thu, 30 Dec 2010 11:26:51 -0600 (CST)
Received: from [192.168.88.11] (mail.MYSERVER.com [96.226.0.23])
by mail (Postfix) with ESMTPSA id 3512046C135
for <[email protected]>; Thu, 30 Dec 2010 11:26:51 -0600 (CST)
From: Brian Jagielski <[email protected]>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: Test
Date: Thu, 30 Dec 2010 11:26:51 -0600
Message-Id: <[email protected]>
To: [email protected]
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
--4B5E246C13C.1293730013/mail--

Sorry. Was trying to be safe, but if it doesn't matter here it is
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
header_checks = pcre:/etc/postfix/customheaderchecks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 20971520
mydestination = $myhostname, localhost.$mydomain, mail.youngamericagroup.com, youngamericagroup.com, $mydomain
mydomain = youngamericagroup.com
mydomain_fallback = localhost
myhostname = mail
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
smtpdenforcetls = no
smtpdhelorequired = yes
smtpdhelorestrictions = permitsaslauthenticated permit_mynetworks rejectinvalid_helohostname rejectnon_fqdn_helohostname
smtpdpw_server_securityoptions = cram-md5,gssapi,login,plain
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination permit
smtpdsasl_authenable = yes
smtpdtlsCAfile = /etc/certificates/youngamericagroup.com.EAC01934DECC18B36C5A42CBFED35A0C2C93C0E 5.chain.pem
smtpdtls_certfile = /etc/certificates/youngamericagroup.com.EAC01934DECC18B36C5A42CBFED35A0C2C93C0E 5.cert.pem
smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
smtpdtls_keyfile = /etc/certificates/youngamericagroup.com.EAC01934DECC18B36C5A42CBFED35A0C2C93C0E 5.key.pem
smtpdtlsloglevel = 0
smtpduse_pwserver = yes
smtpdusetls = yes
tlsrandomsource = dev:/dev/urandom
unknownlocal_recipient_rejectcode = 550
virtualaliasdomains = $virtualaliasmaps
virtualaliasmaps =
youngamericagroup:~ administrator$
Return-Path: <MAILER-DAEMON>
Delivered-To: [email protected]
Received: by mail (Postfix)
id CBBB646C13E; Thu, 30 Dec 2010 11:26:53 -0600 (CST)
Date: Thu, 30 Dec 2010 11:26:53 -0600 (CST)
From: [email protected] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: [email protected]
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="4B5E246C13C.1293730013/mail"
Content-Transfer-Encoding: 7bit
Message-Id: <20101230172653.CBBB646C13E@mail>
This is a MIME-encapsulated message.
--4B5E246C13C.1293730013/mail
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host mail.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<[email protected]>: host plaztex.com[66.117.3.196] said: 550 Access denied -
Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)
--4B5E246C13C.1293730013/mail
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; mail
X-Postfix-Queue-ID: 4B5E246C13C
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Thu, 30 Dec 2010 11:26:51 -0600 (CST)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; plaztex.com
Diagnostic-Code: smtp; 550 Access denied - Invalid HELO name (See RFC2821
4.1.1.1)
--4B5E246C13C.1293730013/mail
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Received: from localhost (localhost [127.0.0.1])
by mail (Postfix) with ESMTP id 4B5E246C13C
for <[email protected]>; Thu, 30 Dec 2010 11:26:51 -0600 (CST)
X-Virus-Scanned: amavisd-new at youngamericagroup.com
Received: from mail ([127.0.0.1])
by localhost (youngamericagroup.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id XlYy8X32jZDY for <[email protected]>;
Thu, 30 Dec 2010 11:26:51 -0600 (CST)
Received: from [192.168.88.11] (mail.youngamericagroup.com [96.226.0.23])
by mail (Postfix) with ESMTPSA id 3512046C135
for <[email protected]>; Thu, 30 Dec 2010 11:26:51 -0600 (CST)
From: Brian Jagielski <[email protected]>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: Test
Date: Thu, 30 Dec 2010 11:26:51 -0600
Message-Id: <[email protected]>
To: [email protected]
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
--4B5E246C13C.1293730013/mail--

550 Access denied-invalid HELO name (See RFC2821 4.1.1.1.1)

Hello All
I am facing some problem while sending mail which is as:
I have developed a form for sending mail with attachment for this i am using smtp mail server. For this i get some help from OTN. It work well on XP Operating System but when it deployee on Window professional 2003 SP2 (server) then it give message as
Oracle.forms.demos.javamail.SendMessageException:
SendMessage: 550 Access denied-invalid HELO name (See RFC2821 4.1.1.1.1)
Please help me.
Thanks in Advance.

