Hi, I have tried to move Vault Services (not database) to a Windows 2003 machine on a domain. All went well except Shadow Folders.
I read up and knew I had to put impersonation on for 2003 especially since I need to go across servers for shadow foldering.
The error I am getting from the shadowfolder log is
20/08/2004 02:37:10 <refresh>: [<null>:5488] Uncompress finished, reading into memory from disk
20/08/2004 02:37:10 <refresh>: [<null>:5488] Successfully read from disk into memory, delta loaded
20/08/2004 02:37:10 <refresh>: [<null>:5488] GetRepositoryStructure finished
20/08/2004 02:37:10 <mutex>: [<null>:5488] Took mutex 1564
20/08/2004 02:37:10 <mutex>: [<null>:5488] Released mutex 1564
20/08/2004 02:37:10 <generic>: [<null>:5488] Vault's Shadow Folders encountered an exception attempting to get the repository structure for TIMS. Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
20/08/2004 02:37:10 <mutex>: [<null>:5488] Took mutex 1328
20/08/2004 02:37:10 <mutex>: [<null>:5488] Released mutex 1328
20/08/2004 02:37:10 <generic>: [<null>:5488] Vault Shadow Folder encountered a problem: Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
20/08/2004 02:37:10 <mutex>: [<null>:5488] Took mutex 1328
20/08/2004 02:37:10 <mutex>: [<null>:5488] Released mutex 1328
The account I am using is the same one I used to install Vault Services (admin). The appdata exists. The log shadowlog has been put in the c:\windows\temp directory rather than the shadowuser\local files\temp directory. I have checked all the file permissions.
When I installed the Vault Services I selected Option 1 - Network Service, Pointed to the old database on another server, then edited the shadow folder web.config file. (which is attached)
When I try and create a shadow folder it does it very quickly with no error messages.
Its now pretty early in the morning here. I believe I have read all relevant postings...do you see something really obvious
Version is V2.05 on Windows 2003 Server (Not DC) in a domain.
Thankful for any assistance
Bill Bell
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="c#" debug="false" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors mode="RemoteOnly" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication mode="None" />
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<!-- <authorization> -->
<!-- <allow users="*" /> -->
<!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
<!-- </authorization> -->
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
<!-- IIS RUNTIME SETTINGS
httpRuntime Attributes:
executionTimeout="[seconds]" - time in seconds before request is automatically timed out
maxRequestLength="[KBytes]" - KBytes size of maximum request length to accept
useFullyQualifiedRedirectUrl="[true|false]" - Fully qualifiy the URL for client redirects
minFreeThreads="[count]" - minimum number of free thread to allow execution of new requests
minLocalRequestFreeThreads="[count]" - minimum number of free thread to allow execution of new local requests
appRequestQueueLimit="[count]" - maximum number of requests queued for the application
-->
<httpRuntime executionTimeout="86400" maxRequestLength="10240" useFullyQualifiedRedirectUrl="false" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="100" />
<!-- IDENTITY / IMPERSONATION SETTINGS
Controls the application identity of the Web application
impersonate Specifies whether client impersonation is used on each request.
true - Specifies that client impersonation is used.
false - Specifies that client impersonation is not used.
userName - Specifies the user name to use if impersonate is set to true.
password -Specifies the password to use if impersonate is set to true.
-->
<identity impersonate="true" userName="TWA\TRSUPPORT" password="xxxxxx" />
</system.web>
<appSettings>
<!--
enableLogging turns on client-side logging to a file in your temp directory (%TEMP%).
If you think you have this file configured properly, but no log file appears
in your temporary directory, check the system event log (we send messages there if we
can't open the log file).
<enableLogging> settings:
value="[true|false]" - When true logging is enabled, when false no messages will be logged.
-->
<add key="enableLogging" value="true" />
<!--
classesToLog lets you filter some log messages by class name. SourceGear support will be
able to suggest the appropriate class names to use for specific problems. "all" will
result in lots and lots (really) of messages.
<classesToLog> settings:
value="class1,class2,class3,..." - Log these classes; separate with commas.
value="all" - Log all messages from all classes.
-->
<add key="classesToLog" value="all" />
<!--
includeLoggingStackTraces includes stack traces with each log message in the client-side log.
enableLogging must be set to "true" for this to have any effect.
<includeLoggingStackTraces> settings:
value="[true|false]" - When true stack traces are included, when false they are not.
-->
<add key="includeLoggingStackTraces" value="false" />
<!--
includeThreadInfo includes thread names and IDs with each log message in the client-side log.
enableLogging must be set to "true" for this to have any effect.
<includeThreadInfo> settings:
value="[true|false]" - When true thread info is included, when false it is not.
-->
<add key="includeThreadInfo" value="true" />
<add key="shadowfolder_login" value="admin" />
<add key="shadowfolder_password" value="43LVRDyYad5cGCotvEg06RM1CFq/iNBP" />
<add key="shadowfolder_vaultserver" value="http://172.20.252.218/VaultService" />
<add key="shadowfolder_workingfolderassociations" value="Shadow Folder Associations">
<rep repid="6">
<sfa assoc_key="6:$/tims production-\\dtf043\timsvault" reppath="$/TIMS Production" localpath="\\DTF043\TIMSVAULT" readonly="False" repid="6" />
</rep>
</add>
</appSettings>
</configuration>
Folder Problems
Moderator: SourceGear
More Information
Looking at other posts, support asks if the user can create directories under the guid in the appdata. Yes I can.
