Erreur OpenConnection : 0x80070005 - CCertView::OpenConnection: Access denied. 0x80070005 (WIN32: 5)

Hi,
I am trying to make a webservice work on my ADCS. The aim of the script is to automate revocation of a certificate (the CN of the certificate is given in parameter).
I am facing the following error when call my webservice:
Erreur OpenConnection : 0x80070005 -> CCertView::OpenConnection: Access denied. 0x80070005 (WIN32: 5)
My guess is, here is the line that triggers the error:
CertView.OpenConnection( strCAConf )
The script is pubished through an ASP application in IIS. The application runs with a domain account. It is based on the following method:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa385432%28v=vs.85%29.aspx
Do you know what kind of right and where it needs to be applied in order to make this piece of code work?
Thank you so much.
Regards,
Alexandre

Hi Alexandre,
I am not sure about what permissions does the command OpenConnection require, you may need to refer to MSDN forums to get an accurate answer.
Microsoft Developer Network Forums
https://social.msdn.microsoft.com/Forums/en-US/home?category=vslanguages&filter=alltypes&sort=lastpostdesc
However, revoking certificates requires Issue and Manage Certificates permissions. I suggest you assign Issue and Manage Certificates permissions to the domain account, then try to run the script. If it doesn’t work, try use a domain admin account to test.
More information for you:
Windows Server 2003 PKI and Role-Based Administration
https://technet.microsoft.com/en-us/library/cc739182%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]

Similar Messages

  • Tn3270 fails on access denied

    After configuring the tn3270 Provider I downloaded from Protal Studio, I attempt to connect to the mainframe and it hangs with a grey screen.
    I checked the trace file and here are the firs few messages (where nn.nn.nn.nn is the IP address I configured and YYY is the port I configured)
    Inside Tn3270Applet.init()
    Inside Tn3270Applet.start()
    Inside Tn3270Bean()
    nn.nn.nn.nn
    Inside Tn3270Bean.connect()
    Inside Tn3270Main()
    Inside Tn3270TcpConnector()
    Inside Tn3270Display()
    Inside Tn3270Cursor()
    Inside Tn3270Stream()
    Inside AID
    Inside Tn3270Main.openConnection()
    Inside Tn3270TcpConnector.openConnection()
    Inside Tn3270TcpConnector.openConnection()
    access denied (java.net.SocketPermission nn.nn.nn.nnn:yy connect,resolve)
    Inside Tn3270Bean.startThread()
    Inside Tn3270Applet.renderData()
    Inside Tn3270Bean.run()
    Inside Tn3270Main.readInputStream()
    Inside Tn3270TcpConnector.read()
    null
    Inside Tn3270Main.processInputStream()
    Inside Tn3270TcpConnector.process()
    Inside Tn3270Main.readInputStream()
    Inside Tn3270TcpConnector.read()
    null
    Inside Tn3270Main.processInputStream()
    Inside Tn3270TcpConnector.process()
    Inside Tn3270Main.readInputStream()
    Inside Tn3270TcpConnector.read()
    null
    Inside Tn3270Main.processInputStream()
    Inside Tn3270TcpConnector.process()
    It stays in this loop forever. I tried this in Internet Explorer(v#6.0) patched up to SP1 and Netscape (v# 7.1) and in both cases it fails identically. I even downloaded the late4s JRE from Sun - but to no avail.
    Any help would be appreciated.
    Thanx, John Watson

    I'm running command: prnmngr.vbs -a -p "blah" -m "blah" -r "blah"
    I have made some progress on this, disabling UAC resolves the issue but it is not a suitable solution.  Any ideas?
    The code runs fine on Windows 7 & 8 with UAC enabled.
    Yes - do not use legacy methods on WS2008R2.  You should be using Group Policy to connect user printers.
    Why do these printers have to be constantly reconnected.  Are they on wheels or have wings.  Printers get connected once and are published in AD>  Users can choose the printer they need from a list.
    "Prnmngr" is a leftover from NT 4 and is maintained for use in stand alone systems. 
    PrintManager does all things and more.  It has been the replacement since WS2003R2.  Note that is WS2003.
    http://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx
    ¯\_(ツ)_/¯

  • CcmEval Scheduled task not being created with "Access Denied" error 0x80070005 only on XP machines

    Before coming on here I checked out http://social.technet.microsoft.com/Forums/en-US/ddbfe6c3-ee54-4b2a-a3a7-a6515d974f76/client-check-failed-on-xpserver-2003-systems-onlyccmeval-is-not-being-scheduled?forum=configmanagerdeployment (GPO
    to allow scheduled tasks by users) and another thread about a hotfix that seems to be pre-XP SP3 and pre-CM 2012 R2.
    That said, I'm having an issue many seem to have, but I can't find the answer. From what I understand SCCM uses the user context to create the CcmEval task, but in XP users cannot set a task to run as any other user (ie SYSTEM in this instance) so what is
    the workaround? I can't just give users Administrator permissions to install the client.
    The exact log entries are:
    <![LOG[Client evaluation task doesn't exist.]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="2" thread="4356" file="ccmevalcheck.cpp:705">
    <![LOG[Client evaluation task is not found or is disabled or is not compliant, perform remediation]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="2"
    thread="4356" file="ccmevalcheck.cpp:341">
    <![LOG[Attempting to recreate client evaluation task.]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="1" thread="4356" file="ccmevalcheck.cpp:833">
    <![LOG[Task scheduler 2.0 is not supported, peform task registration with 1.0 API.]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="1" thread="4356"
    file="ccmevaltask.cpp:345">
    <![LOG[Failed to delete task Configuration Manager Health Evaluation (0x80070002).]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="2" thread="4356"
    file="ccmevaltask.cpp:379">
    <![LOG[Failed to create task item (0x80070005).]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="3" thread="4356" file="ccmevaltask.cpp:387">
    <![LOG[Failed to create client evaluation task.]LOG]!><time="19:05:43.548+360" date="12-14-2013" component="CcmEvalTask" context="" type="2" thread="4356" file="ccmevalcheck.cpp:850">
    The bolded section is what's telling me it's Access Denied, and manual creation of any program task set to run as SYSTEM tells me the same- users cannot do this; only admins can.
    What can I do?

