Skip to main content
NetApp Knowledge Base

XCP SMB verify returns failed to get security descriptor error after migration

  1. Last updated
  2. Save as PDF
Views:
35
Visibility:
Public
Votes:
0
Category:
fas-systems
Specialty:
nas
Last Updated:

Applies to

  • XCP SMB
  • ONTAP 9

Issue

  • After using XCP SMB tool to copy data between CIFS shares, running the xcp verify command produced failed to get security descriptor error for all files
Example:

C:\xcp\windows>xcp verify -loglevel debug \\storage_ip\cifs01 \\storage_ip\des01
XCP SMB 1.9.4P1; (c) 2025 NetApp, Inc.

57 scanned, 0 compared, 0 same, 0 different, 0 missing, 0 errors, 7s
failed to get security descriptor for "\\storage_ip\cifs01\all_source_files
failed to get security descriptor for "\\storage_ip\cifs01\all_target_files

57 scanned, 56 compared, 56 same, 0 different, 0 missing, 0 errors, 43s
xcp verify -loglevel debug \\storage_ip\cifs01 \\storage_ip\des01
57 scanned, 56 compared, 56 same, 0 different, 0 missing, 0 errors
Total Time : 43s
STATUS : PASSED

  • Only the Everyone group is applied to the source volume and its underlying data
  • The security style setting of the source volume is ntfs
  • The xcp copy completed without any problems
  • After the xcp copy, the target data also inherited the ACL of the Everyone group.
  • The CIFS user configured for XCP has sufficient permissions
cluster::*>vserver cifs users-and-groups local-group show-members -vserver svm01
Vserver        Group Name                   Members
-------------- ---------------------------- ------------------------
svm01          BUILTIN\Administrators       CIFS\Administrator
CIFS\cifs_user
 
cluster::*>diag secd authentication show-creds -vserver svm01 -win-name cifs_user
UNIX UID: pcuser <> Windows User: CIFS\cifs_user (Windows Local User)
 
GID: pcuser
Supplementary GIDs:
pcuser
 
Primary Group SID: CIFS\None (Windows Domain group)
 
Windows Membership:
User is also a member of Everyone, Authenticated Users, and Network Users
 
Privileges (0x201f):
SeTcbPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeSecurityPrivilege
SeChangeNotifyPrivilege
 
cluster::*> vserver cifs users-and-groups privilege show -vserver svm01
Vserver        User or Group Name           Privileges
-------------- ---------------------------- -------------------
svm01          CIFS\cifs_user                     SeBackupPrivilege
SeChangeNotifyPrivilege
SeRestorePrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeTcbPrivilege

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.