Network and Storage Protocols

Offline files synchronization - Access is denied

p_golding

Hi everyone.

We are using Cifs on our filer and everything is Hunky Dory except for offline file synchronization for our laptop users.

When they try to sync they get an access denied error (see attached). The user have full control over the folders/files, I have made them owners and made sure all rights are propergated down.

Using the same rights offline synching works fine on our SAN or direct storage solutions

Now to the very odd part If I log onto the laptop as an adminstrator sync'ing works fine to the filer (to the same users files that not sync'ing) - when i log back in as the user, syncing there on works fine

I'm totally stumped and I would be grateful for any idea, hints of leads that you could give

cheers

Paul

16 REPLIES 16

ming_hui

ikbenben4848

Hi All,

We have version 7.3.2P2 but we still have the problem.

Is there a fix for the fix or any other suggestions?

kind regards,

Ben

ken_balich

We have 7.3.3 and still have the problem.....here is what I know of the issue.

We set up a home directories share (just like the documentation says).  This next step should not matter, but we create the user home directory share through Active Directory.  We use the Home Folder connect radio button and path under the Profile tab of each user.  It is great because it automatically creates the folder and assigns the appropriate permissions....

Okay so then I now have home directories in the vol/authhome directory.  So lets take for example a user named 'jdoe'.  Jdoe logs in and gets a map of H:\authhome\jdoe$.  However they are fully able to UNC to \\filer\jdoe$, so the shares are working perfect at this point.  When that user goes through explorer and expands the mapped share, right clicks on ANY folder and says make available offline, you get access denied errors.  I am 99.999% sure the access denied errors are coming from the authhome share.  If we disconnect the share and remap using \\filer\jdoe$ the offline sync works fine.

So, in all of this I am not certain how else to do the shares.  I went them to automatically map when a user logs into windows, but you can't make a home directory any other way than having a root share first.  in my case authhome......so I am convinced it doesn't matter what version you are running you are not going to get this to work. 

anthonyyates

Hi,

Just thought I'd add my experience as we've just set-up a new Win7/Win2008 R2 environment with home folders on a NetApp filer.

We have folder redirection set-up and offline files and we found at first that re-direction worked fine but offline synchronization would fail with access denied.

The key with offline sync is permissions on the root home folder share. For folder re-direction only the home share only needs the following permissions: -

Creator Owner - Full Control - Sub Folders and Files Only

Administrators - Full Control - This Folder, Sub Folders and Files (Can be different if you don't want Admins to have access to personal user data)

SYSTEM - Full Control - This Folder, Sub Folders and Files

Users - Create Folder/Append Data & List Folder/Read Data - This Folder Only

Note: Users can be Domain Users, Authenticated Users, Everyone or a specific group depending on how secure you want to be.

Now the key for us to get offline sync to work was to change the User permission to have the following access: -

Users: -

Create Folder/Append Data

List Folder/Read Data

Read Attributes

Read Extended Attributes

Read Pemissions

- This Folder Only

We still have one issue where offline files goes into a disconnected state randomly even if connected directly to the network. Sometimes it comes back itself after a few minutes and sometimes it requires a reboot.

Anyway, hope it helps.

Anthony

ming_hui

i have problem with both offline file for data folder and terminal profile folder, client version xp sp3, ontap version 7.3.1, anyone can help me?

BrendonHiggins

Small world. I now have the same issue with Windows 2003 'TS' profiles to a FAS3070 ~ OnTap 7.2.4P8

error message says ~ unable to load profile. Can open the cifs share no problem from the session once it starts however....

kusek

Paul,

Are you experiencing this problem with the following:

All Files

All Users

All shares presented offline

This can help to determine where and how the problem may exist in your environment.

If you happen to have the CSC tool, you can use that to take a look at your local cache of data on your workstation and see what might be going on and any issues at fault. I've seen problems like this in the past, especially in contexts where you have shared machines, or users who lack Administrative access to their local machine (Independent of filer)

As an entirely local problem, you may want to try re-initializing the local CSC cache for Offline shares

How to re-initialize the offline files cache and database

At least, we'd be able to collect additional data and have somewhere to go from to help determine what might be going on and at fault.

Let us know if this helps at all, and if I come across something else I'll be sure to let you know!

Christopher

p_golding

Hi Chris

We have one filer online at present and its holding all our users 'personal data' we will be moving all our 'work' and mail data etc across, but first off we need to sort out this offline file problem

I re-initialized the local CSC cache and no joy.

BrendonHiggins

Are you still having problems?

p_golding

Unfortunatley Yes

akiendl

is the error always on the same file?

If so looking at the file using fsecurity might give some conclusions (perhaps permissions on the file?).

Is the file having a read only attribute?

What OS are you running?

Regards,

ak.

p_golding

Hi Andreas

Its on a variety of files and folders and the permissions are standard on each

From the workstations we are running XP SP2

akiendl

as no one has asked so far what ontap release are you running on?

Just out of curiosity can you please post the fsecurity show commands for the files? (you can anonymize most of it).

Is it reproducable on certain files? Or does it not always happen on the same file? If it is reproducable we could look into what a trace is telling us.

Regards,

ak.

BrendonHiggins

You can use the

cifs shares

command to see what you have the permissions set to

Also have a look at

http://support.microsoft.com/kb/307853/EN-US/

It should work as we have it here.

Also have a go with

wcc

To see what the filer has configed

p_golding

Hi

Thanks for your reply, I checked the share permissions

(result below)

users$ /vol/vol_users/users

... automatic program caching enabled

everyone / Full Control

I tried all settings through 'manage' , the changes were visable through the Filer but still no joy.

I'm going to stop and start sharing tonight (600 connected users atm) see if that makes any difference

Any other ideas going forward would be fantastic

cheers

Paul

BrendonHiggins

For testing ONLY.

You could try turning off CIFS security.

http://communities.netapp.com/message/4161#4161

This would show that it is a permissions/authentication issue rather than a connectivity fault.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public