    So after sifting through some RSOP results and GPO objects I found a policy that wasn't necessarily prohibiting creation of them. (Not where you think it would be - under
    Administrative Templates > Windows Components > Task Scheduler > "Prohibit New Task Creation" -
    this was set to allow them) but this one I found was a File Permissions policy that set SYSTEM permissions to READ and EXECUTE.
    I've changed this to FULL CONTROL for SYSTEM. I'm unable to get on the machines to examine everything closely, but from what I can see at least one of them has remediated themselves and now has a successful client check in the console. Hopefully the rest
    of them will come around as GP updates itself and the client does an evaluation to remediate the Scheduled Task.
    Hopefully this helps someone in the future as well.

  • Access denied error when Loading document library for "contribute" users : Unknown SPRequest error occurred. More information: 0x80070005

    Hi,
    We are facing a very strange issue on a SharePoint Publishing portal. Domain users (contribute level access) have access to document libraries under specific sub sites. Every morning if they try to access the document library pages, users complain about "Access Denied" issue on document library page. But if a SP Farm admin account login on site, and browse to document library page, access denied issue seems to disappear for end users also. For whole day it works fine. But next day access denied error occurs again. I am not sure why this is happening. I have looked into Event Log and SharePoint Logs, found following information useful, but not sure what to do next.
    Please help.
    Event log Details:
    Server: WFE01
    Event Type: Error
    Event Source: Office SharePoint Server
    Event Category: Publishing
    Event ID: 5169
    Date:  17/11/2009
    Time:  07:47:31
    User:  N/A
    Computer: SPWFE01
    Description:
    Console Configuration File Error: XML Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    SP Log files:
    All logs are for process: w3wp.exe (0x031C)                        0x17F4 Windows SharePoint Services  
    ·     Begin OnLoad of XmlConsoleDataSource from file "EditingMenu".
    ·     Attempting to load XML from config file "EditingMenu".
    ·     PermissionMask check failed. asking for 0x00010000, have 0x00000000
    ·     Unknown SPRequest error occurred. More information: 0x80070005
    ·     Access Denied for /Projects/LFB/03 Bid Stage 1/Forms/AllItems.aspx.
    ·     StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.SPGlobal:Void HandleUnauthorizedAccessException(System.UnauthorizedAccessException), Microsoft.SharePoint.Library.SPRequest:Void OpenWeb(System.String, System.String ByRef, System.String ByRef, System.String ByRef, System.Guid ByRef, System.String ByRef, UInt32 ByRef, System.Guid ByRef, UInt32 ByRef, UInt32 ByRef, UInt32 ByRef, UInt16 ByRef, Boolean ByRef, Int16 ByRef, UInt32 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Boolean ByRef, Int16 ByRef, UInt32 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Int32 ByRef, Boolean ByRef, System.String ByRef, System.String ByRef, Int32 ByRef, Int16 ByRef, ...
    ...System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.Object ByRef, Boolean ByRef, UInt64 ByRef, Boolean ByRef, Boolean ByRef, System.Guid ByRef, System.Guid ByRef, Int32 ByRef, System.DateTime ByRef, System.DateTime ByRef, System.String ByRef), Microsoft.SharePoint.SPWeb:Void InitWeb(), Microsoft.SharePoint.SPWeb:Microsoft.SharePoint.SPSecurableObjectImpl get_SecurableObjectImpl(), Microsoft.SharePoint.SPWeb:Microsoft.SharePoint.SPRoleAssignmentCollection get_RoleAssignments(), Microsoft.SharePoint.Publishing.WebControls.ConsoleXmlUtilities:System.String ConfigurationXml(System.String, Boolean), Microsoft.SharePoint.Publishing.W...
    ...ebControls.ConsoleXmlUtilities:Microsoft.SharePoint.Publishing.WebControls.ConsoleNode GetConsoleNodeCollectionFromXmlFile(System.String, Boolean), Microsoft.SharePoint.Publishing.WebControls.XmlConsoleDataSource:Void LoadTreeFromConfigXml(), Microsoft.SharePoint.Publishing.WebControls.XmlConsoleDataSource:Void OnLoad(System.EventArgs), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Page:Vo...
    ...id ProcessRequestMain(Boolean, Boolean), System.Web.UI.Page:Void ProcessRequest(Boolean, Boolean), System.Web.UI.Page:Void ProcessRequest(), System.Web.UI.Page:Void ProcessRequestWithNoAssert(System.Web.HttpContext), System.Web.UI.Page:Void ProcessRequest(System.Web.HttpContext), System.Web.HttpApplication+CallHandlerExecutionStep:Void System.Web.HttpApplication.IExecutionStep.Execute(), System.Web.HttpApplication:System.Exception ExecuteStep(IExecutionStep, Boolean ByRef), System.Web.HttpApplication+ApplicationStepManager:Void ResumeSteps(System.Exception), System.Web.HttpApplication:System.IAsyncResult System.Web.IHttpAsyncHandler.BeginProcessRequest(System.Web.HttpContext, System.AsyncCallback, System.Object), System.Web.HttpRuntime:Void ProcessRequestInternal(System.Web.HttpWorkerReque...
    ...st), System.Web.HttpRuntime:Void ProcessRequestNoDemand(System.Web.HttpWorkerRequest), System.Web.Hosting.ISAPIRuntime:Int32 ProcessRequest(IntPtr, Int32),
    ·     Releasing SPRequest with allocation Id {E3BC24ED-F243-4DBD-8625-EE7CF9FDA039}
    ·     Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    ·     Console Configuration File Error: XML Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    ·     Releasing SPRequest with allocation Id {D1A87724-6FB6-4009-B6D1-D7E15918E213}
    Pryank Rohilla
    MCTS, MCAD