When doing this I discovered that the read-only attribute is set all the way down from the shadow users top directory under documents. When I try and unset it and go back and check, it has been reset to readonly. Inheritance has been turned off.
Does this help
Bill.
When doing this I discovered that the read-only attribute is set all the way down from the shadow users top directory under documents. When I try and unset it and go back and check, it has been reset to readonly. Inheritance has been turned off.
Does this help
Bill.
Yes, have logged into the machine running shadow folders, I installed it using this logon, I also used it to startup the admin program try and create the shadow folders.
Never installed the client gui on the server. Have just done so, was able to logon and browse about. I tried to recreate the folder using the admin tool, same quick response time. Got the same errors in the log
20/08/2004 08:31:45 <refresh>: [<null>:6048] Successfully read from disk into memory, delta loaded
20/08/2004 08:31:45 <refresh>: [<null>:6048] GetRepositoryStructure finished
20/08/2004 08:31:45 <mutex>: [<null>:6048] Took mutex 1472
20/08/2004 08:31:45 <mutex>: [<null>:6048] Released mutex 1472
20/08/2004 08:31:45 <generic>: [<null>:6048] Vault's Shadow Folders encountered an exception attempting to get the repository structure for TIMS. Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
20/08/2004 08:31:45 <mutex>: [<null>:6048] Took mutex 1424
20/08/2004 08:31:45 <mutex>: [<null>:6048] Released mutex 1424
20/08/2004 08:31:45 <generic>: [<null>:6048] Vault Shadow Folder encountered a problem: Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
20/08/2004 08:31:45 <mutex>: [<null>:6048] Took mutex 1424
20/08/2004 08:31:45 <mutex>: [<null>:6048] Released mutex 1424
Where to from here
Never installed the client gui on the server. Have just done so, was able to logon and browse about. I tried to recreate the folder using the admin tool, same quick response time. Got the same errors in the log
20/08/2004 08:31:45 <refresh>: [<null>:6048] Successfully read from disk into memory, delta loaded
20/08/2004 08:31:45 <refresh>: [<null>:6048] GetRepositoryStructure finished
20/08/2004 08:31:45 <mutex>: [<null>:6048] Took mutex 1472
20/08/2004 08:31:45 <mutex>: [<null>:6048] Released mutex 1472
20/08/2004 08:31:45 <generic>: [<null>:6048] Vault's Shadow Folders encountered an exception attempting to get the repository structure for TIMS. Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
20/08/2004 08:31:45 <mutex>: [<null>:6048] Took mutex 1424
20/08/2004 08:31:45 <mutex>: [<null>:6048] Released mutex 1424
20/08/2004 08:31:45 <generic>: [<null>:6048] Vault Shadow Folder encountered a problem: Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
20/08/2004 08:31:45 <mutex>: [<null>:6048] Took mutex 1424
20/08/2004 08:31:45 <mutex>: [<null>:6048] Released mutex 1424
Where to from here
Its as if the shadow folder web service is not being impersonated correctly. The path error should read something like: 'C:\Documents and Settings\TWA.TRSUPPORT\SourceGear\Vault_1\PluginWebService\...'. When impersonation is not configured correctly, the base location of the directory cannot be found, just as you are seeing.Access to the path "SourceGear\Vault_1\PluginWebService\CD1BC255-2B6F-4D7E-A014-3641537F89CF\admin" is denied.
Your posting of Vault Shadow Folder's web.config looks correct. TRSUPPORT is the name of a Windows account on the TWA domain.
Can you double check that TWA\TRSUPPORT was created with all the correct .Net permissions mentioned in FAQ: Configuring Shadow Folders for UNC Paths
Also, you might want to double check the password. Since the plain text password is stored in an xml based file, make sure any &, <, >, or " in the password are escaped to & < > or "
Jeff Clausius
SourceGear
SourceGear
One other thought here:
This would only work on IIS 6.
- Create a new Application Pool specifically used for Shadow Folders
- In this new App Pool, change the identity to be TWA\TRSUPPORT
- Modify the Vault Shadow Folder virtual directory so it is using this new App Pool
- Within Vault Shadow Folder's web.config, turn off identity impersonation.
What this does is force the Vault Shadow Folder web service to run under the TRSupport account.
At this point, this is all guess work. But an idea that might work.
This would only work on IIS 6.
- Create a new Application Pool specifically used for Shadow Folders
- In this new App Pool, change the identity to be TWA\TRSUPPORT
- Modify the Vault Shadow Folder virtual directory so it is using this new App Pool
- Within Vault Shadow Folder's web.config, turn off identity impersonation.
What this does is force the Vault Shadow Folder web service to run under the TRSupport account.
At this point, this is all guess work. But an idea that might work.
Jeff Clausius
SourceGear
SourceGear
YES YES YES
IT WORKED IT WORKED.
Took out the impersonate line
Assigned the ShadowFolder to a new Application Pool that I created with the TRSUPPORT user as the identity.
And she's now cooking with gas.
Fantastic Jeff, Thanks very much for your help. Maybe now I can get some sleep with management off my back.
Thankyou.
Bill
IT WORKED IT WORKED.
Took out the impersonate line
Assigned the ShadowFolder to a new Application Pool that I created with the TRSUPPORT user as the identity.
And she's now cooking with gas.
Fantastic Jeff, Thanks very much for your help. Maybe now I can get some sleep with management off my back.
Thankyou.
Bill
