Overview
This article describes the error and its resolution when the GFI Archiver services are configured to run under DOMAIN\Administrator (a domain admin account). When the user opens the web page and the Archive tab, the error 'The server could not process the request due to an internal error...' is shown, and no items are displayed.
Other pages load fine for DOMAIN\Administrator. When other users log into the web site and open, the Archive tab works fine too.
This error is logged in ASPNET/UI:
"#00002430","#00000026","error ","RemoteCommunication","ERROR: Exception during backend communication, Exception: System.ServiceModel.Security.SecurityAccessDeniedException: Der Zugriff wurde verweigert. ; ;Server stack trace: ; bei System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter) ; bei System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) ; bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) ; bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) ; bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) ; ;Exception rethrown at [0]: ; bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) ; bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) ; bei MArc.Store.IAuditDataUpload.VerifyAuditId(Nullable`1& currentAuditId, String applicationId, String userName, String userDisplayName, Guid userGuid, String ip) ; bei MArc.Web.RemoteCalls.CommunicationStore_AuditDataUpload.VerifyAuditId(Nullable`1& currentAuditId, String applicationId, String userName, String userDisplayName, Guid userGuid, String ip), Details: Instance_Store_AuditDataUpload.VerifyAuditId()"
Note: The error shown above is from a German system. The relevant error translates into: "Access denied"
IMPORTANT: Running services under DOMAIN\Administrator is NOT default nor is it recommended! The GFI Archiver services should normally run under Local System. In some situations, running the services under a domain admin account can be a workaround for certain issues.
Environment
GFI Archiver Build 20141117
Resolution
- Upgrade to GFI Archiver 2015 SR1 build 20150218 or newer and then set service account as desired again.
- A workaround to resolve this issue is to:
- Create another domain admin user in Active Directory. (e.g., DOMAIN\Administrator2)
- Configure all GFI Archiver services (except the VSS service) to run under DOMAIN\Administrator2.
Note: This is meant as a service account. Thus, when opening the Archive tab as this user, it will still fail, but the original Administrator will not face the issue anymore.