March 4, 2012

Is the CAVA msrpcuser required?

When I first began working on CAVA, there was one section in the EMC documentation "Using Celerra Antivirus Agent" which confused me.

Under the section "Starting the VC Client", part of the "Prerequisites" says: 

"Before starting the virus-checking service:

◆ The administrator must issue the following command from the Control Station:

/nas/sbin/server_user server_2 -add -md5 -passwd <msrpcuser>

The administrator then must follow the prompts for entering information.

<msrpcuser> is the name assigned to either a simple user account or user account that is part of a domain that the EMC CAVA service is running under on the Celerra Event Enabler machine. For example, if the EMC CAVA service is running under a user called ceeuser, the viruschecker.conf file entry would be msrpcuser=ceeuser. If ceeuser is a member of a domain, the entry would be msrpcuser=domain.ceeuser.

Essentially it means that the user account used to run the CAVA service in your CAVA server should also be created locally in the Datamover that connects to the CAVA server for CAVA scanning.

However, my own lab tests showed that CAVA scans were working with or without the CAVA service user account created locally in the DM. We were using a domain user account to run the CAVA service. 

I was puzzled, does that mean this step is not a necessary "prerequisite"?
Further checks with EMC team also confirmed that as long as:
  1. There is a domain user account set up for running the CAVA service
  2. It is part of the "Local Administrators" group on the CAVA server
  3. It is given the "EMC Virus Checking" rights
Then there is no need to create the account on the Datamover.

I also found a thread in the EMC community forum discussing about this and had same conclusions, but part of the reply gave me another confusion:

"The viruschecker.conf file determines which user account is used - thus the msrpcuser= parameter is used."

My lab Celerras were configured with msrpcuser=<msrpcuser> (default) in the viruschecker.conf file. If CAVA is working fine, does that mean this setting does not need to be configured? 

Another community thread gave the answer that if the CIFS server on the Datamover is joined to the same domain as the CAVA service account, then the msrpcuser would not need to be specified.

Strange flow of events for a "Prerequisite" step eh?

No comments:

Post a Comment