MID Server issue: WARNING: Skipping removing APPLICATION` PACKAGE` AUTHORITY\ALL` RESTRICTED` APPLIC

amirosavljevic
Tera Contributor

‎03-19-2024 05:33 AM

We get issue below on our MID servers: 

WARNING: Skipping removing APPLICATION` PACKAGE` AUTHORITY\ALL` RESTRICTED` APPLICATION` PACKAGES : S

From what we have noticed, there is no impact of it, but does anyone have an idea how to resolve it? 

 

Thank you! 

  • 2,421 Views
6 REPLIES 6

jakedaw
Tera Contributor
In response to FernandoUrrutia

‎03-06-2025 06:29 AM

I saw this (similar) message after I switched the "logon account" that runs the MID Server (Windows) service for our Dev instance of the Mid Server. I switched it from "Local System" to a domain Service Account, and I granted full permissions for that new account on that folder. Then once I had the new logon account entered, I restarted the service, and it started good, but eventually saw the "warning" message.

Here is the error:

Issue Source: MIDFilePermEnforcer

WARNING: Skipping removing S-1-5-21-******-********-********-45*** : S

Support has informed me that it's possibly because of adding too many accounts to the permissions list (ACL) which is part of the MIDFilePermEnforcer, or possibly because I switched it from "Local System"... that Local System was removed, and is now left with only the SID, FOR THAT folder ACL. 

I'm wondering if I am safe to simple remove that SID from the ACL? Or if I need to make an edit to the config.xml to add an exception to this account (given as another option from support)

"<parameter name="mid.windows_host.file_permissions.allow_list" value="S-1-5-21-******-********-********-45*** : S"

My gut tells me to just remove that SID from the ACL....

Thoughts?

 

FernandoUrrutia
Tera Contributor

‎04-17-2025 10:55 AM

Your instinct is correct: manually removing the SID is sufficient. You shouldn't need exceptions in config.xml for a SID that no longer exists. In fact, leaving it there only prolongs the noise. If you're preparing this environment for production or leaving it "clean" for a future upgrade, cleaning up the SIDs is an excellent practice.   

 

config.xml: This doesn't need to be modified unless the orphaned SID is causing errors that block operations. If you do, you could use the property in the config.xml: <parameter name="mid.windows_host.file_permissions.allow_list" value="domain\your-service-account" />

 

Grant permissions to the new domain account:
The new account running the service must have full control over:

- MID Server root folder

- Agent\logs, Agent\work, and Agent\ext subfolders (of course 🙂 ).

Restart the MID Server service after applying permission changes and enjoy...


 

Más de 5 años de experiencia implementando y gestionando ServiceNow.
Consultor certificado y especializado en la consultoría del producto.