    Hi pryank,
    From the log, it seems that the users don’t have permission on this page:
    /Projects/LFB/03 Bid Stage 1/Forms/AllItems.aspx
    Does the sub site have unique permission instead of inheriting permission from the parent site? If no, you need to make the sub site to inherit permission from the site collection so that master page also inherits the right. If this is not allowed in your organization, please go to “Site Actions”à “Site Settings” à “Master Pages and Page Layouts” to give users permissions on this document library.
    Hope this helps.
    Lu Zou

  • Access Denied error (0x80070005) when trying to access System Protection or Restore

    When I attempt to access System Protection or System Restore, I get an error message "Access Denied- (0x80070005)". I hope someone knows a fix for this problem.

    Satellite P205-S7476 
    When I attempt to access ... System Restore, I get an error message "Access Denied- (0x80070005)".
    That probably indicates corruption in the restore points. The only way to fix it is to turn System Restore off and then on again. Unfortunately, that remove all the existing restore points.
       Turn System Restore on or off
    -Jerry

  • WUSA error 5 0x80070005 Access Denied while installing KB2992611 & KB3003743 on Win 7

    I'm having a well known problem while patching Windows 7 SP1 x86 systems, but none of the common fixes have worked. I'll use KB2992611 for examples throughout, but the exact same behavior is being seen with KB3003743.
    Logged in as an admin and running an elevated command prompt, I try to install the patch as follows:
    wusa.exe C:\Temp\Windows6.1-KB2992611-x86.msu /quiet /norestart
    The event log shows a 0x80070005, Access Denied from WindowsUpdateClient, but nothing else interesting. If I remove the
    /quiet switch or just double-click the .msu, the graphical installer gets through the "Initializing" phase, but then says "The following updates were not installed:" and lists the patch.
    The CBS log (C:\Windows\Logs\CBS\CBS.log) suggests permission issues with stuff under C:\windows\SoftwareDistribution...
    Info DPX Started DPX phase: Apply Deltas Provided In File
    Info DPX MoveFileExW failed, source: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\$dpx$.tmp\f3e1d3177d3c4d4597f9494ac7b982ea.tmp, destination: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe, hr 0x80070005
    Info DPX DpxMoveFileExW failed, source: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\$dpx$.tmp\f3e1d3177d3c4d4597f9494ac7b982ea.tmp, destination: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe, hr 0x80070005
    Info DPX MoveFileExW failed, source: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\$dpx$.tmp\847db368c3d8b44092e372d302e831d8.tmp, destination: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\lsass.exe, hr 0x80070005
    Info DPX DpxMoveFileExW failed, source: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\$dpx$.tmp\847db368c3d8b44092e372d302e831d8.tmp, destination: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\inst\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\lsass.exe, hr 0x80070005
    Info DPX File could not be expanded, Source=x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe, Target=(null), status=0x80070005
    Info DPX ProvideRequestedDataByFile failed, Response file Name: \\?\C:\windows\SoftwareDistribution\Download\fa848827d1bd908340ba44c76a28e7e8\Windows6.1-KB2992611-x86.cab
    Info DPX Ended DPX phase: Apply Deltas Provided In File
    (timestamps removed for readability)
    ...but other .msu files install without issue. I browse to C:\windows\SoftwareDistribution\Download\{string} and see that the Windows6.1-KB2992611-x86.cab file has been copied there. 
    The Windows Update log (C:\Windows\WindowsUpdate.log) has similarly unhelpful messages referencing error 80070005.
    Intelligently interpreting procmon output may be above my pay grade, but the only ACCESS DENIED event that I see from TrustedInstaller.exe is while attempting a
    SetRenameInformationFile on C:\windows\SoftwareDistribution\Download\{string}
    I have tried the fix that involves using the subinacl utility to make sure that Administrators and SYSTEM have proper permissions in the registry (e.g., see support.microsoft.com/kb968003). I have also tried the fix that Kim proposes at the link below,
    using subinacl to make sure that NT SERVICE\TRUSTEDINSTALLER has permissions where it needs...
    answers.Microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-update-error-0x80070005-need-a-fix-click/e4cb8700-f215-4f1a-8bd4-6457ac619c19. I get the same errors after running their scripts as directed.
    I am having this issue on multiple (near-) identically configured hardware from Dell & Fujitsu, so it is not just one flakey device. The systems are locked down via local GPO and run custom applications, so there is a chance that something wonky and
    specific to my environment is causing this, but I'm out of things to check and try, so any ideas would be appreciated. Additional info available upon request.
    Thanks

    Hi,
    I recommend you to follow these steps to have a fix.
    1.Rename the SoftwareDistribution folder.
         Open an administrative Command Prompt window.
         Run the following commands, and press Enter after each command:
         Net stop wuauserv
         cd %systemroot%
         Ren SoftwareDistribution SoftwareDistribution.old
         Net start wuauserv
         Try to install updates again.
    2.Run this Troubleshoot tool to have a check.
    To run the tool:
    Control Panel\All Control Panel Items\Troubleshooting\System and Security\Windows Update
    3.When you are installing the update, please log in the machine as an administrator. Meanwhile please turn off the antivirus software temporarily to install the update.
    Best regards 

  • Group Policy Printer Error (0x80070005 Access Denied)

    I am trying the deploy two network printers via group policy using Server 2008 R2 SP1. I created the GPO and added the printers from our print server under computer configuration so that it will apply to the computers, not just the users. After a computer in
    the correct OU Gpupdates I recieve the following error in it's application event log:
    WARNING: GROUP POLICY PRINTERS
    Group Policy object did not apply because it failed with error code 0x80070005 Access is Denied. This error was suppresed.
    Any suggestions or thoughts are appreciated. I have been dealing with this error and trying the figure it out for awhile now. 

