NET USE copy no longer works, but mapped drive to same Share and copy/paste does work?!?

I have a Shared folder named "SourceCode" on a Windows Server 2008 R2 server.  I have a bat file that runs on a Windows Server 2003 server once a night to copy any changed or new files from the 2008 server Share.  This bat file ran fine when the source server was running Windows 2003.  Now that the source server is 2008 the bat file fails.  I created a user account on the 2008 server named "Backup" with Read/Execute/List permissions.  The Shared folder has "Include inheritable permissions from this object's parent" checked.  The NET USE command "Completes Successfully", but the XCOPY command fails with "Access denied".  If on the destination server (2003), I map a drive to the Shared Source Code folder on the 2008 server, I can copy/paste the file that failed with the NET USE connection just fine.

Any ideas why that is and how I can fix it?

This is the contents of the bat file I'm using:

NET USE X: \\155.138.213.111\Sourcecode password /USER:Backup
XCOPY X:*.* E:\SourceCode\ /D /E /Y
NET USE X: /DELETE
sqdperuAsked:
Who is Participating?
 
serialbandConnect With a Mentor Commented:
You actually don't need the NET USE command with robocopy, since it's connecting to the remote share.

If you really want to mount the drive and copy the files from the mounted partition, then you can shorten the robocopy command

NET USE X: \\155.138.213.111\Sourcecode password /USER:PSQLDEV1\Backup
robocopy X:\ E:\SourceCode /mir /e /v /COPY:DATSO /w:1 /r:1 /log:D:\SourceCopyLog.txt
NET USE X: /DELETE
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
try the full domain for the user:

eg:

NET USE X: \\155.138.213.111\Sourcecode password /USER:<MACHINENAME>\Backup

Also check the SHARE permissions (different than the file permissions).
0
 
JHallidayChief Technical OfficerCommented:
you could also use a robocopy script its a bit more resilient than xcopy.  The robocopy command line would be as follows

robocopy \\155.138.213.111\sourcecode e:\sourcecode /mir /e /v

this would create a mirrored copy of the source directory in the destination directory and also remove any files from the destination directory that had been removed from the source.  You can substitute /mir for /m to copy all files with archive bit set and reset it ready for the next run of the script.

Create a batch file with the robocopy script as above in and then set a scheduled task to run as the user with Read access to the source and Read Write access to the destination.

As @ged325 says make sure that the user has at least Read access to the Share on the source and also read permissions on the entire directory tree underneath the source share.

On the destination make sure the user has RW to the entire share and directory structure.

If you do get an error when running the script the chances are it is permission related

Hope this helps

Regards

Jon
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
sqdperuAuthor Commented:
ged325,  I tried adding the MachineName, and as before, it connects just fine, but the copy still fails.

I'm no Windows security expert, but everywhere I look by right-clicking the shared folder / properties,  it looks like everything for my "Backup" user has Read (and related) permissions.

Jon,  I've heard of robocopy and always presumed it was a purchased product.  I see it comes from MS.  It is not on my Windows Server 2003 (unrecognized in Cmd).  I don't need anything real-time and fancy.   I simply want to copy once a day the files/folders from the share that are new or have been changed (from a bat file).  I wonder if I can download it from MS.  Will have to look - would prefer my simple XCOPY to work though.

Thanks
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
Right click on the folder -> properties -> sharing -> permissions
and also
Security Permissions

There's a seperate set of permissions for people who can access the share, and those who can access the directory itself.  

So the folder itself could have read/write for everyone
but the share could have read for everyone, everyone would still only have read (taking microsofts approst of most restrictive / deny first).

Other than that anything in the event viewer?  (start -> eventvwr) for the windows security logs on either the source machine or the machine that you're running the bat?

How are you running the bat file on the 2008 machine?

If it's a scheduled task are you running it as backup or local/network service?

Can you repost your infrastructure just with what you have?

EG:

Source Server
Windows 2008 Machine, hostname =


Destination server??

And the bat file exists on the source server correct?
0
 
serialbandCommented:
Prior to Windows 2008, robocopy was available as a free download with the resource kit.  It has been free since its inception.

I usually add the copyall option to copy permissions.  I also set warnings to one and retries to one, otherwise errors and retries would severely slow down the copies with the default settings.  You can always rerun robocopy to quickly copy over the changes.  It's much quicker after the initial copy, assuming most of your data is static.

Here's a typical command line I run.

robocopy \\155.138.213.111\sourcecode e:\sourcecode /mir /e /v /copyall /w:1 /r:1

There are options to write log files too.  It's more robust than xcopy.

Starting with Windows 7, robocopy can also multi-thread with the /mt: option to speed up your small files copies.
0
 
JHallidayChief Technical OfficerCommented:
xcopy is a throw over from the pre windows XP days and even goes back to MS-DOS I think.  Robocopy is more robust in the way it handles files and is therefore more efficient.  You can do a google search for Robocopy and download it free from Microsoft.

