Environment
Novell Open Enterprise Server 11 Support Pack 2 (OES11SP2)
Domain Services for Windows
DSfW
Domain Services for Windows
DSfW
Situation
Software installation fails in GPO edit or in new GPO creation.
Steps to reproduce:
1) Open GPMC.msc from a WS joined to DSfW domain.
2) Right click on either Default Domain Policy or newly created GPO.
3) In Group Policy Management Editor, expand Computer Configuration->
Policies->
Software Settings.
4) Right click on Software Installation, select New->Package and try to select
any *.msi file from from samba share (sysvol)
Pop message dial come with following message:
"Add operation failed. The policy can not be modified for this container. Check permission"
Resolution
Fixed in the September 2014 Maintenance Patch
Additional Information
ndstrace reports the following -672 error:
4268373760 LDAP: [2014/03/03 15:23:14.861] (147.2.76.4:47658)(0x0042:0x68)
add: dn (CN=e3f9b448-1cc8-4f11-97b9-c158d308a155,CN=Packages,CN=Class
Store,CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=RDM,DC=NOVELL,DC=COM)
4268373760 LDAP: [2014/03/03 15:23:14.862] (147.2.76.4:47658)(0x0042:0x68)
DDCCreateEntryEx failed, err = no access (-672)
4268373760 LDAP: [2014/03/03 15:23:14.862] (147.2.76.4:47658)(0x0042:0x68)
Sending operation result 50:"":"NDS error: no access (-672)" to connection
0xe8eb180
Following request is sent to DSfW server for attribute packageFlags and objeectclass attributes for which the above response is given:
4279043840 LDAP: [2014/03/03 15:23:14.858] (147.2.76.4:60830)(0x0040:0x63)
Search request:
base: "CN=Packages,CN=Class
Store,CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=RDM,DC=NOVELL,DC=COM"
scope:1 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(packageName=SolidWorks Enterprise PDM)"
attribute: "objectclass"
attribute: "packageFlags"
4268373760 LDAP: [2014/03/03 15:23:14.861] (147.2.76.4:47658)(0x0042:0x68)
add: dn (CN=e3f9b448-1cc8-4f11-97b9-c158d308a155,CN=Packages,CN=Class
Store,CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=RDM,DC=NOVELL,DC=COM)
4268373760 LDAP: [2014/03/03 15:23:14.862] (147.2.76.4:47658)(0x0042:0x68)
DDCCreateEntryEx failed, err = no access (-672)
4268373760 LDAP: [2014/03/03 15:23:14.862] (147.2.76.4:47658)(0x0042:0x68)
Sending operation result 50:"":"NDS error: no access (-672)" to connection
0xe8eb180
Following request is sent to DSfW server for attribute packageFlags and objeectclass attributes for which the above response is given:
4279043840 LDAP: [2014/03/03 15:23:14.858] (147.2.76.4:60830)(0x0040:0x63)
Search request:
base: "CN=Packages,CN=Class
Store,CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=RDM,DC=NOVELL,DC=COM"
scope:1 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(packageName=SolidWorks Enterprise PDM)"
attribute: "objectclass"
attribute: "packageFlags"
The object: CN=Packages,CN=ClassStore,CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=RDM,DC=NOVELL,DC=COM does exists in the server.