Most likely the name service isn't properly configured on your Windows machine
and it can't get the correct host name for your machine. You can try working
around the problem by setting the mail.smtp.localhost property; see the javadocs
for the com.sun.mail.smtp package.

Cannot use Offline Files with DFS share: "Access denied" error for DfsrPrivate in Sync Center

Hello,
I have an infrastructure that uses DFS to move files to different sites and we are using a GPO to define Offline Files for users at those sites. Whenever we try to initiate a manual sync, an error stating "Access
denied" is generated for all DfsrPrivate directories and the Sync Center reports it as a failed sync. We have tried giving Domain Users, Everyone, and invidiual accounts Write, Modify and even Full Control permissions to the DfsrPrivate directories and
as it seems, only users with administrative access and allowed to sync properly. Is there something obvious I'm missing here?
-Girard

Hi,
I cannot help test on this moment but we should not create offline files on DfsrPrivate folders which will cause issue. Try to exclude those folders as Offline Files and it should work in Sync Center.
If you have any feedback on our support, please send to [email protected]

Inside network can't access webpage via domian name hosted on inside network web server

I've just deployed Cisco 1900 series router.
Configured network with NAT Overload. Everything seems to work fine just one thing that bothers me.. i have web server inside network.. and i can't webpage hosted on that server using www.domainname.com. I can only connect to it via internal IP.
For now i've sovled this by adding domain name and internal IP of server into hosts file in Windows.
But I'd like to know if there is any better way to solve this?

found a solution
http://tech.jocke.no/2010/09/24/cisco-ios-nat-virtual-interface/

550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

i m trying to send the emails to some of the domains and i am getting the reply like this.................

Hi md,
Please refer to see RFC2821 4.1.1.1:
These commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the
SMTP client if one is available. In situations in which the SMTP client system does not have a meaningful domain name (e.g., when its address is dynamically allocated and no reverse mapping record is available), the client SHOULD send an address literal, optionally
followed by information that will help to identify the client system.
This issue may be caused by the FQDN on your send connector, you can change it to the proper name.
You can know more information from this document:
RTC 2821 Simple Mail Transfer Protocol
http://tools.ietf.org/html/rfc2821#section-4.1.1.1
Thanks,
Evan
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Site collection admin getting access denied!!

Hello All,
In my current SPFarm, All users were accessing the environment and all of the sudden some group users are unable to get access to the system. We have been looking this issue all day long and couldn't figure out what is broken in the system.
You can take as an example the following user's credential xyz . He has all sort of permission access to the site collection but unable to access sites within the site collection. He used to access all the sites a couple of days back.
Not everyone is noticing this issue. If I add this user to web application user policy he is able to access the site.
Yashwanth Mannem

This is a published site. superreader and superuser accounts are in web app user policy with appropriate permissions.
Yashwanth Mannem
Do you also have them in the Web Application properties in the correct format (classic or claims)?
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Access denied for all (most?) users in all site collections of web app

Hi,
I have a Sharepoint 2010 farm pre-SP1 (yes should be updated!) and for all site collections of a web app, all users are getting access denied.
Now in my title I said "most?" because I have found one user in another office who does not have this issue. This web app/site collections also do not go through f5 or any proxies.
Even if I add myself as a site collection admin via central admin, I get the same result. I've looked at everything, windows time on the server (not using kerberos), errors in event log (nothing), uls logs just say access denied (very helpful!), etc...
I can try what's suggested at http://social.technet.microsoft.com/Forums/en-US/e66f1b09-605d-4546-a581-2a9283c238c0/access-denied-for-all-users-and-for-site-collections-owner?forum=sharepointgeneralprevious but when asking colleagues, there's been no
changes, let alone with those accounts? I can do a get on the property tomorrow to find if there is a value set first, however.
Any suggestions on this?

