Can't connect network node - Access Denied

I have been testing trial version of SPD 3.3.0.16.  Running locally on an XP machine, no problem.  If I try to set up and connect to another computer on my home network (create network node), I get "access denied" error.  I am very interested in this product, but only if I can get network connections working.

Problem:

  1. Testing connections between an XP-SP3 machine and (a) XP-SP2 machine, and (b) a Vista Ultimate SP1 machine.
  2. Creating a node for either of these machines, can "browse" and get server address,  but press "connect" and I get "access denied.

 Troubleshooting tried:

  1. All machines are on same workgroup, and this username has admin access.
  2. In "Auth Settings", am not sure what should go in "Domain Name", but by looking at format used in "Destinations" settings, I am using "\"
  3. modified "DCOM" security settings to specifically add user name and allow "remote" connections - no luck.
  4. Tried XP-XP connections as well as XP-Vista and same problem.

Other Items noticed:

  1. If I connect the XP machine to "localhost" , and then try to add destinations, I get "access denied" for any location that is not shared for "everyone".  I have rechecked my username share settings and NTFS securities, and they all look ok to allow username specific access.
  2. Only the connection to "local host" shows "License Active" (I assume cannot be active if cannot connect?).

I am not sure what to try next.  Network browsing and folder access seems ok through windows, but not connecting in SPD.

Have searched the net and knowledge base and can't seem to find a solution.  Probably something simple. 

Looking to replace Acronis, but this is a show-stopper.  Any troubleshooting help greatly appreciated.

Comments

FTTester

Re: Can't connect network node - Access Denied

When you log into the Vista box, start up SP and select "Connect to localhost", is there a problem?

Temporarily disconnect the boxes from the internet and shut down any firewalls. Re-test the connection. If not problems, tweak the firewall. It needs to allow the DCOM access, tcp port 135 (I think).

Unless you are using a DC, leave the Domain Name blank.

Try using the SP console (GUI) on the Vista machine to connect to the XP box.

singlemalt8

Re: Can't connect network node - Access Denied

 Thanks for the quick response FFTester! 

 I tried your suggestions & included my [answers] below.

[quote user="FTTester"]

When you log into the Vista box, start up SP and select "Connect to localhost", is there a problem? [ No.  Connects no problem ]

Temporarily disconnect the boxes from the internet and shut down any firewalls. Re-test the connection. If not problems, tweak the firewall. It needs to allow the DCOM access, tcp port 135 (I think).
[ I am using the XP and Vista firewalls.  I tried dissabling both and got same response -- but I did not disconnect from internet as it's a bit difficult w/o losing network connections.  IF critical, I can do it...]

Unless you are using a DC, leave the Domain Name blank. [ok.  will do]

Try using the SP console (GUI) on the Vista machine to connect to the XP box. [same result when trying to create Node. access denied.  I am able to create a network share "destination" onto the other computer, but for some reason cannot create a network node].

[/quote]

I am assuming I need a network Node created if I want to run "jobs" to image remote computers.  That is what I am trying to achieve.

Other ideas how to narrow this down?

FTTester

Re: Can't connect network node - Access Denied

Yeah, there is a simple tool from Microsoft that you can use to check a DCOM connection between two machines.

http://support.microsoft.com/kb/259011

Make sure you can ping the client computer first. If you run the server component on Vista, you'll need to run from a cmd.exe shell that you start as Administrator.

singlemalt8

Re: Can't connect network node - Access Denied

 Awesome.  Let me try the tool and report back.  At least I can confirm the DCOM piece.  Thanks for the tip!

singlemalt8

Re: Can't connect network node - Access Denied

 Thanks for all the assistance.  I just seem to be going backwards on this.  I would not think this should be so hard... :-(

When I try to run the DCOM test following the instructions provided by MS,  i get and error and cannot run test.

Steps:

  1. download app from http://support.microsoft.com/kb/259011
  2. extract file to C:\Test
  3. run Command.com (with admin privileges)
  4. type "regedit tstsrv.reg" at command prompt and press Enter

Get prompt back with: "Are you sure you want to add the information in tstsrv.reg to the registry?"  Select YES.
ERROR returned: "Cannot import tstsrv.reg: Error opening the file.  There may be a disk or file system error"

I get same result if I run this on XP-SP2, XP-SP3, or Vista SP1.  I also tried re-downloading and extracting tool, but same result.

BTW, I have no problem pinging the machines on the network.

Sorry if I am missunderstanding, but I am not sure what to try next...

FTTester

Re: Can't connect network node - Access Denied

Yeah, it should not be difficult. Scrub the DCOM tool. (Sounds like the download was probably corrupt. I just double checked it on my XP box, and it was fine. You can actually rename the tstsrv.reg to tstsrv.txt and open it with Wordpad. I bet there's something screwed up in there - it is just text).

