Software can't create folder on windows 2012 shared folder
there's a shared folder on windows 2012 server. We have a customized software which accesses the folder and create folders under the shared folder. But it can't. there's no error message because it's compiled software and can't show the error detail.
I checked permission on the shared folder and tried to create/delete folder using Windows Explorer and CMD from the trouble machine and others, it goes through. So, I don't think it's the permission problem to the folder and domain users. Something has to do with the software can't create the folder on it.
We just replaced the server from windows 2003 to windows 2012, and the software vender keeps saying something has to do with windows permission. could it be UAC thing?
I checked permission on the shared folder and tried to create/delete folder using Windows Explorer and CMD from the trouble machine and others, it goes through. So, I don't think it's the permission problem to the folder and domain users. Something has to do with the software can't create the folder on it.
We just replaced the server from windows 2003 to windows 2012, and the software vender keeps saying something has to do with windows permission. could it be UAC thing?
ASKER
Below is the log matches with the error in event viewer/security, I guess.
Event ID 4625
==========================
An account failed to log on.
Subject:
Security ID: Domain\user1
Account Name: xxxxx
Account Domain: Domain
Logon ID: 0x6CD4A
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Guest
Account Domain: SERVER-A
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x11b0
Caller Process Name: C:\Windows\explorer.exe
Network Information:
Workstation Name: SERVER-A
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event ID 4625
==========================
An account failed to log on.
Subject:
Security ID: Domain\user1
Account Name: xxxxx
Account Domain: Domain
Logon ID: 0x6CD4A
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Guest
Account Domain: SERVER-A
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x11b0
Caller Process Name: C:\Windows\explorer.exe
Network Information:
Workstation Name: SERVER-A
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
ASKER
the server rejects the application accessing the shared folder because the application or any service on the workstation accessing the shared folder on behalf of the application doesn't even have 'everyone' permission. What could it be??? is there any level of user group denied where everyone is allowed? Maybe, if the account used by the application is disabled. But how the hell do I find what user it uses to access the folder and how do I change it?
By the way, the shared folder on server A is mapped to K drive on workstation.
By the way, the shared folder on server A is mapped to K drive on workstation.
ASKER
didnt' mention that the domain is windows 2003 still..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think it's not the application's fault using the guest account of the server to create folder. Because the old server which was replaced, also have guest account was already disabled and it worked fine. My guess is new Windows 2012 assigns its account(guest or whatever) to whoever tries to access the local resource.
Do you know what service is related to giving access to shared folder? Network Location Awareness doesn't seem it is.
I'm totally fine with share/file permission.
Do you know what service is related to giving access to shared folder? Network Location Awareness doesn't seem it is.
I'm totally fine with share/file permission.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The application runs on client PC.
It accesses through mapped drive.
it runs by user interaction. User logs onto the application. Once the user clicks a button to scan images, the application checks if the mapped drive/folder has sub folder to store the image, then if the folder doesn't exists, it creates it.
It accesses through mapped drive.
it runs by user interaction. User logs onto the application. Once the user clicks a button to scan images, the application checks if the mapped drive/folder has sub folder to store the image, then if the folder doesn't exists, it creates it.
ASKER