Hi,
Please try logging in the site with farm account.
If it works, please make sure you have superuser and superreader accounts in CA > Application management > web application policy. If not, please add both accounts with the powershell script in the article below, this can cause all users denied when
access the site:
http://technet.microsoft.com/en-us/library/ff758656.aspx
Here is a similar thread:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/a49b1ab8-273f-41e4-a0b8-be0e31c6733b/all-users-including-site-collection-admins-receiving-access-denied-from-one-site-collection?forum=sharepointadminprevious
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support

CCM.LOG Showing Errors Connecting to Server (Error 5 - Access Denied) to \\\admin$ Share

Hi All!
We are encountering what I think would be a normal error in most cases if a client is unavailable or offline. During client push, we are receiving errors connecting to a NULL value in the log (\\\admin$) as opposed to an actual client:
Under normal circumstances, the log should read as follows:
Attempting to connect to administrative share
\\<machine_name>\admin$ using <Client Push Account>.
What we are running into is a repeating error (with some processed CCR records in between) that shows as follows:
~ Doing Account Cleanup Operation .... SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:14 AM 8612 (0x21A4)
~ Processing domain DOMAIN1 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:14 AM 8612 (0x21A4)
~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:14 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN3\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN2\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN1\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN1\clientpush_service_account (00000775) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Processing domain DOMAIN2 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN3\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN2\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN1\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN1\clientpush_service_account (00000775) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Processing domain DOMAIN3 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN3\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN2\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN1\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN1\clientpush_service_account (00000775) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
~ Account Cleanup Operation Completed successfully. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
We have Three Domains (Domain1, Domain2, and Domain3) with service accounts specified in the Client Push Installation Client properties.
I don't know if there is an entry (or entries) in the SCCM database that are NULL or blank that is generating these errors.
\\\admin$ indicates, to me, that there is a missing machine name that should follow the two \\ and before the \admin$. Obviously we aren't going to be able to connect to a machine with no name (hence the Failed to Connect to Server. Error
5).
Is there a way to clean the database of these empty records and fix this recurring error? It repeats every 15 minutes.
Thank you!

