NCM firmware repository access

Been working with tech support for a bit on this but still no answers yet.  I am currently running 2020.4 for NCM.  when i go to add the repository through NCM settings for firmware upgrades i get " Unable to access to network share using specified credentials"  When i go to add the credentials under network share settings to give ncm write access i get "Incorrect credentials on (orion server name)"  I can use the same credentials from the poller to map a network drive to teh share no problem,  the account has full control permissions on the share.  I was able to lock the account out by putting a bad password in either setting so it seems like it is talking to active directory at least.   I have verified I can use a local account on the poller and point it to a local folder so the basic functionality seems to work just not when trying a network share.

The only articles I have found so far were for error if you had incorrect credentials, which i can prove they work just fine from the primary orion server or any other windows machine on my network by mapping drives with the credentials.  

  • Did you ever figure out the issue you were having? I am having the same issue and can't figure out what's wrong :( 

  • I figured it out. 

    The AD user needs the login locally setting configured in GPO:

    Windows Computers/Servers (not Domain Controllers)

    1. Open the Local Group Policy Editor (gpedit.msc) on the affected Windows computer/server, or the Group Policy Management Console (gpmc.msc) on the domain controller if editing the GPO for all domain-joined computers/servers. 
    2. If editing the GPO for all domain computers in GPMC, select Default Domain Policy. If not, skip this step.
    3. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
    4. Configure both "Allow log on locally" as well as "Allow log on through Remote Desktop Services" rights to include the users/groups that will be logging into any Windows computers/servers (not domain controllers) protected with Duo Windows Logon.
    5. Ensure that Deny logon locally is not applied to the same users/groups. If applied, this policy will override "Allow log on locally" and you will not be able to log in successfully. 
    6. Run a gpupdate /force command on the computer, or reboot the computer, to apply the group policy changes.

    That's the rough steps. 

  • Yeah we found that as well.

    is the KB support created from my ticket.  Although I found only needed log on locally on the orion server not the repository server.  Also I had a domain GPO that was over writing the local one.   So had to work with those administrators to get an updated GPO.  After that no problem validating.