4 Replies Latest reply on Apr 9, 2015 10:16 AM by lshunnarah

    Access denied when adding user to Security Roles

    pigeon

      I just tried to extend the usage of Patch Manager to our Service Desk who will be using the reporting features, but I got this error message.

       

      Source: Csla

      Exception occurred at 22/01/2013 10:52:03 AM: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

      DataPortal_Update method call failed

      DataPortal.Update failed

      Stack:    at AZROLESLib.IAzRole.AddMember(String bstrProp, Object varReserved)

         at EminentWare.BusinessObjects.Security.AzManRole.AddMember(String textualsid)

         at EminentWare.BusinessObjectLayer.Role.DataPortal_Update()

         at Csla.MethodCaller.CallMethod(Object obj, MethodInfo info, Object[] parameters)

         at Csla.MethodCaller.CallMethod(Object obj, String method, Object[] parameters)

         at Csla.Server.SimpleDataPortal.Update(Object obj, DataPortalContext context)

         at Csla.DataPortal.Update(Object obj)

         at Csla.DataPortal.Update[T](T obj)

         at Csla.BusinessBase`1.Save()

         at EminentWare.BusinessObjectLayer.Role.Save()

         at EminentWare.UI.Management.CredentialManagementViewControl.AddRoleMember()

         at EminentWare.UI.Management.CredentialManagementViewControl.OnSelectedAction(Action action, AsyncStatus status

       

      The account I am trying to add is a domain account. I can browse the OU's and select and add the account successfully but when I click to finish, the error occurs.

       

      I've read the other discussions on "Access denied" errors for the DataPortal but they don't seem to be the same as my error.

       

      I have checked the permissions of the regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup

      The local Users group has Read. The local Administrators groups has Full Control. The account I connect to PM with is a local Administrator of the server and an Eminentware Enterprise Administrator.

       

      I don't have an "ewdgssvc" account. The Data Grid Server is started using a domain based service account. This account is a local Administrator also.

       

      My Patch Manager and WSUS server are on the same box.

       

      Any help would be greatly appreciated.

        • Re: Access denied when adding user to Security Roles
          callidus

          I had the same error and had to do some testing together with support. The root cause could not be identified. But the following steps "helped":

          • Create a domain security group for each solarwinds security role if not already done so
            • Make sure the domain controller replication is done
            • Keep the names simple: no special characters and not too long. You should be able to change it afterwards as internally the SID is used.
            • Even if you do not need every security rule: do it. If the following does work to bypass the error you will never have to deal with it again.
          • Identify which account is used by the "EminentWare Data Grid Server" service
          • Log in to your Patchmanager server as GridUser
          • Ensure that this user has full control on "C:\Program Files\EminentWare\Server\EminentWare.BusinessObjects.xml"
          • Restart the "EminentWare Data Grid Server" service
            • Do not restart the whole server
          • Log In to the management console
          • Try adding the created security groups to the security roles

           

          This did the trick for me. But: I had to do the last three steps twice.

          1 of 1 people found this helpful
            • Re: Access denied when adding user to Security Roles
              pigeon

              The response from callidus helped me to resolve the issue.

              This is what I did.

              1. Logged in to the Patch Manager server with the account used for the Eminentware Data Grid Server service (normally login with a local Administrator/Eminentware Enterprise Administrator account).

              2. Added my own domain account to the "Eminentware Enterprise Administrators" role.

              3. Reconnected to Patch Manager with my domain account.

              4. Problem sovled. Able to add other users and groups to the Security Roles without error

              Thanks very much.

              • Re: Access denied when adding user to Security Roles
                lshunnarah

                This procedure, minus creating the equiv domain groups, worked for me.  I too had access indirectly, but through the PAS server's local administrator group.  Either way, logging in as the DataGrid service account, restarting the ewdg service allowed me to add my own domain account as well as the ones I was initially trying to add which started my issue.

                 

                Thanks!