Yes, I know this is an old post, but I’m trying to clean them up.
I would review the CM07 console to see if there are any device without a netbios name. It will be these device that are cause you problems.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
     1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
          EFS operations occur on the computer storing the files.
          EFS files are decrypted then transmitted in plaintext to the client's computer
          This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
     2) SOLVE by setting up WebDAV (efs files accessed through web folders)
           EFS operations occur on the client's local computer
           EFS files remain encrypted during transmission to the client's local computer where it is decrypted
           This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
           BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
         READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
   a) START ... CMD
   b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
   c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
   1 click START and type "Turn Windows Features On or Off" and open the link
       a) scroll down to "Internet Information Services" and expand it.
       b) put a tick in: "Web Management Tools" \ "IIS Management Console"
       c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
       d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
       e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
       f) click ok
       g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
       a) on the "Anonymous Authentication" and click "Disable"
       b) on the "Windows Authentication" and click "Enable"
      NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
        It can be by changing registry key:
           [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
           BasicAuthLevel=2
       c) on the "Windows Authentication" click "Advanced Settings"
           set Extended Protection to "Required"
       NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Add Allow Rule"
       b) set this to "all users". This will control who can view the "Default Site" through a web browser
       NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
       NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
       a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
       a) on the right side, under Actions, click "Edit Feature Settings"
       b) tick the box "Allow double escaping"
     *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
     These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
     This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
       a) set the Alias to something sensible eg "D_Drive", set the physical path
       b) it is essential you click "connect as" and set
this to a local user (on fileserver),
       if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
             NB: the user account selected here must have the required EFS certificates installed.
                        See
here and
here
        NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
      This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
       The work around is on the \\fileserver create an NTFS symbollic link
          e.g. to share the entire contents of "D:\",
                on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                in cmd in this folder create an NTFS symbolic link to "D:\"
                so in cmd type "cd c:\inetpub\wwwroot"
                then in cmd type "mklink /D D_Drive D:\"
        NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
         NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
       a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
       b) if some exist review existing allow or deny.
           Take care to not only review the "allow access to" settings
           but also review "permissions" (read/write/source)
       NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
       a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
             choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
          NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
       b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
      a) On Windows 7 you need only change one tiny registry value:
           - click START, type "regedit", open link
           -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
           -on the EDIT menu click NEW, then click DWORD Value
           -Type "DisableEFSOnWebDav" to name it (no speech marks)
           -on the EDIT menu, click MODIFY, type 1, then click OK
           -You MUST now restart this computer for the registry change to take effect.
      b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
         NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
      a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
      b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
            It should show the default "IIS7" image.
            If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
      c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                e.g. http://localhost/D_drive
            If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
      a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
      b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
              eg if your server's computer name is "fileserver" go to "http://fileserver:80"
              It should show the default "IIS7" image. If not, check firewall and port blocking.
              Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
     c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
               eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
               A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
      a) click the "Connections" tab at the top
      b) click the "LAN Settings" button at the bottom right
      c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
      a) click START, type "regedit", open link
    b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
       c) click on "FileSizeLimitInBytes"
       d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
         a) click on "Security" (top) and then "Custom level" (bottom)
         b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
         SUCH an easy fix. SUCH an annoying problem on a clientpc
   NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
            e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
            e.g. CMD: net use * "http://fileserver:80/C_drive"
         If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
       a) On a clientpc, map network drive to http://fileserver/
       b) navigate to a folder you know on the \\flieserver is encrypted with EFS
       c) create a new folder, create a new file.
           IF it throws an error, check carefully you mapped to the WebDAV and not file share
              i.e. mapped to "http://fileserver" not "\\fileserver"
           Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
       d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
       e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
        If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
        If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
      a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
            If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
      a) see the last comment at the very bottom of
this page:
Points to consider:
   - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
      It is implimented above, see (11) above
      Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
     This one took me a long time to track down to "network location".
     Win 7 uses network locations "Home" / "Work" / "Public".
     If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
     This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
     FIX = either set IP address manually and specify a gateway
     FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
     FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
       By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
      Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

Shared folders (Windows file shares) show access denied and do not prompt for credentials

Scenario:
Like other admins, I log on and work as a 'standard user' (usera) with no admin rights anywhere in the domain, to perform admin tasks I have another account (userb) which I authenticate with as and when required. userb has been allocated/delegated permissions
as required.
Problem:
When trying to connect to shared folders on servers (2008 R2) using a UNC patch via Windows Explorer (Win 7 Ent.), I see an access denied error and do not get an option to supply alternative credentials.
If I try to connect to the admin shares on the same server (\\server\C$ or \\server\e$) I get an access denied message AND get prompted for credentials. I supply my admin account and gain access as expected.
If I check share and storage management when attempting to connect, I see that Windows is trying to connect me to each share as usera (which has no access). I understand why I get access denied at this point, but not why it can't just prompt me to supply an
account that does have access. When trying the admin shares I also see the usera account, but I get a prompt to supply a user who does have access.
Share permissions on the folders are for example 'Everyone' Full Control. NTFS permissions are 'userb' has modify (read, execute, list, traverse etc) via a 'Server Admins' AD Universal security group.
Note: If I do a NET USE from CMD and use the /USER switch, I can access the shares fine. But this is not great for accessing shared folders on the fly from various computers.
How can I get the other shares on the server to prompt me, rather than just say access denied?
Many thanks.

Try to disable guest user from the server
If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY
suggestion in a test environment before implementing!

