Permissions required for DTSCLI Securitymode fail


Article ID: 103752


Updated On:


CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager


Using the DTSCLI command with securitymode=fail to transfer files from one agent to another using the following command:

dtscli -a ipath="<Path to file>" iuser=<username>::<password> rpath="<TargetServer>::"<Path\filename>" ruser=<username>::<password> output_mode=c "f_filters=:CREATE_PATH" "p_filters=BINARY_READ:BINARY_WRITE AES256_ENCRYPT:AES256_DECRYPT" retry_limit=0 throttle=5 

However, the transfer fails with the following error:
CLI0544 Transfer failed: E (390) Security violation: userid or password is not correct. role=Initiator (390). 
Transfer state: FAILED 

DTSCLI Securitymode configuration policy parameter is present under DSM->Data Transport Service (DTS)->Data Transport Agent Plugin

<Please see attached file for image>

DTSCLI Securitymode Fail


What permissions are required when the authentication for DTS transfer between agent to agent using the DTSCLI command is set to securitymode=fail?


All versions of CA Client Automation


For the DTSCLI command to read files from the source, the 'iuser' account on the source needs read permissions.

Similarly, to write on the target, the 'ruser' account needs write permissions.

For the user account to also be able to connect to the machine to initiate anything, log on locally rights are required. 

For more information on the DTSCLI parameters please refer the following link:



1558700399558000103752_sktwi1f5rjvs16k4h.jpeg get_app