Views:

How to Resolve Authorization and Download Issues in TippingPoint SMS 6.4.0

Symptoms

  • Error Message: "This site can't be reached" when trying to copy the backup file via the web interface
  • SMS System Log: Displays the error message: "Local authorization for failed."
  • SMS Audit Log: Indicates: "Login authorization from web user does not have access."
  • SMS Client Download: Users report being unable to download the SMS Client from the SMS web GUI, resulting in no action when attempting the download
  • User Role Configuration: Attempts to configure user roles do not present options to enable database backup access for those roles

Root Cause

The issues are related to authorization handling changes that were made in SMS TOS 6.4.0. These multiple authorization problems were resolved in SMS TOS 6.5.0. You can view the entry in the SMS TOS 6.5.0 release notes at this link.

Specific Authorization Issues Resolved:
According to the SMS TOS 6.5.0 release notes, the Access SMS Web Services capability (Edit Role > Capabilities > Admin > Admin Section > SMS Management > Access Management) was incorrectly required in SMS TOS 6.4.0 for the following operations:

  • Downloading the client install image from the SMS web GUI
  • Upgrading or patching the client through the web interface
  • Accessing files from Exports and Archives through the Web UI
  • Downloading database backups via the web interface

In SMS TOS 6.5.0, this capability is no longer required for these routine administrative tasks, resolving the authorization failures users experienced.

Workaround/Verification Check

If after upgrading the SMS to 6.5.0 or better your user is still faced with the same authorization issues when attempting to download the database backup, please make sure whichever user is attempting to download the database backup has the appropriate permissions.

  1. Admin → Authentication and Authorization → Users
    Take note of what Group is assigned to the user in question
  2. Admin → Authentication and Authorization → Groups
    Check the group name the user is assigned to. Take note of what Role is assigned to that group.
  3. Admin → Authentication and Authorization → Roles
    Double-click on the role you noted in step 2.
  4. Ensure that the role has Access SMS Web Services enabled under Admin → Admin section → SMS Management → Access Management.
  5. Verify that Read Export List and Export Archive are enabled for the role under Admin → Admin section → SMS Management → Administer the SMS → Export Archive Management.

Resolution Steps

To resolve these authorization issues with TippingPoint SMS, follow these steps:

  1. Upgrade SMS to SMS TOS 6.5.0 or higher
    • This resolves the underlying authorization handling issues for all affected operations
    • Special Note: Please read the release notes for any TippingPoint TOS version that you plan on upgrading to as well as follow any applicable patching guides.
  2. Verify Resolution (after upgrade):
    • Test database backup downloads
    • Verify SMS client downloads work properly
    • Confirm client upgrade/patch functionality
    • Test access to Export and Archive files

If issues persist after following these steps, please contact Trend Micro support for further assistance. Ensure to provide them with any relevant logs or error messages for a quicker resolution.

References

Keywords: database backup download issues, TippingPoint SMS authorization errors, unable to copy backup file, SMS web GUI download problems, user role configuration issues, local authorization failed message, SMS Client download not working, database backup access settings