Error: Could not connect to the data source because of the following problem. See figure below.
User ran DMSCONVERT which went well, then tried to create the data source and ran into problems.The problem was creating storage areas on new 2008 server and was failing. The problem per the log pointed to adding the computer name/ip to the Trusted Servers and NameResolution sections; where the errors were cleaned up and no useful errors pointed to the real problem. The problem was related to a folder created off the root directory's user permissions. Both userA and the PwSvcUser were local administrators and the user expected that userA could create the storage off the root for the PwSvcUser to use. Due to Windows 2008 WRP design you need to explicitly add ownership to the folder for the PwSvcUser off the root if that user did not create that folder. Once a storage was created by the PwSvcUser (ownership could have been assigned as well) there were no issues adding it in the PW admin.
Below is a simple explanation where the Microsoft admin links to this topic (1st link), a more detailed explanation (2nd link) and a 3rd link (from Microsoft) that explains the admin side of this.
Windows treats files and directories off the Root partition of the Operating system drive in a special manner. If userA creates a folder (folderA) directly off the root directory and has permissions to do so explicitly or implied through the administrator group, they are the owner of that object. Being part of the administrator group only allows you to take control of that object, but not obtain full permissions inherently. When userB part of the admin group goes to write files under userB’s directory off the root userB needs permissions to do so explicitly at that root object level (folderA) so that new files and folders inherited off of folderA will obtain the appropriate access control permissions (ACLs). Windows is protecting files in Windows Vista/2008 with WRP (Windows Resource Protection) that replaces WFP (Windows File Protection) and adds better registry protection and only allowing the Trusted Installer user to directly modify files protected by WRP.
We can use cacls to review the users and permissions on files and directories; which can also be viewed when using the Windows Effective Permissions tool on the file/folder properties > Security Tab > Advanced button, then selecting the Effective Permissions tab and providing a specific user to validate permissions of. Chances are, if you use the Effective permissions tool you on the ProejctWiseTempStorage folder you may have seen that the PW service account does not have ownership and permissions to create directories off this folder. The 1st and 2nd articles referenced below should be able to help explain the theories and reasoning behind the need and use of the trusted installer ownership of resources and the explicit need to change ownership of objects. The 3rd article tries to present a more direct approach to solving this type of problem encountered for deleting files and folders.
Using Windows Installer and Windows Resource Protectionhttp://msdn.microsoft.com/en-us/library/aa372868(v=vs.85).aspxAccess Control - Understanding Windows File And Registry Permissionshttp://msdn.microsoft.com/en-us/magazine/cc982153.aspxWindows 7 – How to Delete Files Protected by TrustedInstallerhttp://helpdeskgeek.com/windows-7/windows-7-how-to-delete-files-protected-by-trustedinstaller/
Product TechNotes and FAQs
Bentley Technical Support KnowledgeBase
Bentley LEARN Server
Bentley's Technical Support Group requests that you please confine any comments you have on this Wiki entry to this "Comments or Corrections?" section. THANK YOU!