    Hi,
    This issue mostly can be caused due to the incorrect permission settings.
    Please try to perform the troubleshooting steps the following Microsoft TechNet blog provides.
    Group Policies and Access Denied
    http://blogs.technet.com/b/matthewms/archive/2005/10/29/413275.aspx
    Regards,
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Access denied error while trying to install graphics drivers

    Hello,
    I have a new toshiba laptop P70-A. I have installed windows 7 and the pc was working excellent up until now. Noticed yesterday that the nvidia automated system failed to install the new update. When I tried to install the new driver manually, even from the
    device manager, I got the access denied message. 
    A day now wasted reading all the possible causes and solutions but with no luck. Read all the forums and all the posts, tried almost everything. Below youll find everything I tried as a solution and failed.
    1.Disabled UAC
    2.Enabled the administrator account and trying to take control from there
    3.Run the subinacl and the reset.cmd
    4.Tried manually to take control the folder windows (and access denied while changing the rights)
    5. Scanned the system with everything there is available ( Kaspersky, MalwareBytes, RegCurePro, Tuneup Utilities, CCleaner) The system came out clean.
    6. Tried restoring the system to an earlier time (got again access denied error code 0x80070005)
    7. Checked all the group policies (all seem to be fine)
    8. Run a script to take immediate ownership over all of C:
    TAKEOWN /A /F C:
    then the next one
    TAKEOWN /F C: 
    9. With subinacl I run all the above scripts... (still nothing changed)
    @echo off
    title Resetting ACLs...
    echo.
    echo Determine whether we are on an 32 or 64 bit machine
    echo.
    if "%PROCESSOR_ARCHITECTURE%"=="x86" if "%PROCESSOR_ARCHITEW6432%"=="" goto x86
    set ProgramFilesPath=%ProgramFiles(x86)%
    goto startResetting
    :x86
    set ProgramFilesPath=%ProgramFiles%
    :startResetting
    echo.
    cd /d "%ProgramFilesPath%\Windows Resource Kits\Tools"
    echo. 
    echo Resetting ACLs...
    echo (this may take several minutes to complete)
    echo. 
    echo IMPORTANT NOTE: For this script to run correctly, you must change
    echo the values named Athena to be the Windows user account that
    echo you are logged in with.
    echo.
    echo ==========================================================================
    echo. 
    echo. 
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators > %temp%\subinacl_output.txt
    echo. 
    echo. 
    subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=Athena=f /setowner=administrators >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    echo System Drive...
    subinacl /subdirectories %ProgramFilesPath%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    echo Windows Directory...
    subinacl /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
    echo. 
    echo. 
    echo ==========================================================================
    echo. 
    echo FINISHED.
    echo. 
    echo Press any key to exit . . .
    pause >NUL
    Im frustrated really... ANY help at all would be really appreciated.
    Thanks in Advance and sorry for the long post
    Athena 

    Hello,
    Thanks for the replies, i much appreciate it. I tried all of the above with no luck again. Safe mode allows me though to install drivers but thats reverting the moment im entering windows. Im always running commands and programs as a administrator or in
    the Admin enabled account.
    It seems the problem is solved today. Via tune up utilities I disabled most of the startup programs and services and it seems that 1 service is causing this issue. Although I havent played much with the disabled services but 3 remain to be checked. One of
    the three is causing this.
    Thanks again guys and Ill keep you posted about the soft. conflict.
    Athena

  • Access denied. When trying to upload files into SharePoint with PowerShell

    AM trying to upload a bunch of files into SharePoint using PowerShell. I have a code that works on my local machine, but when I get on the server, it does not. Here is what my block of code looks like
    $webUrl = "http://SampleSite"
    $libraryName = "My Lib"
    $docLibraryUrlName = "My%20ContentType"
    $fileLocation = "C:\test\"
    $contentType = "My ContentType"
    #Open web and library
    $web = Get-SPWeb $webUrl
    $docLibrary = $web.Lists[$libraryName]
    $files = ([System.IO.DirectoryInfo] (Get-Item $fileLocation)).GetFiles()
    ForEach($file in $files)
    #Open file
    $fileStream = ([System.IO.FileInfo] (Get-Item $file.FullName)).OpenRead()
    # Gather the file name
    $FileName = $File.Name
    #remove file extension
    $NewName = [IO.Path]::GetFileNameWithoutExtension($FileName)
    #split the file name by the "-" character
    $FileNameArray = $NewName.split("_")
    #Add file
    #$folder = $web.getfolder($docLibraryUrlName)
    $folder = $web.getfolder($docLibrary)
    write-host "Copying file " $file.Name " to " $folder.ServerRelativeUrl "..."
    $spFile = $folder.Files.Add($folder.Url + "/" + $File.Name, $fileStream, $true)
    $spItem = $spFile.Item
    #populate metadata
    $spItem["First Column"] = $FileNameArray[0]
    $spItem["Second Column"] = $FileNameArray[1]
    $spItem.Update()
    $fileStream.Close();
    Again, this code works fine on my local machine but doesn't when I move this to the server. When I step through the code, I noticed that when I look at the data returned for my $folder variable in this snippet
    $folder = $web.getfolder($docLibrary)
    It shows the EffectiveRawPermissions to be "Open, BrowseUserInfo, UserClientIntegration" on the server...however, the EffectiveRawPermissions on my local machine is "FullMask". Does this have any effect on the ability of my code to be
    able to upload the files into SP on the server? I have never run into this issue, so am not sure how this makes sense...so I really appreciate any insight. Thanks
    I am getting this error when the code attempts to perform the "Add" function...
    Exception calling "Add" with "3" argument(s): "<nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied."
    At C:\PowerShellScripts\tester.ps1:70 char:3
    +         $spFile = $folder.Files.Add($folder.Url + "/" + $File.Name, $fileStream, $true ...
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : UnauthorizedAccessException
     ...Please help