I have used Robocopy for a  variety of solutions including backing up files on a nightly basis.

@serialband the parameter you want is /log:<logfilename> also your use of /w:1 and /r:1 is a good point as well /copyall is a good option for user files but can cause problems for files that are updated by the system as you can sometimes end up with a file that has an obscure permission from a local account etc so something to bear in mind but this is more to do with Windows permissions and the way they work than a problem with Robocopy.

Just to explain the parameters that @serialband uses

/mir - creates a complete mirror copy of the files in the source at the destination
/e - copies everything including empty directories
/v - shows verbose messages good for debugging etc
/copyall - copies all security permissions
/w:1 - waits 1 second before retrying a problematic file good for is you occasionally get locked files
/r:1 - the number of times to retry a locked file

You can also use /eta to give a rough estimate of the time the file will finish copying but its not much use for directories with lots of small files.

/log:<filename> - write a log of the messages to the filename
/log+:<filename> - append a log of messages to the filename.

Hope this makes sense
0
 
sqdperuAuthor Commented:
Windows Server 2008 R2 is the "Source" of the data.  Server Name PSQLDEV1 and shared folder is "SourceCode".  The server has a user account "Backup" with Read/List/execute permissions to SourceCode. The destination server is Windows server 2003.  It runs the bat file once a night via a cheap scheduler program running on it.  I only need/want to copy the files that are new or have change, NOT everything every night.  The new/changed items will be a small amount of data so I'm not all that concerned about the speed.  

The perplexing thing is it all worked fine until the source server changed to Windows 2008.  As near as I can tell, the "Backup" user has all the necessary permissions to the Shared SourceCode folder.  I'd really like to avoid the whole robocopy route if possible, as the XCOPY worked before 2008.

One thing I did notice (and maybe this in normal), in Explorer on 2003 the shared folder had a picture of a hand on the folder.  On 2008, the shared folder looks the same as all the others.

thanks
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
A couple of things:

You said you're using a cheap scheduler to run the bat.  What context is that running under?  Would it be possible to change it to either backup or your own and see if that worked?

If not could you try it via a normal scheduled task?  You can set yourself as the person who runs the execute.  Set it for a different time of day so there are no conflicts.

if you run the bat file manually, are there any issues?
0
 
serialbandCommented:
Just FYI.  Robocopy will only copy new or changed files.

It's also interesting that you don't use the built-in scheduler to run the tasks.
0
 
sqdperuAuthor Commented:
I have been test running the bat file manually in cmd, so it is not a scheduler issue.

I was not aware of a built-in GUI interface scheduler in Windows Server 2003.  I work at a manufacturing plant.  I have multiple jobs that run throughout the day.  It is very easy to use this GUI based scheduler to modify and create jobs for various intervals, on workdays, ignoring holidays, inside of specific time frames, etc.

Would I be able to install robocopy on the Windows 2003 machine and pull the data from the 2008 machine?  I don't want to install anything on the 2008 machine.

(serialband - thanks for explaining that robocopy only does the new/changed files.  I didn't realize that and that was one of my concerns.)

thanks
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
you should be able to pull the data the same way, installing it just on the 2003 server.
0
 
JHallidayConnect With a Mentor Chief Technical OfficerCommented:
@serialband that isn't correct there are certain options you can pass to robocopy that will copy files regardless of the archive bit being set or not.  Robocopy is intelligent enough to know if a file has remained unchanged and will not copy it if the file already exists in the destination.

@sqdperu Robocopy has been around since the Windows 2003 and XP days and is a simple command that can be copied to the System32 directory and be called from anywhere there is no restriction on the version of windows (though I've never used it on anything below Windows 2003 or XP).

There is a good article on Microsoft TechNet that explains all the options you can use and can be found here http://technet.microsoft.com/en-us/library/cc733145(v=ws.10).aspx

To get the actual robocopy command tool follow this link http://www.microsoft.com/en-gb/download/details.aspx?id=17657 as part of the Windows 2003 Resource Kit Tools.  Robocopy is also bundled with all version of windows from Windows Vista upwards and Windows 2008 Server upwards.

In regards of where you can run the command it doesn't really matter as long as you set the correct source and destination paths.

Regards

Jon
0
 
sqdperuAuthor Commented:
Ok.  So I installed robocopy on my 2003 machine, used @serialband's string and added the "/log:".    When I run it I get a bunch of "same"  and multiple:

"2013/05/15 10:39:32 ERROR 1314 (0x00000522) Copying NTFS Security to Destination Directory \\155.138.213.111\SourceCode\
A required privilege is not held by the client."

Which is my client - where robocopy is running (2003) or source (2008)?

thanks.