Do you have all the related services running on the boxes:

Service settings (as seen in services.msc):

Service Name
Status 
Startup Type

COM+ Event System

Started

Manual

COM+ System Application

Started

Manual

Cryptographic Services

Started

Manual

DCOM Server Process Launcher

Started

Automatic

Microsoft Software Shadow Copy Provider*

Started

Manual

Remote Procedure Call (RPC)

Started

Automatic

ShadowProtect Service

Started

Automatic

StorageCraft Shadow Copy Provider

Started

Automatic

Task Scheduler

Started

Automatic

Volume Shadow Copy

Started

Manual

  Edited: Was missing MS Software Shadow Copy Provider and services not marked as Automatic.

singlemalt8

Re: Can't connect network node - Access Denied

First of all FTTester, thanks for hanging in there with me on this.  I appreciate the efforts (and would love to get it working).

As a note, I did try a re-download of the DCOM test and that did not work either.  After looking at the the files, I tried dblclick install of the .reg file, and then ran tstsrvr.exe, but it just sits there waiting for client response...

anyway, I checked services status.  All are "login as" = Local system.  Not sure if Auto or Manual matter, but "not started" seems to be a concern.  Differences are noted below...

Service
settings (as seen in services.msc):

Service
NameStatus  Startup TypeXP-SP3VistaXP-SP2COM+
Event SystemStartedManualStarted/ManStarted/AutoStarted/ManCOM+
System ApplicationStartedManualStarted/ManNot Started/ManStarted/ManCryptographic
ServicesStartedManualStarted/AutoStarted/AutoStarted/AutoDCOM
Server Process LauncherStartedAutomaticStarted/ManStarted/AutoStarted/AutoDHCP
ClientStartedAutomaticStarted/ManStarted/AutoStarted/AutoRemote
Procedure Call (RPC)StartedAutomaticStarted/ManStarted/AutoStarted/AutoShadowProtect
ServiceStartedManualStarted/AutoStarted/AutoStarted/AutoStorageCraft
Shadow Copy ProviderStartedManualStarted/AutomissingStarted/AutoTask
SchedulerStartedAutomaticStarted/ManStarted/AutoStarted/AutoVolume
Shadow CopyStartedManualStarted/ManNot Started/ManStarted/Man

 
Should I manually start the services (not sure what to do about the missing service though...)?

singlemalt8

Re: Can't connect network node - Access Denied

 Other odd thing is, I can't get XP-SP3 to work with XP-SP2 either (so it's not just the Vista services problem)...

Neocom-Kev

Re: Can't connect network node - Access Denied

It appears that DCOM \ WMI and DEP all play a part in the connection process.

To test connectivity:

Click Start > Run and type in "Wbemtest". Then connect to the remote machine by typing the path \\servername\root\cimv2. You will either get an access denied type error or it will allow the connection (and the iwbemservices buttons will become active) which is what you want. This test should work both ways between the client-to-server and server-to-client.

If you get an access denied error during this test, then have a look at the following page http://www.microforge.net/kb/62

We had this problem at two totally separate sites and after weeks of trying different things, this finally fixed it.

singlemalt8

Re: Can't connect network node - Access Denied

 Thanks for the comments/suggestions.  I checked the XPSP2 machine (according to http://www.microforge.net/kb/62) and all looked good.  Have not had a chance to check the other two machines (XPSP1 and Vista).  I did try the "Wbemtest" tool between XPSP2 and XPSP1 and got an error of: "The RPC Server is unavailable".  A picture of the settings I used and the error is attached (I hope).  As a side note (RPC?) I have not been able to use "Remote Desktop" even thought Remote Assistance is enabled.  Any next steps appreciated as I am now over my head...

 

AttachmentSize
WMI test _error.png 95.75 KB
STC-JWT

Re: Can't connect network node - Access Denied

 If you are currently running version 3.3 there is a bug in regards to Network Nodes. If you click on the Knowledge Base link at the top of the forum page, go to Uncategorized and click on the linkn for Managing Remote Nodes in ShadowProtect 3.3, there is a patch that you can download that will likely be the resolution to your current problem.

__________________

I am no longer in the technical support department at StorageCraft Technology Corporation. If you need immediate assistance with an issue you are experiencing, please fill out a technical support request from the link below http://forum.storagecraft.com/Community/web2case/

STC-JWT

Re: Can't connect network node - Access Denied

 Here is the link to simplify things.

 

http://na5.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/d?...

__________________

I am no longer in the technical support department at StorageCraft Technology Corporation. If you need immediate assistance with an issue you are experiencing, please fill out a technical support request from the link below http://forum.storagecraft.com/Community/web2case/

singlemalt8

Re: Can't connect network node - Access Denied

JWT,  Thanks for the tip!  I downloaded the patch, installed on the XP.SP2 machine, and re-booted.

Now I have a new error.  If I try to connect to either the a Vista machine or XP.SP1 machine I now get a "connecting" dialog (good!), but after about 10 seconds I get an error of: "Error connecting to server.  The RPC Server is unavailable".

 Any next step advice appreciated.  I think you got be a bit closer to a solution?  I hope so as I would love to get this working...

