Here are some more details and information about this problem. - Robocopy fails when trying to copy ACLs, and unresolvable SIDs are present. Using robocopy with /COPY:DATSO fails, but with /COPY:DATO works. The "S" parameter for the /COPY option is for "Security=NTFS ACLs."
- If all the unresolvable SIDs are removed the robocopy works without any problems. I have been unable to find a way to remove all the unresolvable SIDs from the data I want to copy. The data resides on a NetApp filer so tools to clean up the bad SIDs must be run against the data remotely. Most tools seem to only work for removing unresolvable SIDs if they are run against content on local drives. - The results of the failed robocopy is a complete directory structure, but with incorrect ACLs. A few files are copied, but most fail to copy at all. Many error messages are returned which look list this: 2008/10/10 08:22:45 ERROR 1338 (0x0000053A) Copying NTFS Security to Destination Directory \\server\share\dir\level1\ The security descriptor structure is invalid. - A work around I've found for this problem is to use robocopy to copy the contents without ACLs (/COPY:DATO), then use icacls (from hotfix 943043) to save the original ACLs to a file, and icacls again to restore the saved ACLs to the copied data. This restores even the unresolvable SIDs to the data on the Solaris CIFS Server. Example command lines follow: robocopy \\server\share\dir \\onnv-cifs-server\share\dir /MIR /B /COPY:DATO icacls \\server\share\dir /save c:\icacls.txt icacls \\onnv-server\share /restore c:\icacls.txt Even though I have a successful work around I don't understand why robocopy shouldn't work as a single step. I hope this information will help to find the reason robocopy fails, and lead to a solution. Thank you. _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
