This guide will help you locate NTFS permission problems with your Cacti installation. You will need to download Sysinternals Process Monitor.
- You need to run Process Monitor under an Administrator account so it will be able to capture all the events.
- Set up Process Monitor to capture all event types (registry, file and process)
- Filer menu -> Filter. Set the filters so we only see processes related to Cacti. You can either manually enter them in or download this registry file which has them pre-set for you. You’ll need to restart Process Monitor if you import the file.
- Filter menu -> Highlight. Set the filter to the Results column and contains denied, since this is the majority of where our issues will be.
- Now clear out all existing events (Edit -> Clear Display) and wait for the Cacti scheduled task to run.
- After the scheduled task has run, stop Process Monitor from collecting any more data (File -> Uncheck Capture Events).
- Since Access Denied errors will be the root of most of the problems, go to the Edit menu -> Find. Type in: denied.
- php.exe CreateFile C:\php\extras\mibs\.index ACCESS DENIED
Here we can see that PHP is denied creating the MIB .Index file, which it does on every polling cycle. This file maintains a list of all the MIB files in its directory. While this isn’t very important to Cacti’s functionality, it will be a problem if you ever add/remove MIB files from the directory. Double-clicking on the Event will bring up its details. Clicking on the Process tab, we can then see more about it:
Here we can see that it was launched from “php C:\Inetpub\wwwroot\cacti\poller.php” which was our Cacti scheduled task (ignore the fact that the SYSTEM account is running it – it still has our scheduled task credentials).
To fix the problem, grant Modify rights to your Cacti scheduled task user account to C:\php\extras\mibs\.index. - php.exe CreateFile C:\usr\SNMP\PERSIST\snmpapp.conf ACCESS DENIED
Here we see PHP is denied creating the Net-SNMP config file (which really isn’t that important). Double-clicking on the Event will bring up its details. Clicking on the Process tab, we can then see more about it:
You can see it was launched by Cacti to use the Script Server. Notice the User is QUAD\Cactiuser, which is the account my Cacti Scheduled Task runs under.
To fix the problem, grant Modify rights to your Cacti scheduled task user account to C:\usr\SNMP\PERSIST\snmpapp.conf. - php.exe CreateFile C:\inetpub\wwwroot\cacti\log\cacti.log ACCESS DENIED
Here we see PHP was denied creating/updating the Cacti log file. Double-clicking on the Event will bring up its details. Clicking on the Process tab, we can then see more about it:
Here we can see that it was launched from “php C:\Inetpub\wwwroot\cacti\poller.php” which was our Cacti scheduled task (ignore the fact that the SYSTEM account is running it – it still has our scheduled task credentials).
To fix the problem, grant Modify rights to your Cacti scheduled task user account to C:\inetpub\wwwroot\cacti\log\. - rrdtool.exe CreateFile C:\inetpub\wwwroot\cacti\rra\localhost_traffic_in_9.rrd ACCESS DENIED
Here RRDTool is denied creating/updating the rra files after Cacti has collected data. This is obviously a must-have for Cacti to function properly. Double-clicking on the Event will bring up its details. Clicking on the Process tab, we can then see more about it:
Notice the User is QUAD\Cactiuser, which is the account my Cacti Scheduled Task runs under.
To fix the problem, grant Modify rights to your Cacti scheduled task user account to C:\inetpub\wwwroot\cacti\rra\. - inetinfo.exe CreateFile C:\WINDOWS\system32\cmd.exe ACCESS DENIED … Impersonating: QUAD\IUSR_QUAD
This error occurs when you try to view a graph and nothing shows up. What happens is IIS attempts to invoke cmd.exe AS the configured Internet Guest Account (IUSR_QUAD in my case). Cmd.exe in turn would spawn rrdtool.exe. The key thing to notice is the fact the Impersonating User was denied access. Double-clicking on the Event will bring up its details.
Ignore the fact the Operation was CreateFile, it was NOT trying to overwrite your cmd.exe! It’s the Desired Access portion which really matters since that dictates what it was trying to do. As you can see, it was merely trying to read/execute cmd.exe. Also take note of the Impersonating account it was attempted to run under.
To fix the problem, grant Read/Execute rights to your Internet Guest Account (IUSR_) account to %WINDIR%\System32\CMD.exe and IIS_WPG (if you’re on Windows 2003 or greater). - inetinfo.exe CreateFile C:\php\sessiondata\sess_59add35a346b3f496299e4a6659bb18f ACCESS DENIED … Impersonating: QUAD\IUSR_QUAD
You will also see something like the following on the Cacti logon page:
Warning: Unknown: open(C:\PHP\sessiondata\sess_59add35a346b3f496299e4a6659bb18f, O_RDWR) failed: Permission denied (13) in Unknown on line 0
Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\PHP\sessiondata) in Unknown on line 0
This error occurs when your Internet Guest Account (IUSR_QUAD in my case), doesn’t have Modify permissions to files in the PHP session.save_path (C:\PHP\sessiondata by default).
To fix the problem, grant Modify rights to your Internet Guest Account (IUSR_) account to C:\PHP\sessiondata to Files only.
