Robocopy fails with security error copying "from nas to nas". Why? - ntfs

tl;dr
robocopy has security problems copying from 'nas to nas'
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you.
Summary
I'm running into "windows permission problems" when making backups using using the following:
powershell
robocopy
Windows 2008R2
Windows task scheduler
Task Scheduler output
Taskscheduler runs under user domain account "OPS\backupuser"
The script succeeds when it copies "from local drive" "to the backup nas"
However it fails when the script copies "from another nas" "to the backup nas"
In pictures...
Success: local drive --copy-to--> backup NAS
Fails: another NAS --copy-to--> backup NAS
Output
Robocopy fails with exit code 16.
Here is detailed output:
-------------------------------------------------------------------------------
ROBOCOPY :: Robust File Copy for Windows
-------------------------------------------------------------------------------
Started : Thu Jul 07 22:22:11 2016
2016/07/07 22:22:26 ERROR 1265 (0x000004F1) Getting File System Type of Source \\app-data-nas.hosting.acme\bazapp$\production\foo_industries_prod\
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
Source - \\app-data-nas.hosting.acme\bazapp$\production\foo_industries_prod\
Dest : \\dr-backup-nas\AppDR$\ALL_DR\FOO_INDUSTRIES_DR\foo_industries_prod\
Files : *.*
Options : *.* /NDL /S /E /COPY:DT /PURGE /MIR /B /NP /R:0 /W:1
------------------------------------------------------------------------------
Other points
1) Because I the environment is 'locked down', I could not run this from the command line, either as :
my own account
my own account with elevated command prompt
OPS\backupuser
2) I tried adding '/NODCOPY' , but robocopy failed; apparently we don't have the hotfix for this option.
Thanks in advance!

NAS drives are not Windows drives. You have to map to them uniquely and with certain admin privileges to make them "see" you're trying to copy stuff into them.
First map a drive to the NAS system using NET USE
Next copy the file(s) using ROBOCOPY thus...
robocopy <source path> <nas path> <file(s)> /s /j /r:2 /w:5 /log+:robocopy.log
Place it all inside a CMD file and run it from a Task Scheduler on your Windows server.

>
>
>NAS drives are not Windows drives. You have to map to them uniquely and with certain >admin privileges to make them "see" you're trying to copy stuff into them.>
>
>First map a drive to the NAS system using NET USE
>
>Next copy the file(s) using ROBOCOPY thus...
>
>robocopy <source path> <nas path> <file(s)> /s /j /r:2 /w:5 /log+:robocopy.log
>Place it all inside a CMD file and run it from a Task Scheduler on your Windows server.
>
You forgot:
/FFT #":: assume FAT File Times (2-second granularity)" -ensures the copy ignores OS file system while copying in ROBOCOPY
/Z #":: Includes LARGE file copy restart" - restarts large file copying where the copy left off in the file, instead of starting over again. Like in a 500 GB file it restarts at the byte the copy stopped at, in case you need to schedule offline copying and don't want large files to prevent the copy progression (will ONLY start over if the file date changed!)
/xo #"exclude older files" -copies all new files - something useful to retry copies in Scheduled task Job of Robocopy...
All these are useful in NAS copying... as they tend to have issues resolved by these switches in ROBOCOPY.

Related

MARS Backup (system state) backup failing - Windows server 2012

MARS Backup - system state backup failing
I am having issues with few servers, where the system state is not getting backup.
MARS system backup failure
I did follow the article below and attempt it, by changing the scratch folder to different location, it did not made any difference.
How do I change the cache location for the MARS agent?
Run this command in an elevated command prompt to stop the Backup engine:
Net stop obengine
If you have configured System State backup, open Disk Management and unmount the disk(s) with names in the format "CBSSBVol_".
By default, the scratch folder is located at \Program Files\Microsoft Azure Recovery Services Agent\Scratch
Copy the entire \Scratch folder to a different drive that has sufficient space. Ensure the contents are copied, not moved.
Update the following registry entries with the path of the newly moved scratch folder.
Table 2Registry path Registry Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config
ScratchLocation
New scratch folder location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config\CloudBackupProvider
ScratchLocation
New scratch folder location
Restart the Backup engine at an elevated command prompt:
command Copy
Net stop obengine
Net start obengine
Run an on-demand backup. After the backup finishes successfully using the new location, you can remove the original cache folder.
Can I please have some advice, as I have got few servers where the system state is not being backed up.
This is actually a failure in the Windows Server Backup operation. See this KB article for steps on how you can modify required registry keys to fix the Windows Server Backup failures.
https://support.microsoft.com/en-us/help/4053355/microsoft-azure-recovery-services-agent-system-state-backup-failure

robocopy /b access denied

I'm going nuts over Robocopy. I want to create a 1:1 exact copy (including data, and permissions of each file & folder) of two local volumes. Actually, they are located on different physical HDD's. Say I have A:\ and B:\. I just want to copy all of the stuff from A:\ to B:\.
So, I tried this command:
robocopy A:\ B:\ /e /b /copyall /dcopy:T
But I keep getting access denied errors. Same results with /zb switch. I am using elevated/admin privileges in Win7 to run the Robocopy commands in command prompt.
I found a Microsoft hotfix, which fails to install on my machine, not sure if it would remedy my problem (KB979808).
I don't know if the problem is the commands, Robocopy itself, or the operating system.
Any ideas?
For whatever reason, right-clickind and running the command as Administrator doesn't work, but if you go into safe mode, the command works fine - you have admin rights.

