Symptoms
In Access Gateway Advanced Edition when you access a published file share you see a denied message page that Access Gateway Advanced Edition displays when you don’t have access to a resource. The Access Gateway Advanced Edition event log may display the following error message:
Failed to impersonate - UserID: [username] Domain: [domain-name]
For Example:
“<AGEAudit><Time>5/17/2006 10:12:17 AM</Time><Machine>Machine-name</Machine><Status>Denied</Status><Resource /><Service>Web File Browser</Service><UserName>Machine-name\username</UserName><SessionID>2ea748c2-46b9-4465-b89a-2673f217003b</SessionID><PolicyReference>23155</PolicyReference><Data>IMPERSONATE(): Failed to impersonate - UserID: [username] Domain: [domain-name] UseMSID: [true] hRes: [x0] bResult: [false]</Data></AGEAudit>”
If the same Domain User is added to the Domain Administrators group, they can successfully access their file share, without any errors.
Resolution
1. Ensure all the relevant New Technology File System (NTFS) permissions are correct.
2. Ensure the domain user can successfully access this file share while not passing through Access Gateway Advanced Edition.
3. Ensure the group that the domain user belongs to has “logon locally rights” to the Access Gateway Advanced Edition server.
Refer to Microsoft article 234237 – Assign "Log On locally" Rights to Windows Domain Controller
4. Ensure you are using global domain groups instead of local domain groups. Access Gateway Advanced Edition supports global domain groups.
More Information
Similar behavior can be observed with the HTML Preview function of Access Gateway Advanced Edition. See CTX117275 - Error: The content you selected could not be displayed when creating HTML Preview in Access Gateway Advanced Edition