Configuring quorum file share witness access denied

in failover cluster administrator, when I try to configure the quorum for file share witness, it keeps coming up and say access denied.
any idea? I created the share as a domain admin and I am running the failover cluster admin as a domain admin

Hi JonDoe321,
From the error information It must the file share folder don’t meet the permission requirement, For the folder that the file share uses, make sure that the administrator has
Full Control share and NTFS permissions, grant the CNO on the file share with full control right, you can refer the following KB to realize the detail requirement.
Failover Cluster Step-by-Step Guide: Configuring the Quorum in a Failover Cluster
http://technet.microsoft.com/zh-cn/library/cc770620(v=ws.10).aspx#BKMK_requirements
More related third party article:
How to configure a Node and File Share Majority quorum
http://www.howtonetworking.com/server/cluster12.htm
I’m glad to be of help to you!
*** This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control
these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the
use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. ***
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Access Denied when trying to open a file that is encrypted on network share with EFS

I just recently enabled EFS on the default domain policy and created a new network share, encrypted a file and added myself to that file and tried to open the file from my workstation. I then receive an error "Access denied", I also tried
to create a file and encrypt it on that same share and get an error "The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation."
My steps.
1. Enable group policy for EFS, removed the expired certificate that was already there and Created a new Data recovery agent.
2. Created a network share, created a test file, enabled encryption on the file
3. certmgr.msc, personal and requested a new certificate, Basic EFS
4. On the network share and properties of file, advanced, details and added the user
5. from the workstation tried to access the file, Access Denied. I can create any file I won't just can't add attributes to encrypt the file or open an encrypted file
Now if I go to the server where the CA is located which is also the AD server and create share and run the same process it works as expected. I'm guessing I have to export the cert from the CA server as a pfx and import that to both the server that
has the network share and the workstation but that still doesn't seem to work. Maybe I don't understand how EFS works and this is not possible? Any suggestions would be appreciated.

You are correct in not understanding how EFS works.
When you connect to an encrypted file via a network share, the encryption/decryption takes place *on* the server. To enable over the network access, the server's computer account must be trusted for delegation.
The server actually impersonates the user and creates a user profile on the server (containing the defined EFS certificate and private key). The important thing to remember is that the files is transmitted in clear text from the server to the client.
See http://blogs.technet.com/b/instan/archive/2010/08/11/remote-efs-decryption-and-trusted-for-delegation-requirements.aspx
Brian

FYI: 1 possible solution and cause to Access Denied on opening PDF on network shares with Reader XI

FYI
Hi.
Updated in May to another release of Reader XI.
Got the problem stated in the titled of this post - with access denied for PDF on network shares.
Reason:
Long time error in Adobe Reader with shares and thumbnails causes me to use the thumbnail and preview fix done by a third party. Has worked for years - while Adobe has not seemed to care about fixing this problem ...
That's the real reason ...having to use an almost out-dated fix now.
However, if using the thumbnail and preview fix:
Then its legacy interaction with Adobe Rader is probably the cause of this error - reinstall (reregister) the preview and thumbnail fix - and the problem will go away.
... and Adobe Reader XI is back up with protected mode working - on Network shares ... with the thumbnails there.
Now if anybody is reading this from the Adobe staff ... please add the thumbnail and previews to Adobe Reader?
May you forgot this did not work on shares ... like forgot "forever" ... and meanwhile users got a third party fix they reinstall everytime from the age of Adobe Reader bloatware creating the FoxIt Reader spinoff.
Since then Reader has come a long way in tearms of realibility ... however, the missing thumbnail and preview on shares and x64 platform needs to be fixed.
Then these "cannot" open PDF on Network shares reports may go away ...?

If you have any bugs to report, this is where to do it: https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform

Folder Share with Child Domain. Access Denied

I have a Primary domain controller and a Child domain controller, both running Server 2012 Standard.
Let's call them:
dns.com
child.dns.com
In File & Storage Services on Server 2k12, I have create my Share folder.
On the share folder, I create Permissions for the Security Group on the Child Domain to access the folder.
The primary domain and the child domain admin can access the folder.
On the workstation connected to the Child domain, I get an access denied message.
Any suggestions?

Hi,
Here are my suggestions:
1. Make sure the account you logged on workstation below to the group you added onto the Shared folder, in both Shared tab and Security tab.
2. Test to add the user specifically to the Shared tab and Security tab with Full Control permission and test again.
3. Logon a user below to Primary domain onto the same workstation and see if the account could access the folder.
4. If not tested, try to logon both primary and child domain admin onto the workstation and let us know the result.
If you have any feedback on our support, please send to [email protected]

Admin share access denied via cluster name

Similar Messages

Maybe you are looking for