GetNamedSecurityInfo error: Access Denied during scans

book

Article ID: 160158

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

When reviewing the FileReader0.log file the following error appears:

Apr 21, 2009 11:17:53 PM com.vontu.directorycrawler.DiscoverNativeFile handleError
WARNING: Native informations of file '\\somecomputer\someshare\somefile' couldn't be retrieved: GetNamedSecurityInfo error: Access DeniedThe filename, directory name, or volume label syntax is incorrect.

Resolution

Correlate the error in FileReader log with the ScanDetail log, and check to see if the file was actually scanned: 

ScanDetail log

"Apr 21, 2009 11:17:53 PM","INFO","scan name 04/21/09 - 8:00 PM","COMPLETED_ITEM","//somecomputer\someshare\somefile' ","268800","","","",""

The reason for this error is that the target share is not allowing SID lookup.  A way to correct this problem is to do the lookup from the discover server itself.  Modify the crawler.properties in \vontu\protect\config directory as follows:

filesystemcrawler.localusernamelookup = true

Restart the Vontu Monitor service after making this change.