Jira (PUP-4802) Windows 2008 "Failed to add access control entry" on a file

0 views
Skip to first unread message

Mark Cornmesser (JIRA)

unread,
Jun 30, 2015, 3:41:18 PM6/30/15
to puppe...@googlegroups.com
Mark Cornmesser created an issue
 
Puppet / Bug PUP-4802
Windows 2008 "Failed to add access control entry" on a file
Issue Type: Bug Bug
Assignee: Unassigned
Created: 2015/06/30 12:41 PM
Priority: Normal Normal
Reporter: Mark Cornmesser

Mon Jun 01 09:52:38 -0700 2015 Puppet (err): Failed to set owner to 'S-1-5-21-3861705028-2700629737-4079167078-500': Failed to add access control entry: No more memory is available for security information updates.
Mon Jun 01 09:52:38 -0700 2015 /Stage[main]/Puppet::Atboot/File[c:/etc/puppetmasters.txt]/owner (err): change from NT AUTHORITY\SYSTEM to B-2008-IX-0178\root failed: Failed to set owner to 'S-1-5-21-3861705028-2700629737-4079167078-500': Failed to add access control entry: No more memory is available for security information updates.

It seems that if the owner of the file is changed, and then Puppet changes it back, it appends the account to the dacl. Instead of replacing an entry. It will then at some point reach its limit in dacl entries.

I have worked around this by using an icacl command in an exec in the manifest.

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.3.15#6346-sha1:dbc023d)
Atlassian logo

Josh Cooper (JIRA)

unread,
Jun 30, 2015, 6:13:13 PM6/30/15
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Scrum Team: Windows

Josh Cooper (JIRA)

unread,
Jun 30, 2015, 6:13:18 PM6/30/15
to puppe...@googlegroups.com
Josh Cooper updated an issue
{noformat}
 Mon Jun 01 09:52:38 -0700 2015 Puppet (err): Failed to set owner to 'S-1-5-21-3861705028-2700629737-4079167078-500': Failed to add access control entry: No more memory is available for security information updates. 
Mon Jun 01 09:52:38 -0700 2015 /Stage[main]/Puppet::Atboot/File[c:/etc/puppetmasters.txt]/owner (err): change from NT AUTHORITY\SYSTEM to B-2008-IX-0178\root failed: Failed to set owner to 'S-1-5-21-3861705028-2700629737-4079167078-500': Failed to add access control entry: No more memory is available for security information updates.
 {noformat}

It seems that if the owner of the file is changed, and then Puppet changes it back, it appends the account to the dacl. Instead of replacing an entry. It will then at some point reach its limit in dacl entries. 

I have worked around this by using an icacl command in an exec in the manifest. 

Kenaz Kwa (JIRA)

unread,
Aug 29, 2016, 7:47:17 PM8/29/16
to puppe...@googlegroups.com
Kenaz Kwa updated an issue
Change By: Kenaz Kwa
Team: Agent & Platform Support
This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)
Atlassian logo

Ethan Brown (JIRA)

unread,
May 17, 2017, 2:30:05 PM5/17/17
to puppe...@googlegroups.com
Ethan Brown updated an issue
Change By: Ethan Brown
Labels: triaged
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Atlassian logo

Josh Cooper (Jira)

unread,
Jun 10, 2020, 12:10:03 PM6/10/20
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-4802
 
Re: Windows 2008 "Failed to add access control entry" on a file

2008 is EOL so I'm going to close this issue.
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages