none
File Adapter Error: File transport does not have read/write privileges for receive location RRS feed

  • Question

  • We have a file share on Windows 2000 and we are trying to access the files using BizTalk 2006 R2 File Adapter.

    Access on File Share:

    At Share level: Change/Read

    At Security Level: All except Change Permission

    They cannot provide "Full Control " (not even at share level) as this is against their company policy.

    Now, I get error as "File transport does not have read/write privileges for receive location".

    Any idea how can we make BizTalk work without Full Control at Share Level.


    Ajeet Kumar
    Friday, April 16, 2010 4:23 PM

Answers

  • No - you have to grant Full Control to the share in order to read/write the file. I think it works w/ NTFS permissions to be all except Full Control w/ Full Control on the share.

    Note you can grant the rights to the App Host account only and not to the Everyone account - its not like the permissions are wide open. You could even minimize the attack surface further by using an isolated single account just for writing to the share and using this account for a separate BizTalk host.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Friday, April 16, 2010 5:53 PM
    Moderator
  • Hi Ajeet,

    To troubleshoot File Adapter look at Known Issues with the File Adapter. If the receive folder is on a network share, the following permissions must be granted at the file-share level:

    • The service account for the BizTalk Host that picks up the file must have Full Control permissions.
    • BizTalk Server administrators must have Full Control permissions for troubleshooting.
    • The external user or programs that drop files to this location must have Write permissions.

    If this is absolutly not possible than you will have to think about alternative solutions like a WCF service accessing share and reading files. BizTalk hosting the WCF service or using WCF to File transfer to a local folder you do have full control over i.e FileTransfer using WCF.

    Regards,

    Steef-Jan Wiggers
    MCTS BizTalk Server
    http://soa-thoughts.blogspot.com/
    If this answers your question please mark it accordingly


    BizTalk
    Sunday, April 18, 2010 2:20 PM
    Moderator
  • Hi,

    I agree with Ben. Try to convince the people at the company that you only need one simple account to run the host instance (you don't even need to have the password). All other solutions ("copying over software" which copies the file from one server to the other) will cost the company more because of the added maintenance. Tell them IT is there to support the business and to do business in the most effective and cheapest way. In my view their own policy is actually working against them and prevents you from choosing the best, cheapest and most stable solution.

     

     


    HTH,

    Randal van Splunteren - MVP, MCTS BizTalk Server
    http://biztalkmessages.vansplunteren.net

    Please mark as answered if this answers your question.

    Check out the PowerShell provider for BizTalk: http://psbiztalk.codeplex.com
    Tuesday, April 20, 2010 7:50 PM
    Moderator

All replies

  • No - you have to grant Full Control to the share in order to read/write the file. I think it works w/ NTFS permissions to be all except Full Control w/ Full Control on the share.

    Note you can grant the rights to the App Host account only and not to the Everyone account - its not like the permissions are wide open. You could even minimize the attack surface further by using an isolated single account just for writing to the share and using this account for a separate BizTalk host.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Friday, April 16, 2010 5:53 PM
    Moderator
  • Thanks for your reply.

    I also believe so, have to get Full Control, but its certainly something we are not going to get (its against Comapny's Security policy).

    We have access at Share and Security level...so is it like Share permissions always take precedence over security access OR is there any way to work only with Security and Change access on Share Tab.


    Ajeet Kumar
    Sunday, April 18, 2010 1:28 PM
  • Hi Ajeet,

    To troubleshoot File Adapter look at Known Issues with the File Adapter. If the receive folder is on a network share, the following permissions must be granted at the file-share level:

    • The service account for the BizTalk Host that picks up the file must have Full Control permissions.
    • BizTalk Server administrators must have Full Control permissions for troubleshooting.
    • The external user or programs that drop files to this location must have Write permissions.

    If this is absolutly not possible than you will have to think about alternative solutions like a WCF service accessing share and reading files. BizTalk hosting the WCF service or using WCF to File transfer to a local folder you do have full control over i.e FileTransfer using WCF.

    Regards,

    Steef-Jan Wiggers
    MCTS BizTalk Server
    http://soa-thoughts.blogspot.com/
    If this answers your question please mark it accordingly


    BizTalk
    Sunday, April 18, 2010 2:20 PM
    Moderator
  • Hi,

    I agree with Ben. Try to convince the people at the company that you only need one simple account to run the host instance (you don't even need to have the password). All other solutions ("copying over software" which copies the file from one server to the other) will cost the company more because of the added maintenance. Tell them IT is there to support the business and to do business in the most effective and cheapest way. In my view their own policy is actually working against them and prevents you from choosing the best, cheapest and most stable solution.

     

     


    HTH,

    Randal van Splunteren - MVP, MCTS BizTalk Server
    http://biztalkmessages.vansplunteren.net

    Please mark as answered if this answers your question.

    Check out the PowerShell provider for BizTalk: http://psbiztalk.codeplex.com
    Tuesday, April 20, 2010 7:50 PM
    Moderator
  • At last they agreed to give full access on "Share Level" and the problem is resolved.

    Thanks everyone for your help.


    Ajeet Kumar
    Tuesday, May 4, 2010 3:49 PM
  • FYI,

    Microsoft Best Practice Document for Adapters

    http://msdn.microsoft.com/en-us/library/aa546733(v=bts.20).aspx


    Regards, NISHIL. MCT,MCTS BizTalk Server,MS BI. Http://www.KnishTech.com Http://www.BiztalkForums.com .Chat with Nishil now! NishilJain @ hotmail,gmail,Yahoo
    Wednesday, March 23, 2011 11:24 AM