Permissions required for DTSCLI Securitymode fail

Article Id: 103752

Status: Published

Updated On: 28-06-2018 18:12

Products:

CA Automation Suite for Data Centers - Configuration Automation , CA Client Automation - Asset Management , CA Client Automation - IT Client Manager , CA Client Automation , CA Client Automation - Remote Control , CA Client Automation - Asset Intelligence , CA Client Automation - Desktop Migration Manager , CA Client Automation - Patch Manager

Issue/Introduction:

Using the DTSCLI command with securitymode=fail to transfer files from one agent to another using the following command:

dtscli -a ipath="<Path to file>" iuser=<username>::<password> rpath="<TargetServer>::"<Path\filename>" ruser=<username>::<password> output_mode=c "f_filters=:CREATE_PATH" "p_filters=BINARY_READ:BINARY_WRITE AES256_ENCRYPT:AES256_DECRYPT" retry_limit=0 throttle=5

However, the transfer fails with the following error:
CLI0544 Transfer failed: E (390) Security violation: userid or password is not correct. role=Initiator (390).
Transfer state: FAILED

Note: DTSCLI Securitymode configuration policy parameter is present under DSM->Data Transport Service (DTS)->Data Transport Agent Plugin

<Please see attached file for image>

What permissions are required when the authentication for DTS transfer between agent to agent using the DTSCLI command is set to securitymode=fail?

Environment:

All versions of CA Client Automation

Resolution:

For the DTSCLI command to read files from the source, the 'iuser' account on the source needs read permissions.

Similarly, to write on the target, the 'ruser' account needs write permissions.

For the user account to also be able to connect to the machine to initiate anything, log on locally rights are required.

For more information on the DTSCLI parameters please refer the following link:
https://docops.ca.com/ca-client-automation/14-0/en/reference/dts-command-line-reference/agent-to-agent-transfers