Solved

Software can't create folder on windows 2012 shared folder

Posted on 2013-01-07
8
611 Views
Last Modified: 2013-01-29
there's a shared folder on windows 2012 server. We have a customized software which accesses the folder and create folders under the shared folder. But it can't. there's no error message because it's compiled software and can't show the error detail.

I checked permission on the shared folder and tried to create/delete folder using Windows Explorer and CMD from the trouble machine and others, it goes through. So, I don't think it's the permission problem to the folder and domain users. Something has to do with the software can't create the folder on it.
We just replaced the server from windows 2003 to windows 2012, and the software vender keeps saying something has to do with windows permission. could it be UAC thing?
0
Comment
Question by:crcsupport
  • 6
8 Comments
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
I don't know but it seems like the software keeps trying to use guest account in event viewer. Does anyone have any similar problem like this? software accesses as guest account to the shared folder in windows 2008/2012???
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
Below is the log matches with the error in event viewer/security, I guess.

Event ID 4625
====================================================


An account failed to log on.

Subject:
      Security ID:            Domain\user1
      Account Name:            xxxxx
      Account Domain:            Domain
      Logon ID:            0x6CD4A

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            Guest
      Account Domain:            SERVER-A

Failure Information:
      Failure Reason:            Account currently disabled.
      Status:                  0xC000006E
      Sub Status:            0xC0000072

Process Information:
      Caller Process ID:      0x11b0
      Caller Process Name:      C:\Windows\explorer.exe

Network Information:
      Workstation Name:      SERVER-A
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            Advapi  
      Authentication Package:      Negotiate
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
the server rejects the application accessing the shared folder because the application or any service on the workstation  accessing the shared folder on behalf  of the application doesn't even have 'everyone' permission. What could it be??? is there any level of user group denied where everyone is allowed?  Maybe, if the account used by the application is disabled. But how the hell do I find what user it uses to access the folder and how do I change it?

By the way, the shared folder on server A is mapped to K drive on workstation.
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
didnt' mention that the domain is windows 2003 still..
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 300 total points
Comment Utility
go back to the vendor and inquire why it opens files using the guest account.. since the guest account is disabled on the server it will always fail unless you enable the guest account (a poor work-around), try it and see if that fixes your problem.

Don't forget that there are 'share permissions' and 'file permissions' the most restrictive one wins.

The application should be using the user account of the user that is running the program or the 'service account' if it is a service.
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
I think it's not the application's fault using the guest account of the server to create folder. Because the old server which was replaced, also have guest account was already disabled and it worked fine. My guess is new Windows 2012 assigns its account(guest or whatever) to whoever tries to access the local resource.
Do you know what service is related to giving access to shared folder? Network Location Awareness doesn't seem it is.

I'm totally fine with share/file permission.
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 200 total points
Comment Utility
Hi,

Does the application run on the Client PCs or the server?

Does the applicaiton access the share via UNC paths or via theMapped drive letter on the clients?

does the application run by user interation or is it run via a service or scheduled task?
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
The application runs on client PC.
It accesses through mapped drive.
it runs by user interaction. User logs onto the application. Once the user clicks a button to scan images, the application checks if the mapped drive/folder has sub folder to store the image, then if the folder doesn't exists, it creates it.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now