How to run a CruiseControl task as an administrator in Windows Server 2008

I'm currently using CruiseControl.NET to automate my build. We have two different ways to build a solution in my build environment - one is through the Keil uVision4 IDE, the other is through Visual Studio 2008.
I've successfully gotten the Visual Studio solution to build properly using CruiseControl.NET and have created a batch file which properly uses Keil's uVision command line interface to compile my uvproj Project (compilation details here).
Problem Description
1) I can successfully execute the build script on my Windows 2008 server and build the project if I create a command prompt with administrator privileges (I'm doing this manually - start -> run -> cmd with ctrl-shift-enter to run as admin).
2) However, if I create a command prompt without administrator privileges, and attempt to execute the batch file, the batch file won't work unless I accept the prompt asking me to confirm admin rights are required to run the batch script.
How do I automatically execute a batch file as an administrator through CruiseControl?
Is this something that could be automated using the RunAs command?
Technical details
1) The batch file being executed is pretty simple - it deletes the old output and re-makes the output, creating a build log file in the location below.
set BuildLogLocation=BuildLog\BuildLog.txt
echo on
cd ../..
cd PTM
rmdir /s /q output
mkdir output
mkdir BuildLog
C:\Keil\UV4\UV4.exe -r myProj.uvproj -o %BuildLogLocation%
echo ErrorLevel of build is %ERRORLEVEL%
echo build complete, see %BuildLogLocation%
2) Currently I'm looking to use the Exec functionality to run the Keil build script above:
<Exec>
<Command>C:\myProject\Build\KeilBuild\BuildScript.bat<Command/>
<buildTimeoutSeconds>600<buildTimeoutSeconds/>
<!-- Details about error codes can be found here:
http://www.keil.com/support/man/docs/uv4/uv4_commandline.htm -->
<successExitCodes>0,1</successExitCodes>
<Exec/>
Related questions:
How can I use a build server with Keil uVision4 (MDK-ARM), script a build, use a makefile? (Electrical Engineering)
Execute a command-line command from CruiseControl.NET (Stack Overflow)
Can you run CCService, the CruiseControl.NET Windows Service, as a user who has administrative permissions? I'd try that first.
If that doesn't work, I would use runas to run your script. You'll have to embed the administrative user's password in the script calling runas.
I know this is old but, Did you get an offical way to do it Via Cruise Control?
Normally I create this and call it to call other processes "As Admin".
Make a ".VBS" script with This in the contents:
Dim strBatchPath
strBatchPath = "PATH-TO-FILE.EXE"
Set runBatch = CreateObject("shell.application")
runBatch.shellexecute strBatchPath,,,"runas",1
That could be an option to people that can't find an official way
You could try psExec from sysinternals. If you don't need to run as a nt-authority account you should be able to use this in the same way as runas.
It allows you to pass in the username/password as a switch (if memory serves)
I have Discovered that when using PSEXEC and using the -h switch, it then "runs as admin" on destination
e.g.
psexec -h \ServerToRunOn /accepteula -u DOMAIN\USER -p PASSWORD "PATH-TO-FILE"
I am Using CC.Net to call a batch file with the above in. This will run that file as Admin

run a command line entry in windows xp on login

I am having issues with credentials being cached on a few of the laptops that area available to students at my university.
I have found that if i remove (remove not edit to NULL) a registry entry at
HKEY_CURRENT_USER\Software\Microsoft\EAPOL\UserEapInfo
this solves the problem.
Im also pretty sure that this will delete the registry entry through the command line
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\EAPOL\UserEapInfo /f
What I need to know is how to make this line run when the machine is logged into.
A Scheduled Task maybe what you are looking for:
save your command into a .bat file somewhere
Go to Control Panel > Scheduled Tasks > Add Scheduled Task
config the scheduled task to run your .bat file, and schedule it to run "when I logon"

Database Backup Robocopy

I have job that runs every 15 minutes that uses robocopy to copy a backup of the tranaction logs to a different server. This job is failing USER has full access rights to both home folder and the destination folder.
JOB SQL:
robocopy "e:\Backup\SQL02$PROD"
"\SERVER\DRIVE$\prod\sql\backup\" /MIR /E /Z /NS /NFL /NDL /NJH /NP /R:10 /W:30
if %errorlevel% LSS 8 set errorlevel=0
Error Log:
Date 22/06/2010 09:05:00
Log Job History (Sync Production backup to app040)
Step ID 1
Server NDAHHSQL02\PRODUCTION
Job Name Sync Production backup to app040
Step Name robocopy production
Duration 00:00:00
Sql Severity 0
Sql Message ID 0
Operator Emailed
Operator Net sent
Operator Paged
Retries Attempted 0
Message
Executed as user: DOMAIN\USER. 2010/06/22 09:05:00
ERROR 5 (0x00000005) Getting File System Type of Destination \\SERVER\DRIVE$\prod\sql\backup\ Access is denied.
2010/06/22 09:05:00 ERROR 5 (0x00000005) Creating Destination Directory \\SERVER\DRIVE$\prod\sql\backup\ Access is denied. Process Exit Code 16. The step failed.
I have solved the issue Although the folder had permissions for the account to copy files accross it did not have share permissions set on the root drive.
Link to share permissions tutorial
The user does not have access to write the backup file to \SERVER\DRIVE$\prod\sql\backup\.
Should it read \\SERVER?
You could use NET USE to first mount the server location as a drive and then write to it.
You could test with some small file instead of a backup