There are multiple symptoms related to the RussianAdministrator "caller", which is defined by default in the "pcAnywhere Settings - Windows" policy.
In the Symantec Management Console (SMC), removal of the [Local Machine]\Administrators caller from the Authentication tab of the "pcAnywhere Settings - Windows" policy, followed by clicking the checkbox for "Enable Local Administrators group", results in issue such as:
1. an error dialog in the SMC which states "The data could not be loaded"; and
2. an exception in a.log as follows...
[CDATA[AddBinaryData:: The process cannot access the file 'C:\Program Files\Altiris\pcA\WINNT.[Local
Machine]+RussianAdministrator.CIF' because it is being used by another process.
The pcAnywhere Settings - Windows policy may contain an empty CDATA section within the <cif> element for the RussianAdministrator group.
On managed computers, the pcAnywhere Agent throws an error stating "Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\hosts\WINNT.[Local Machine]+RussianAdministrator.cif"
The data could not be loaded
AddBinaryData:: The process cannot access the file 'C:\Program Files\Altiris\pcA\WINNT.[Local
Machine]+RussianAdministrator.CIF' because it is being used by another process
Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\Hosts\WINNT.[Local Machine]+RussianAdministrator.CIF
Error opening file C:\ProgramData\Symantec\pcAnywhere\Hosts\WINNT.[Local Machine]+RussianAdministrator.CIF
There was a defect in the program on the Symantec Management Platform (SMP) server which generates the caller data for the RussianAdministrator group.
Attached is a patch to resolve this issue. To apply the patch, follow these steps on each SMP server which has pcAnywhere Solution 12.6.7 installed:
Note: if you are experiencing this issue with pcAnywhere Solution 12.6.7 HF1 and pcAnywhere Agent 188.8.131.5209, please note that the fix that is attached to this article is included in the HF1 update (see the readme for 12.6.7 HF1, issue 3); however, the steps starting at step 6 still need to be performed.
- Logon to the SMP server as the Application Identity account
- Save a backup copy of the original file, \Program Files(x86)\Symantec\pcAnywhere\pcANSCal.exe, to another location
- Download the attached file, pcANSCal_Patch.zip
- Extract the new pcANSCal.exe from pcANSCal_Patch.zip
- Overwrite the original file under \Program Files(x86)\Symantec\pcAnywhere with the new pcANSCal.exe
- Within the SMC, edit the active "pcAnywhere Settings - Windows" policy
A. Under the Authentication tab, ensure that the Authentication Type is "NT"
B. Uncheck and then recheck the “Enable Local Administrators Group” checkbox
C. The “[Local Machine]\Administrators” group should now appear rather than the error "The data could not be loaded"
D. Make other desired changes, such as whether to allow Superuser rights for the “[Local Machine]\Administrators” group, and whether to check the option "Support Global NT Users and Groups defined in local NT groups"
E. Click "Save Changes"
- Once the updated policy is downloaded and applied by managed computers, they should no longer show any of the errors described above.
pcAnywhere Solution 12.6.7
pcAnywhere Solution 12.6.7 HF1
pcAnywhere Agent 12.6.8096
pcAnywhere Agent 12.6.8209
RussianAdmin-Superuser.txt (13.9 KB)
Patch for SMP server to address RussianAdministrator errors
pcANSCal_Patch.zip (22.2 KB)