    RunWithElevatedPriv basically impersonates the webapp's app pool account, which should have full control over the entire webapp... this would work, but is not recommended for several reasons:
    - first and foremost, you shouldn't NEED to bypass the SP security model
    - second and still important, the app pool may be hosting other webapps as well, so the risk of a bug causing security-related problems within the RunWithElev codeblock is no longer scoped to the current webapp, but also other webapps that share the same
    app pool account.
    - third, same as number two, but for service accounts, and possibly even the farm... not a good practice, but a lot of SP installs aren't configured correctly, so the entire farm may be using one account... now, the RunWithElev is not just a webapp admin,
    not just a multiple webapp admin, but may be able to affect service apps, or possibly the entire farm.
    - fourth, the audit info (created by, modified by) will reference the system account, instead of your account... not a very accurate audit trail in that case.
    If you have a legit need to add the files, you should be able to get the necessary permissions (which is basically just contribute within the library / folder) easily enough.
    Scott Brickey
    MCTS, MCPD, MCITP
    www.sbrickey.com
    Strategic Data Systems - for all your SharePoint needs

  • Access Denied Web Application with Claims authentication NTLM only when using secondary URL

    I have a SharePoint 2010 server farm with 2 web front ends, an application server and a database server.  Both front ends are internal to
    our network and are not behind a load balancer.
    NOTE THAT I HAD TO SUBSTITUTE hzzp with hzzp so that I had no links in the body of this post since I am not verified
    I setup a new web application called "SharePoint 41171" with:
    Public URL:
    hzzp://testserver1:41171
    Claims authentication
    NTLM only: no forms auth
    No SSL
    New web site "SharePoint 41171"
    New app pool
    New content database
    I create a top level site collection and name mydomain\myusername as the primary site collection admin
    I am able to access this site as expected at
    hzzp://testserver1:41171 with the aforementioned site collection owner id: mydomain\myusername
    I add an alternate access mapping for a secondary URL for this web application in the Intranet zone:
    hzzp://iwatest.mydomain.com
    So my AAMs for the site read as:
    hzzp://testserver1:41171    
    Default     hzzp://testserver1:41171
    hzzp://iwatest.mydomain.com    
    Intranet     hzzp://iwatest.mydomain.com
    When I attempt to log on to
    hzzp://iwatest.mydomain.com with the same user name and password, I get "access denied".
    I can access this site using
    hzzp://iwatest.mydomain.com if I log in as the farm account.  This is the only account that seems to work.
    Side Note: If I create a separate web application without claims - just NTLM and create the same AAMs, I can login fine with the same secondary
    URL and the same user name
    IP address properly maps to this machine.
    I reviewed the ULS logs and find the following:
    10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                    0x1724       SharePoint Foundation              Monitoring                   
                    nasq                        Medium    Entering
    monitored scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom))                
    10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                    0x1724       SharePoint Foundation              Logging Correlation Data     
          xmnv                        Medium    Name=Request (GET:hzzp://iwatest. mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)      
    8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
    10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                    0x1724       SharePoint Foundation              Logging Correlation Data     
          xmnv                        Medium    Site=/          8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
    10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                    0x1724       SharePoint Foundation              General                      
                       8e2s                        Medium 
      Unknown SPRequest error occurred. More information: 0x80070005       8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
    10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                    0x1724       SharePoint Foundation              Monitoring                   
                    b4ly                        Medium    Leaving
    Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)). Execution Time=8.66003919492561   8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
    Basically it tells me that access is denied.  I didnt see anything that stood out here.
    I found this article:
    hzzp://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/ded9188b-ee03-4ef0-bb50-3ad138110e0c, which pointed me in the direction of ensuring that the portal
    super user and portal reader accounts were properly added to my web application.  I followed the every popular article on doing this:
    hzzp://technet.microsoft.com/en-us/library/ff758656.aspx, but still no luck.  As per the thread, I added the 2 domain accounts to the user policy with appropriate privilege
    and then set them as the super user and super reader accounts via powershell, and yes I did prefix those names with "i:0#.w|mydomain\".  To be exta sure, I repeated this for all web applications on this server with slightly different powershell steps
    depending on wether or not claims was enabled on the web application.
    The Claims to Windows Token Service is running.
    I saw some mention of ensuring that the secure token service is running with a proper application pool account, but we are not running that service
    and I cant imagine what that would have to do with my situation.
    I have deleted and readded the web application and repeated these steps to no better effect.
    I gave the mydomain\myusername full control for the web application through the user policy, ensured that it was indeed the primary site collection
    owner and added it to the default site owners group.  None of this helped.
    I changed the application pool account to the farm account.  No change in behavior.
    Rebooted IIS and the machines many times along the way.
    Further, when I attempt to sign in as a different user after being denied, I get "an unexpected error has occured message.  I found the following
    in ULS:
    10/30/2012 11:19:03.71 w3wp.exe (0x182C)                      
    0x1210  SharePoint Foundation                 Logging Correlation Data                     
    xmnv     Medium               Name=Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
    cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
    10/30/2012 11:19:03.71 w3wp.exe (0x182C)                      
    0x1210  SharePoint Foundation                 Logging Correlation Data                     
    xmnv     Medium               Site=/    cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
    10/30/2012 11:19:03.72 w3wp.exe (0x182C)                      
    0x1210  SharePoint Foundation                 General                      
             8e2s                Medium               Unknown SPRequest error occurred.
    More information: 0x80070005      cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
    10/30/2012 11:19:03.72 w3wp.exe (0x182C)                      
    0x1210  SharePoint Foundation                 Runtime                      
            tkau                Unexpected       System.NullReferenceException: Object reference not set to an instance
    of an object.    at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser()     at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()    
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)            cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
    10/30/2012 11:19:03.74 w3wp.exe (0x182C)                      
    0x1210  SharePoint Foundation                 Monitoring                        
    b4ly                Medium               Leaving Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)).
    Execution Time=22.5439266722447           cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
    By the way, this occurs for the farm account also after a successful login and an attempt to sign in as a different user.
    Any help would be greatly appreciated

    Thanks spadminspadmin:
    I have, though I am not sure that what I've added there is correct:
    The URL that I am trying to use to access the web application's IIS site is hxxp://iwatest.mydomain.com.  I added a binding to the IIS site as follows:
    Type    Host name                      port        IP address
    http     iwatest.mydomain.com     41171     *
    Is that correct?

