IBM Support

"A Required NT Privilege Is Not Held" on CIFS Share Backup

Technote (troubleshooting)


Problem(Abstract)

When running a Tivoli Storage Manager backup of a mapped drive on a Windows system to a CIFS share, errors may be encountered indicating that required NT privileges are not held by the user running the backup.

Symptom

The error behavior is:

ANS5250E An unexpected error was encountered
 TSM function name : GetFileSecurityInfo
 TSM function : CreateFile() returned '1314' for file {volname}
 TSM return code : 268
 
 A required NT privilege is not held.

Note that this is not the only possible error behavior that can occur
due to this condition.


Cause

There is a technote entitled "IBM Tivoli Storage Manager Statement of Support - Backup and
Restore of NAS File Servers via CIFS" (see link below), which outlines the limitations of support
for CIFS shares on Windows client systems. One of these limitations is that very commonly the
security information for that share cannot be backed up.


Diagnosing the problem

The 1314 is a Windows error and is defined as:


Error code 1314: ERROR_PRIVILEGE_NOT_HELD - A required privilege is not held by the client.

Resolving the problem

When these errors occur, it is usually due to a permissions or access problem, for example if the CIFS file system is on a machine that is not part of the same domain. Specifically if the Tivoli Storage Manager client is not being run with a domain user account and/or that the privileges are not set up to allow the backup to run.


It is advised to investigate the cause for the inability of the backup to obtain the file security information. However, it is possible to avoid the failure by setting the following parameter in the dsm.opt file for the client:

    skipntpermissions yes
Note that this will prevent the client from backing up any Windows security information for any drive that this client processes. To ensure this parameter only applies to the CIFS share backups, a separate dsm.opt file can be created just for these backups, or a separate schedule can be created that contains the "-skipntpermission=yes" in the Options section of that schedule.

NOTE: When the 'skipntpermissions' is enabled, it will alleviate the above error, but the security descriptors (Owner Security Identifier (SID), Group SID, Discretionary Access Control List (ACL), and System ACL) would no longer be stored for the backups. This can necessitate manual updates after a restore is performed for the files that are put in place without the security permissions. Additionally, if the 'skipntpermissions' parameter is updated to 'no', or removed which invokes the default value of 'no', then a full backup will occur.

Related information

TSM CIFS Share Backup Limitations

Product Alias/Synonym

TSM

Document information

More support for: Tivoli Storage Manager
Client

Software version: All Supported Versions

Operating system(s): Windows

Software edition: Edition Independent

Reference #: 1577225

Modified date: 02 December 2016


Translate this page: