Error Code: 117
Error Message: “Access to perform the operation was denied”

Overview

This error indicates a permission or authentication issue when attempting to access the Veritas NetBackup API using the fenixdfa user account. Even if you’re using a username and password (rather than an API key), this error can occur if the user lacks the necessary permissions or if there are configuration problems with the account.

Possible Causes and Solutions

1. Insufficient Permissions

Cause: The fenixdfa user may not have all the required permissions in Veritas NetBackup to perform the desired API operations.

Solution:

• Verify User Roles and Permissions:
  • Log in to the NetBackup web interface.
  • Navigate to Security ➔ RBAC.
  • Check that the custom role FenixDFA Agent includes all necessary permissions.
  • Ensure that under the Global tab, the categories NetBackup Management, Protection, and Storage have the appropriate permissions assigned.
• Update Permissions:
  • If any permissions are missing, edit the role to include them.
  • Consider adding specific permissions required by the FenixDFA Agent if “All” permissions are insufficient.

2. Incorrect Credentials

Cause: There may be an error in the username or password used by the FenixDFA Agent.

Solution:

• Confirm Credentials:
  • Attempt to log in manually to the NetBackup web interface using the fenixdfa username and password.
  • If unable to log in, reset the password or correct the username as needed.
• Check Password Policies:
  • Ensure the password hasn’t expired or isn’t set to require a change at the next login.
  • Verify that the account isn’t locked due to multiple failed login attempts.

3. User Account Issues

Cause: The fenixdfa user account might be locked, disabled, or expired.

Solution:

• Verify Account Status:
  • On the Windows server, open Computer Management ➔ Local Users and Groups.
  • Ensure the fenixdfa account is active and not locked out.
• Adjust Account Settings:
  • Remove any settings that disable the account after failed login attempts.
  • Ensure the account doesn’t have an expiration date unless intended.

4. Role Assignment Problems

Cause: The fenixdfa user may not be correctly assigned to the custom role in NetBackup.

Solution:

• Reassign User to Role:
  • In the NetBackup web interface, go to Security ➔ RBAC.
  • Remove the fenixdfa user from the FenixDFA Agent role.
  • Re-add the user to ensure proper assignment.

5. Windows Security Policies

Cause: Local or domain security policies might prevent the fenixdfa user from accessing necessary resources.

Solution:

• Check Local Security Policies:
  • Open Local Security Policy (secpol.msc).
  • Navigate to Local Policies ➔ User Rights Assignment.
  • Ensure the fenixdfa user is included in Allow log on as a service.
• Group Membership:
  • Confirm that the user is added to the correct local group (integration) and that this group has appropriate permissions.

6. FenixDFA Agent Configuration

Cause: The agent might not be properly configured to use the fenixdfa user credentials.

Solution:

• Review Agent Settings:
  • Verify that the FenixDFA Agent uses the correct username and password.
  • Check if the username format should include the domain (e.g., DOMAIN\fenixdfa or fenixdfa@domain.com).

7. Network Restrictions

Cause: Firewalls or network policies may block the fenixdfa user’s access to NetBackup services.

Solution:

• Firewall Settings:
  • Ensure the necessary ports for NetBackup communication are open.
  • Verify that firewalls aren’t blocking requests from the fenixdfa user.
• Network Policies:
  • Check for security policies that might restrict access to the NetBackup API.

8. Account Authentication Issues

Cause: The authentication method required by NetBackup might not be satisfied by the current user setup.

Solution:

• Authentication Methods:
  • Determine if NetBackup requires additional authentication (e.g., LDAP, Active Directory).
  • Ensure the fenixdfa user meets these authentication requirements.

9. API Permission Requirements

Cause: Accessing specific API endpoints may require permissions not granted to the fenixdfa user.

Solution:

• Review API Documentation:
  • Consult the NetBackup API documentation for required permissions.
  • Identify any additional permissions needed for the operations performed by the FenixDFA Agent.
• Update Role Permissions:
  • Modify the FenixDFA Agent role to include any missing permissions.

10. Software Updates and Patches

Cause: Known issues might exist that are resolved in updates or patches.

Solution:

• Check for Updates:
  • Update both NetBackup and the FenixDFA Agent to the latest versions.
  • Apply any relevant patches addressing authentication or permission issues.

11. Analyze Logs for Detailed Errors

Cause: Specific error details may be available in logs, providing more insight.

Solution:

• NetBackup Logs:
  • Review NetBackup server logs for error messages related to the fenixdfa user.
• Agent Logs:
  • Examine the FenixDFA Agent logs to pinpoint where authentication is failing.

Additional Recommendations

• Test API Access Directly:
  • Use tools like Postman or cURL to test API access with the fenixdfa credentials.
  • Determine if the issue is with the agent configuration or with the credentials and permissions.
• Consult Documentation:
  • Refer to official Veritas NetBackup documentation for guidance on user permissions and API access requirements.
• Contact Support:
  • If issues persist after troubleshooting, reach out to Veritas technical support for assistance.

Conclusion

The “Access to perform the operation was denied” error typically signals a permission or authentication problem. By methodically checking user permissions, account status, and configuration settings, you can identify and resolve the underlying issue, restoring proper functionality to the FenixDFA Agent’s interaction with Veritas NetBackup.