  • Get AccessControlException(access denied) when refresh page

    Our applet have AccessControlException when refresh the ie browser but the first time open no such a problem! And when we use other host which use a different proxy no such a problem either. Don't know why , is it the problem of proxy?
    any idea ? many thanks!
    here is the log:
    INFO - Wed Jan 16 16:09:30 EST 2008: getResponseTime Debug1-- openConnection time: 0ms
    network: Connecting https://hostname/_en.html with proxy=HTTP @ proxyname:8080
    network: Connecting https://hostname/_en.html with cookie "BCSI-CSA1021104=2"
    INFO - Wed Jan 16 16:09:34 EST 2008: getResponseTime Debug3-- getInputStream time: 4500ms
    liveconnect: Invoking JS method: ua
    INFO - Wed Jan 16 16:09:34 EST 2008: Log page URL -- https://hostname/result.html?timestamp=Wed Jan 16 16:09:34 EST 2008&ip=''&jvm=Sun Microsystems Inc.,1.5.0_14&os=Windows XP,5.1&echo_time=4500ms&UserAgent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
    INFO - Wed Jan 16 16:09:34 EST 2008: logUsrInfo Debug5-- openConnection time: 0ms
    INFO - Wed Jan 16 16:09:34 EST 2008: JVM version checking passed!
    +(the first time open page can pass!)+
    liveconnect: Invoking JS method: showApplication
    basic: Stopping applet ...
    basic: Finding information ...
    basic: Releasing classloader: sun.plugin.ClassLoaderInfo@134e4fb, refcount=0
    basic: Caching classloader: sun.plugin.ClassLoaderInfo@134e4fb
    basic: Current classloader cache size: 1
    basic: Done ...
    basic: Removed progress listener: sun.plugin.util.GrayBoxPainter@1be0f0a
    basic: Joining applet thread ...
    basic: Destroying applet ...
    basic: Disposing applet ...
    basic: Joined applet thread ...
    basic: Unregistered modality listener
    basic: Quiting applet ...
    basic: Registered modality listener
    liveconnect: Invoking JS method: document
    liveconnect: Invoking JS method: URL
    basic: Referencing classloader: sun.plugin.ClassLoaderInfo@134e4fb, refcount=1
    basic: Added progress listener: sun.plugin.util.GrayBoxPainter@50988
    basic: Loading applet ...
    basic: Initializing applet ...
    basic: Starting applet ...
    basic: Referencing classloader: sun.plugin.ClassLoaderInfo@134e4fb, refcount=2
    basic: Releasing classloader: sun.plugin.ClassLoaderInfo@134e4fb, refcount=1
    INFO - Wed Jan 16 16:09:44 EST 2008: getResponseTime Debug1-- openConnection time: 0ms
    network: Connecting https://hostname/fx-canada/login_detail_fr-ca.html with proxy=HTTP @ proxyname/
    network: Server https://hostname/fx-canada/login_detail_fr-ca.html requesting to set-cookie with "BCSI-CSA1021104=2; Path=/"
    INFO - Wed Jan 16 16:09:48 EST 2008: getResponseTime Debug4-- throw exception time: 4515ms
    WARN - Wed Jan 16 16:09:48 EST 2008: Cannot get system response time!
    java.security.AccessControlException: access denied (java.net.SocketPermission hostname:8080 connect,resolve)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.proxiedConnect(Unknown Source)

    The security credentials for a JMS "send" operation are not taken from the username and password that you pass to the "createConnection" method, but from the security login context in effect when you call "send". So, if you want this to happen using a particular security context, you need to make sure that you have set this up before you make the call.
              There are a number of ways to do this in WLS. Your best bet would be to check the security documentation, or do ask on the security newsgroup for the best way to do this in 8.1.

  • Access denied on applet in broswer - fine in applet viewer

    I have written an applet that access a php file and sends a post message. I have tested the applet with the applet viewer and it succeeds each time. When I put the applet on a web page I get the following error:
    access denied (java.net.SocketPermission libraries.cjt-design.com:80 connect,resolve)
    Any help is appreciated.
    The code is as follows:
                   try {
                        message = code + "&" + toMessage + "&" + fromMessage + "&" + subjectMessage + "&" + bodyMessage;
                        URL url;
                        HttpURLConnection urlConn;
                        PrintWriter out;
                        url = new URL(target);
                        urlConn = (HttpURLConnection) url.openConnection();
                        urlConn.setRequestMethod("POST");
                        urlConn.setRequestProperty("Referer", "http://libraries.cjt-design.com/index.html");
                        urlConn.setDoOutput(true);
                        urlConn.setDoInput(true);
                        urlConn.setUseCaches(false);     
         out = new PrintWriter(urlConn.getOutputStream());
         out.print(message);
         out.close();
              InputStream is = urlConn.getInputStream();
              // any response?
              InputStreamReader isr = new InputStreamReader(is);
              BufferedReader br = new BufferedReader(isr);
                             String s = "";
                             String response = "";
              while ( (s = br.readLine()) != null)
                                  response += s;
              is.close();
                        statusLabel.setText(response);
                        statusLabel.invalidate();
                   } catch (Exception e) {
                        String error = e.getMessage();
                        jEditorPane1.setText(error);
                        error = "Server Exception Occurred - Please try again later.";
                        statusLabel.setText(error);
                        statusLabel.invalidate();
                   }

