ITAM - Attempting to Authorize Users results in the error: Access denied
search cancel

ITAM - Attempting to Authorize Users results in the error: Access denied

book

Article ID: 32050

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER CA Service Management - Asset Portfolio Management

Issue/Introduction

When navigating to Administration -> User Management -> Authorize Users link, this error occurs: 

Error: Exception has been thrown by the target of an invocation

 

If one tries to access the above functionality on the web browser on the main ITAM Server, one may also see additional information:

 

Server Error in '/ITAM' Application. 

________________________________________

Access to the path 'audit' is denied. 

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 

Exception Details: System.UnauthorizedAccessException: Access to the path 'audit' is denied. 

 

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

 

Stack Trace: 

 

[UnauthorizedAccessException: Access to the path 'audit' is denied.]

CA.Common.Web.Services.DataBroker.Read(String PageID, String sortExpression, List`1 ReturnAttributes, List`1 KeyAttributes, String DataClassName, ReadType ReadType, Boolean IsSingleRecordEdit, Int32 StartRowIndex, Int32 MaximumRows, String BoundControlID, OOCriteria Criteria, String ParentClassName, Boolean IsMultiSelectSearch, QueryTop Top, ForeignKeyTenantDetail foreignKeyTenantDetail, String skipChildClassPath) +3716

 

Environment

CA IT Asset Manager 17.3 +

Cause

Access to the path 'audit' is denied

Resolution

Update the CA IT Asset Manager WEB server eiam.config file to point to the full path name of the eiam.log4net.config file:

  1. Login into the CA IT Asset Manager webserver.
    Edit the <drive:>\Program Files (x86)\CA\ITAM\Web Server\ eiam.config file
    Locate the following text: <LoggerConfiguration file="eiam.log4net.config"/> 
    Modify this text to add the complete path to the eiam.log4net.config file
        Example:  <LoggerConfiguration file="D:\Program Files (x86)\CA\ITAM\Web Server\eiam.log4net.config"/>
  2. Locate the line that reads:  <Saf directory = "audit" /> and comment it out.
    Example:   <!-- Saf directory = "audit" />  --> 
  3. Save and close the eiam.config file
  4. Edit the <drive:>\Program Files (x86)\CA\ITAM\Web Server\eiam.log4net.config file 
    Locate the entry
        <root>
                <level value="TRACE" />  
    Change TRACE to FATAL
  5. Save and close the eaim.log4net.config file
  6. Perform an IISRESET on the CA IT Asset Manager Web server

 

Update the CA IT Asset Manager APPLICATION server eiam.config file to point to the full path name of the eiam.log4net.config file. 

  1. Repeat the above steps 1-6, but use the eiam.config and eiam.log4net.config files located at <drive:>\Program Files (x86)\CA\ITAM\Application Server
  2. Restart the CA IT Asset Manager services on the CA IT Asset Manager Application server

 

If the steps above do not resolve the problem, then follow the extra step below:

Warning: Exercise extreme caution when using the Registry Editor. If you edit the registry incorrectly, serious problems might occur that could require a complete reinstallation of the operating system which could result in data loss. Before making any modifications, please be sure to back up the registry. Backing up your registry, allows you to restore it if a problem occurs. 

 

Edit the registry to grant permissions for the Network service account to create a custom event log

  1. Log on to the CA IT Asset Manager Web server as an administrator.
  2. Click Start, click Run, type regedit in the Open box, and click OK. The Registry Editor window appears. 
  3. Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security", Right click on security and select permissions. 
    Click add, select "Network Service", give it read permissions and click "OK". 
  4. Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog", right-click Eventlog, and then click Permissions. Permissions for Eventlog dialog box appears. 
  5. Click Advanced. The Advanced Security Settings for Eventlog dialog box appears.
  6. In the Name column, double-click the Users group.  The Permission Entry for Eventlog dialog box appears.
  7. Select the Set Value and the Create Subkey check boxes, and then click OK.
  8. Close the Registry Editor.
  9. Repeat the above steps 1-8 on the CA IT Asset Manager Application server.
Powered by Wolken Software