FTTester

Re: Can't connect network node - Access Denied

Make sure the RPC server is (still) running on the machines, together with any dependent services. Also check that none of the firewalls are blocking anything.

If still no go, can you start up regedit and export (to text file) the following key and post it here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Can you also check the state and startup type of the following two services:
"TCP/IP NetBIOS Helper" 
"Remote Registry"

 

STC-JWT

Re: Can't connect network node - Access Denied

 One other thing that wasn't mentioned in the knowledgebase article. It did occur to me until after I wrote the article, but sometimes deleting the existing network node and recreating is neccessary in order for the patch to have any effect. From what I understand the problem lies in any network node that was created before the patch was applied. Nate or Admin could likely explain the reasons for this better then I, but it has been known to work.

__________________

I am no longer in the technical support department at StorageCraft Technology Corporation. If you need immediate assistance with an issue you are experiencing, please fill out a technical support request from the link below http://forum.storagecraft.com/Community/web2case/

singlemalt8

Re: Can't connect network node - Access Denied

 Thanks JWT.  I have been buried so was not able to try everything yet.  I did find that I had to delete and re-create the node, which got me a bit further (See my notes above), but still unable to connect due to "RPC" error.  I will review your suggestiosn below and see what I can find.  Hope I can get this to work... my 30dy trial copy will expire soon! :)

[quote user="FTTester"]

Make sure the RPC server is (still)
running on the machines, together with any dependent services. Also
check that none of the firewalls are blocking anything.

If still no go, can you start up regedit and export (to text file) the following key and post it here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Can you also check the state and startup type of the following two services:
"TCP/IP NetBIOS Helper" 
"Remote Registry"

 

[/quote]

 

FTTester

Re: Can't connect network node - Access Denied

Hey singlemalt8

I ran a few tests to try to recreate the problem you had. One thing I noticed was that the ForceGuest setting on Windows XP definitely needs to be set to "Classic". If it is not set, SP will not connect (and nor will WMI). You can make that change using Secpol or by just removing the option for simple file sharing:

1. Double-click the My Computer icon on the desktop, or click Start | My Computer.
2. Select Tools | Folder Options.
3. Select the View tab.
4. Clear the Use simple file sharing (Recommended) check box.
5. Reboot

There is no equivalent change required on the Vista box.

The ForceGuest change, together with the other security and firewall changes listed in the other posts, should allow you to use SP to connect between Windows XP machines, and also to Windows Server 2003. You should also be able to connect SP from Vista to Windows XP (though potentially not the other way around). 

One thing I did notice in a previous post, is that you do not have the StorageCraft Shadow Copy Provider service on the Vista machine. That service should be there. If there was a problem with the install, that would explain why it is missing. That might also explain some of the other problems. If you can, run a repair install, or, an uninstall/install.

On the Vista machine, the critical setting seems to be the ShadowStor DCOM settings. You need to define a valid local user account (or Domain user) for ALL of the Security fields. In some of the documentation it seems to leave out the last element. However, if you do not set the Configuration Permissions, the connection will not work to the Vista machine:
Launch and Activation Permissions
Access Permissions
Configuration Permissions

If you do not have a valid account for each of them, SP will not connect to that Vista machine. 

  1. Start | Run | dcomcnfg.exe
  2. Expand: Component Services | Computers | My Computer | DCOM Config
  3. Find the ShadowStor component and double-click to get Properties window
  4. On Security Tab | Launch and Activation Permissions, select "Customize" and click Edit button
  5. Press the Add button and enter the name of the local (or domain) account, e.g. JoeBlow
    Some documents recommend just adding "Everyone" as a listed username/group. Instead, just give the local account
  6. Select the new account (JoeBlow) and make sure the account has full permissions for Launch and Activation
  7. Click OK
  8. On Security Tab | Access Permissions, select "Customize" and click Edit button
  9. Press the Add button and enter the name of the local (or domain) account, e.g. JoeBlow
  10. Select the new account (JoeBlow) and make sure the account has full permissions for Local and Remote Access
  11. Click OK
  12. On Security Tab | Configuration Permissions, select "Customize" and click Edit button
  13. Press the Add button and enter the name of the local (or domain) account, e.g. JoeBlow
  14. Select the new account (JoeBlow) and make sure the account has full permissions for Full Control and Read
  15. Click OK

If you have made the changes in the earlier post(s), the ones in this post, and, have the firewall configured to allow the DCOM traffic, SP should connect fine.

In trying to reproduce the problem you had, I noticed that WBEMTest can issue "The RPC Server is unavailable" error, even when you make the same Security changes to the matching Windows Management Instrumentation (WMI) DCOM service (i.e. adding a domain or local account, such as JoeBlow). In my case it looked like a resource issue (perhaps from running too many test connections). A simple reboot of XP and Vista machine cleared the problem. Even with this problem cleared up, it is still possible that WBEMtest will fail to connect while SP has no problem.

Best of luck