    1. Why does it work from the applet viewer and not
    the webpage.Appletviewer is in effect a Java application so it runs using the Java application security manager which by default gives an application almost unlimited access to the machine it runs on.
    Running an Applet from a Web page runs the Applet constrained by the Applet security manager. By default, the Applet security manager assumes that anything that is downloaded from the web is untrusted so severely limits what an Applet can do. A signed Applet is assumed to be trusted if the certificate chain points back to one of the certificate roots such as Verisign.
    You can use self signing for test purposes and then a client will be asked whether or not he trusts the Applet.
    2. How do I make the jar file signed?http://java.sun.com/docs/books/tutorial/jar/sign/signing.html
    http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
    http://java.sun.com/developer/onlineTraining/Security/Fundamentals/magercises/Signtool/help.html

  • Problem with access denied

    Help, im using an applet to try to communicate to my db postgre using hibernate and im getting this:
    25/09/2005 12:51:31 PM org.hibernate.connection.DriverManagerConnectionProvider configure
    INFO: autocommit mode: false
    25/09/2005 12:51:31 PM org.hibernate.connection.DriverManagerConnectionProvider configure
    INFO: using driver: org.postgresql.Driver at URL: jdbc:postgresql://pulso.myip.org/Inforuta
    25/09/2005 12:51:31 PM org.hibernate.connection.DriverManagerConnectionProvider configure
    INFO: connection properties: {user=inforuta, password=****}
    25/09/2005 12:51:37 PM org.hibernate.cfg.SettingsFactory buildSettings
    WARNING: Could not obtain connection metadata
    org.postgresql.util.PSQLException: Algo inusual ha ocurrido que provoc� un fallo en el controlador. Por favor reporte esta excepci�n.
         at org.postgresql.Driver.connect(Driver.java:249)
         at java.sql.DriverManager.getConnection(Unknown Source)
         at java.sql.DriverManager.getConnection(Unknown Source)
         at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
         at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:72)
         at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:1463)
         at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1004)
         at bd.hibernate.HibernateUtil.currentSession(HibernateUtil.java:52)
         at bd.controlador.CLetrero.ListarLetreros(CLetrero.java:45)
         at Interfaz.InterfazOperador.init(InterfazOperador.java:49)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Caused by: java.security.AccessControlException: access denied (java.net.SocketPermission pulso.myip.org resolve)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkConnect(Unknown Source)
         at java.net.InetAddress.getAllByName0(Unknown Source)
         at java.net.InetAddress.getAllByName0(Unknown Source)
         at java.net.InetAddress.getAllByName(Unknown Source)
         at java.net.InetAddress.getByName(Unknown Source)
         at java.net.InetSocketAddress.<init>(Unknown Source)
         at java.net.Socket.<init>(Unknown Source)
         at org.postgresql.core.PGStream.<init>(PGStream.java:58)
         at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:77)
         at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:65)
         at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:117)
         at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
         at org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
         at org.postgresql.Driver.connect(Driver.java:235)
         ... 11 more
    25/09/2005 12:51:37 PM org.hibernate.dialect.Dialect <init>
    INFO: Using dialect: org.hibernate.dialect.PostgreSQLDialect
    25/09/2005 12:51:37 PM org.hibernate.transaction.TransactionFactoryFactory buildTransactionFactory
    INFO: Using default transaction strategy (direct JDBC transactions)
    I tried to sign the postgre jar but it didnt worked. Help plz.

    Caused by: java.security.AccessControlException: access denied (java.net.SocketPermission pulso.myip.org resolve)
    If you run the applet in appletviewer, provide a fullpermission policy file with it.
    http://java.sun.com/docs/books/tutorial/security1.2/tour1/step3.html
    When you publish the applet and run it in a browser then sign it (in such a way that it works).
    http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
    second post and last post for the java class file using doprivileged
    Still problems?
    A Full trace might help us out:
    http://forum.java.sun.com/thread.jspa?threadID=656028

  • Activation Error - Access Denied when activating windows 2008 R2

    I have a Windows 2008 R2 server, which was activate, now suddenly its giving an activation required message, when I try to apply my lic. key it gives an error
    Windows Server 2008 R2 Activation Error 0x80070005 
    Access Denied
    I want the error to be resolved.

    Hi,
    This issue may be caused by: 
    Lack of permission
    Missing registry entries
    Please try the method as Dave mentioned.
    In addition, you could refer to this article for more detail information:
    Activation Issue - The following Failure occurred while trying to use the product by: Code: 0x80070005 Description: Access is denied
    http://panerarichang.blogspot.com/2012/02/activation-issue-following-failure.html
    Please feel free to let us know if you have any update.
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Access denied against DP for untrusted clients

    Hi,
    I have an SCCM 2012 R2 environment.
    There are a few clients in an untrusted domain behind a firewall.
    DP's and MP's are not configured for SSL. The following ports have been opened to the MP and DP's.
    TCP 80
    TCP 10123
    TCP 2710
    DNS or AD for the untrusted servers have not been extended with SCCM data.
    Clients were installed on the untrusted servers using the SMSMP switch.
    After installation the clients appeared in SCCM and were manually approved.
    Boundaries exist for the lcients associated with the correct boundary group for site system assignment
    Since installation the clients have successfully discovered MP's, DP's and performed inventories
    There is however a problem with software deployment.
    The clients try to download content as expected from the correct DP's however the log files show 80070005 therefore access denied.
    There is anetwork access account configured for the site which definatley works because we have no OSD issues.
    Am I right in thinking that these untrusted clients should revert to using the network access account when they get an access denied ?
    If so what may prevent them from doing this
    Thanks,
    Jim

