AD Server Access - Aspect Directory.
Iam getting an event junk in service event list on "Service Structure"
Priority Object Name Message
2 AspectDirectory_Basic_AS01 Transaction cancelled ADserver Access is Denied
on Primary aspect server.
Aspect Directory on redundant servers are synchronized and running.
afwsysinfo -csd returns no differences.
Any valuable suggestion would be appreciated.
Voted best answer
Check the "access denied" event's details by right clicking the event and selecting Event Details...
The description should point you to the following details:
a) what object that owned the aspect that could not be updated.
b) what aspect that could not be updated.
c) what application that was involved (often but not always afwworkplaceapplication.exe).
d) what user that attempted the change.
One "common" reason for access denied messages are write towards General Property aspects, which you in practice need two (2) separate privileges to successfully write to:
A) The OPC write permission set in the GP's configuration view
B) Configure permission on the object owning the GP
If A) is fulfilled, writes "can be attempted" since Input Fields, etc. will light up, but if B) is not satistifed - the Aspect Directory will deny the change.
/Stefan
Answers
Just a guess, but do you have any Local Users that are not configured/matching on all Servers, probably used for some 3rd party OPC Client Access or similar?
Another idea would be to check the Operator Messages to see if there is any matching events.
If the any user is not a member of Industrial IT User group or if no 800xa like operator or engineer roles are given to the user.
This may be because if any user is performing a role which is not defined for that user.
Ex. Application Engineer is trying to acknowledge the alarms ..( Operator role is not defined for Application Engineer
Add new comment