Access Denied errors when trying to add Windows clients to Asigra

While working on a new project the Backup Operations Team reported that they were seeing Access Denied errors when trying to add Windows 2012 servers into Asigra, per the below:

20160420235331

The issue was caused by UAC remote restrictions which resulted in the Access Denied errors.

To fix the issue I created a LocalAccountTokenFilterPolicy registry setting. Instructions are below:

1. Launch the Registry editor by running regedit.exe in CMD or the RUN box.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system.
3. Create a new entry by right-clicking system and then selecting DWORD (32-bit) Value.
4. Enter LocalAccountTokenFilterPolicy as the name for the new entry.
5. Set the value of LocalAccountTokenFilterPolicy to 1 by right-clicking the new entry, see below

20160412153531

6. Click OK to save the changes.
7. Now re-add the server(s) in Asigra and it should be successful.

Soon after making the registry change above on all affected servers they were added into Asigra successfully and initial backups were kicked off successfully:

20160421000441

The initial backup jobs completed successfully and we all lived to fight another day!

References:
Asigra Forums > General Asigra Discussion > Access Denied…
Access denied to Administrative (Admin) shares in Windows 8

BackupWordPress plugin unable to write to backup folder

After creating a new site in IIS 7.5 and then installing WordPress I noticed that the BackupWordPress plugin was not working as it didn’t have permissions to write to the \wp-content\uploads\xxxxxxxxxx-backups folder. I was seing the following error appear at the top of all the pages within the Admin site:

20130502182832

This was because the php-cgi.exe process was running under the default NT AUTHORITY\IUSR account which didn’t have write permissions to the /wp-content/uploads/xxxxxxxxxx-backups directory. As I wanted to keep the configuration as secure as possible I opted to use the ApplicationPoolIdentity feature and avoid using the default NT AUTHORITY\IUSR account.

Note: When creating the WordPress site in IIS I created an application pool called WordPress.

To resolve this issue, perform the following steps:

1. Open IIS Manager, click on Application Pools and in the middle pane you will see the application pool for your site. In my case it was called WordPress. Right-click on it and select Advanced Settings:

2. Find the setting Enable 32-Bit Applications and click the drop-down box and click True. Further down, find the Identity setting and set it to ApplicationPoolIdentity and then click OK to save the settings:

20120417065550

Then click on Sites and select the WordPress site. In the Connections pane double-click Authentication:

Select Anonymous Authentication and in the Actions pane on the right side click Edit:

Then select Application Pool Identity and click OK:

On your desktop, click Start > Run and then enter CMD in the Open dialogue box then click OK to load a command prompt enter the following and hit enter:

icacls "C:\Websites\Wordpress" /grant "IIS APPPOOL\Wordpress":(OI)(CI)(RX,W)

This enables the WordPress application pool write permissions to the C:\Websites\Wordpress directory and all sub-directories including the \wp-content\uploads\xxxxxxxxxx-backups folder.

After this you will be able to load the Backups tool in WordPress and create backups using BackupWordPress on a schedule or on demand:

20130502190822