    Hi Jason,
    The clients are running server 2012 R2
    Here are some log snippets with server names and site codes editied.
    CAS.LOG
    Location update from CTM for content xxx00043.2 and request {D6BA950D-1DB5-4FDE-8B61-C73A3D4A96A6} ContentAccess 11/01/2015 02:06:57 5392 (0x1510)
    Download location found 0 - http://server1/SMS_DP_SMSPKG$/xxx00043 ContentAccess 11/01/2015 02:06:57 5392 (0x1510)
    Download location found 1 - http://server2/SMS_DP_SMSPKG$/xxx00043 ContentAccess 11/01/2015 02:06:57 5392 (0x1510)
    Download location found 2 - http://server3/SMS_DP_SMSPKG$/xxx00043 ContentAccess 11/01/2015 02:06:57 5392 (0x1510)
    Download request only, ignoring location update ContentAccess 11/01/2015 02:06:57 5392 (0x1510)
    Download started for content xxx00043.2 ContentAccess 11/01/2015 02:06:57 3872 (0x0F20)
    Download failed for content xxx00043.2 under context System, error 0x80070005 ContentAccess 11/01/2015 02:06:58 5392 (0x1510)
    Download failed for download request {D6BA950D-1DB5-4FDE-8B61-C73A3D4A96A6} ContentAccess 11/01/2015 02:06:58 5392 (0x1510)
    Raising event:
    [SMS_CodePage(850), SMS_LocaleID(2057)]
    instance of SoftDistDownloadFailedEvent
     ClientID = "GUID:820D9280-13A5-4295-9250-CF675073FF35";
     DateTime = "20150111020658.235000+000";
     MachineName = "client";
     PackageId = "xxx00043";
     PackageName = "xxx00043";
     PackageVersion = "2";
     ProcessID = 4188;
     SiteCode = "S01";
     ThreadID = 5392;
     ContentAccess 11/01/2015 02:06:58 5392 (0x1510)
    Successfully raised Download Failed event. ContentAccess 11/01/2015 02:06:58 5392 (0x1510)
    ContentTransferManager.log
    Starting CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571}. ContentTransferManager 11/01/2015 06:06:58 6528 (0x1980)
    Created CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} for user S-1-5-18 ContentTransferManager 11/01/2015 06:06:58 6528 (0x1980)
    Created and Sent Location Request '{0D80A8A2-2E69-47E6-9E22-419F6612DB85}' for package xxx00043 ContentTransferManager 11/01/2015 06:06:58 4672 (0x1240)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA ContentTransferManager 11/01/2015 06:06:58 4672 (0x1240)
    Queued location request '{0D80A8A2-2E69-47E6-9E22-419F6612DB85}' for CTM job '{369AA46C-CF9F-4DD2-AE50-45874D28F571}'. ContentTransferManager 11/01/2015 06:06:58 4672 (0x1240)
    Persisted locations for CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571}:
     (LOCAL) http://server1/SMS_DP_SMSPKG$/xxx00043
     (LOCAL) http://server2/SMS_DP_SMSPKG$/xxx00043
     (LOCAL) http://server3/SMS_DP_SMSPKG$/xxx00043 ContentTransferManager 11/01/2015 06:06:58 6132 (0x17F4)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} (corresponding DTS job {4E1EF8CA-6985-4D42-99F0-3107B7589CA6}) started download from 'http://server1/SMS_DP_SMSPKG$/xxx00043' for full content download. ContentTransferManager 11/01/2015 06:06:58 6132
    (0x17F4)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA ContentTransferManager 11/01/2015 06:06:59 3204 (0x0C84)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} switched to location 'http://server2/SMS_DP_SMSPKG$/xxx00043' ContentTransferManager 11/01/2015 06:06:59 3204 (0x0C84)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA ContentTransferManager 11/01/2015 06:06:59 6528 (0x1980)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} switched to location 'http://server3/SMS_DP_SMSPKG$/xxx00043' ContentTransferManager 11/01/2015 06:06:59 4672 (0x1240)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA ContentTransferManager 11/01/2015 06:06:59 304 (0x0130)
    CTM job {369AA46C-CF9F-4DD2-AE50-45874D28F571} encountered error 0x80070005 during download ('Error processing manifest.')- The error maps to denied access. ContentTransferManager 11/01/2015 06:06:59 6528 (0x1980)
    Let me know if any other specific log files will give more clues
    Thanks,
    Jim

Maybe you are looking for

  • Receiver file adapter settings

    Hi, I have a scenario in which I need to generate a file in tab delimited format. But in the receiver file adapter configuration we have only text/binary file creation mode. By setting the File Type in “TEXT” mode will I be able to do a tab de-limite

  • Itunes/laptop wont recognise Iphone

    My itunes/laptop wont recognise my Iphone 4s since Itunes update. It would let me charge and makes a funny noise when I try to connect. I've deleted Itunes and restarted again, rebooted my phone, reset it, and checked my firewall and still nothing..

  • Mapping with case insensitivity in Filter operator expression

    I need to import data from an ODS into DW table. How can I set this before a certain mapping is run to make it case insensitive? execute immediate 'alter session set NLS_SORT=BINARY_CI'; execute immediate 'alter session set NLS_COMP=LINGUISTIC'; Than

  • What happens when 2 phones have the same icloud account?

    Can this effect wipe out or over write a backup? I backed up my phone before downloading os6.1.2. When I tried restoring I got my sons contacts and I don't see my backup. I can't believe it's total gone. Thanks

  • Installing adobe premiere elements 12

    Im trying to install adobe premiere elements 12 on my mac os, & im getting a message telling me my OS isnt big enough, what do I do please?