DFA Troubleshooting Guide

 

When troubleshooting Data File Access (DFA) errors, the root cause almost always falls into one of the following three categories; improperly configured User-accounts, improper Share Permissions, and/or improper NTFS Security settings. The following steps listed below pertain only to DFA errors generated when saving data files to the local machine.

Select one of the following topics to troubleshoot DFA errors:

TA Controller Troubleshooting Checklist

Before you begin in-depth troubleshooting, check the following items to make sure your system is operating correctly:

Back to top

Configuration of Local and Domain Based Accounts

TAMA Account

Verify the existence of the "_Tama" (TA Message Agent) account. This is a "group less" account; therefore it doesn't belong to any pre-defined group (Administrators, Power-Users, etc.).

The "_Tama" account should be listed as a User on the local machine.(See Figure 1 below.)

Figure 1

Figure 1

If the account "_Tama" is not listed as a user, this indicates that the Tama service was not properly installed. Failure to create this account is almost always due to a lack of full, un-fettered, administrative level access to the system during installation. An easy way to verify this is to simply try to manually create a test account. If the operation is allowed and successful, you indeed have administrator level rights. If the operation fails, notify your IT personnel and have them provide this level of access for at least the course of installation and troubleshooting.

Once true administrative level access has been provided perform these steps:

  1. Using the Add/Remove Programs function remove the TA Advantage program and then reboot the computer.

  2. Run TA_Wiz.exe from the root of the Advantage CD and then select the System clean-up option.

  3. Re-install the Q Series Advantage package.

Back to top

Domain Accounts

Another source of account-related problems can be the lack of sufficient rights on the domain-based workstation. When a user logs into a domain from a Q Series workstation (as opposed to the local machine only), authentication to the local power-users or administrators group is required, however this does not happen automatically.

To determine if this is the source of the problem, log into the workstation as a LOCAL user. At the log-in screen, choose the local machine name in the Log onto field. If the field is not visible, click the Options button. Assuming you now have administrator level local rights, you can also ensure that domain users have local administrator rights by adding them to the Administrators group.

  1. Right-click on My Computer and select Manage, and expand the Local Users & Groups tree.

  2. Highlight the Groups item and double-click on the Administrators item in the right pane. The user(s) allowed to run the Q Series instruments should appear twice in the list; once as the user name only and again with the domain name preceding the user's name.

  3. If the domain name is missing, click the Add button and set the Look in field to be the domain name and scan the list for the user name.

  4. After selecting one or more users (hold down the CTRL key while clicking on the name to select multiple users) click the Add button.

  5. If you wish to add users from the LOCAL machine's user list, change the Look in field to the local machine's name and click the Add button. When you have finished adding users, you should have a dialog that looks something like Figure 2 below (partial list of domain users).

 Figure 2

Figure 2

  1. After you close this dialog window, the complete list of members of the Administrators group will now be displayed. (See Figure 3.)

 Figure 3

Figure 3

  1. Notice the two listings for the user "dkh." The first listing "dkh" corresponds to the account on the local machine and the second listing "NTSERV1\DKH" corresponds to the account on the domain. The workstation considers these accounts to be two completely separate and unrelated accounts.

  2. While user "NTSERV1\DKH" now has administrator rights to this particular workstation, as far as the domain resources are concerned, his rights have not changed from their original state.

Back to top

Share Permissions

Sometimes DFA errors are caused by the lack of sufficient rights to write to the desired destination folder. The following topic examines the share permissions of the C:\TA folder, but remember these concepts apply to all share permissions.

To check a folders rights:

  1. Right click on the TA folder and select the menu item Properties or Sharing then click on the tab Sharing. In the case of the TA folder, the radio button Share this folder should be selected. If it is not, select it.

  2. Click the Permissions button to view/change the permissions on a user-by-user basis. Figure 4 (shown below) shows the typical share permissions that are applied to the TA folder.

  3. Notice that the "_Tama" account is set to allow "Full Control;" this should always be the case. Also notice that the only other objects listed are not specific users, but instead are entire groups. This is usually a much easier way to control share access instead of specifying particular users. Although not shown here, the local group "Everyone" should also be in the list and be given at least change/read rights.

  4. To add additional groups/users, click the Add button.

  5. Click the drop down arrow for the Look in field to select the desired list and then add the groups/users.

  6. Select the appropriate "Allow" boxes to allow data files to be written.

  7. Click the OK button.

 Figure 4

Figure 4

Back to top

NTFS File Security Permissions

The lack of sufficient rights to the various folders controlled by NTFS (New Technology File System) security settings may also cause DFA errors. This mechanism is very similar to share permissions, but takes precedence so that even if proper share permissions are set up, the lack of NTFS permissions may deny access. To view/change NTFS permissions:

  1. Right click on the folder and select Properties. Unlike shares, NTFS permissions can be set down to the file level.

  2. Click the Security tab. Figure 5 (shown below) shows the typical NTFS permissions that are applied to the TA folder.

  3. Notice that the "_Tama" account is set to allow "Full Control;" this should always be the case. Also notice that the only other objects listed are groups as opposed to users.

  4. If the "_Tama" account isn’t listed, click the Add button.

  5. Click the drop down arrow for the Look in field and select the local machine list and add the group.

  6. Select the appropriate "Allow" boxes to allow data files to be written.

  7. In addition to the "_Tama" account, the accounts "SYSTEM" and "Authenticated Users" should also appear in the list with the appropriate level rights. If they do not appear, add them as directed above.

Figure 5

Figure 5

  1. After the desired objects have been added and assigned the appropriate level rights, click the Advanced button.

  2. Check the box labeled Reset permissions on all child objects and enable propagation of inheritable permission.

  3. Click the Apply button to propagate the permissions that were just set to all subordinate files and folders. (See Figure 6 below.)

 Figure 6

Figure 6

Back to top