FYI - the end results were:

                Total    Copied   Skipped  Mismatch    FAILED    Extras
     Dirs :      3928        25      3903         0         0       351
    Files :    122078         0    118033         0      4045     15166
    Bytes :  13.804 g         0  13.491 g         0  320.73 m   2.692 g
    Times :   0:00:42   0:00:00                       0:00:00   0:00:42
0
 
JHallidayChief Technical OfficerCommented:
@sqdperu the client is the machine you are running the command on.  It sounds like you have a directory or file somewhere on your source with some different security permissions.  You could try and reset the permissions or run as domain admin (assuming both the source and destination are in the same active directory) or run the command on the source server as the local admin.

Regards

Jon
0
 
sqdperuAuthor Commented:
These are all standalone servers.  No domain.  I am logged into the destination server where I run the command from as Admin.  I guess I don't understand the "file premissions" copying with the file.  I don't know that I even care about that.  No one logs into these servers - they run scheduled jobs and FTP.  The user of these files are myself and another developer.  So as far as we are concerned "we don't care about no stinking permissions" on files.  I just copy them nightly to an extra set of them on disk in case the other server goes down.  (We have backup tapes, but that is more of a hassle.)

So I wonder if I can copy without any regards to file permissions.
0
 
serialbandCommented:
You could also use the Windows 2008 server to run robocopy too.  If you don't care to copy the file permissions, remove the /copyall option

@JHalliday
The default behavior of robocopy with /mir is to copy the changes.  That's the behavior sqdperu wants anyway.
0
 
sqdperuAuthor Commented:
Good News!!!

               Total    Copied   Skipped  Mismatch    FAILED    Extras
     Dirs :      3928         0      3928         0            0         0
    Files :    122078      4045    118033         0         0         0
    Bytes :  13.804 g  320.73 m  13.491 g         0         0         0
    Times :   0:02:37   0:02:05                       0:00:00   0:00:31

    Speed :             2672503 Bytes/sec.
    Speed :             152.921 MegaBytes/min.

---------------------------------------------------------------------------------------------------------------

I ended up using the link from ged325 and changed the "/COPYALL" to "/COPY:DATSO".

Thanks to all who helped me.

So for future reference, this is what my batch file looks like that is now functioning:

NET USE X: \\155.138.213.111\Sourcecode password /USER:PSQLDEV1\Backup
robocopy \\155.138.213.111\SourceCode E:\SourceCode /mir /e /v /COPY:DATSO /w:1 /r:1 /log:D:\SourceCopyLog.txt
NET USE X: /DELETE
0
 
sqdperuAuthor Commented:
Should I be using "/mir" instead of "/COPY:DATSO" with what I'm wanting or does it matter?

thanks
0
 
sqdperuAuthor Commented:
@serialband.   I don't actually have the "X:" drive mapped in explorer permanently.  I just Net Use connect it, copy, and disconnect.  I have no need to have it mapped permanently.  So in that case I have to use Net Use right?  Otherwise, how would it know my login info?
0
 
serialbandCommented:
Robocopy would use the cached credential of the logged in user.  This assumes that you have a domain user, used for logging into both systems, or you use the local admin account.  With the built-in scheduler, you can set it to run as a specific user with the password saved in an encrypted format.  That's actually better than keeping your password in a plain text batch file with the NET USE command.

You'll only need NET USE if you've created independent local user accounts on the 2 systems.  Since you're mapping the drive to X: with the NET USE command, you could just shorten the command within the script.  If you're not using NET USE, then you'll need the full path when you call robocopy.


The /MIR and /COPY are independent.

/MIR -- mirrors the directory structure
/COPY:DAT -- copies the time stamps, file attributes and permissions.  Since you don't care about the permissions, you can remove the S & O.

/E -- is redundant.  It's already included in /MIR  my first answer was a cut & paste of a previous answer with my suggested additions to the options and I did it from memory so I didn't catch that immediately.
0
 
sqdperuAuthor Commented:
Thanks.  It's working great.  I shortened it a bit like you said so now looks like this:

     NET USE X: \\155.138.213.111\SourceCode password /USER:PSQLDEV1\Backup
     ROBOCOPY X:\ E:\SourceCode /mir /v /COPY:DAT /w:1 /r:1 /log:D:\SourceCopyLog.txt
     NET USE X: /DELETE
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
glad you got it working.
0
 
JHallidayChief Technical OfficerCommented:
Good work sqdperu rather than use a clear text password in your script you can set-up a scheduled task in Windows to run the following script

ROBOCOPY \\155.138.213.111\SourceCode e:\SourceCode /mir /v /COPY:DAT /w:1 /r:1 /log:D:\SourceCopyLog.txt

Open in new window


In the options for your scheduled task you can set it to run as a specific user and you can specify your PSQLDEV1\Backup user there.  The password will be hashed so will be unreadable and more secure.

Regards

Jon
0
 
sqdperuAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.