MID SERVER ERROR: MIDFilePermEnforcer

Vee Jay Recana
Mega Guru

Hi,

 

Anyone encountered same issue? I tried restarting the MID server service, but it just created another similar issue.

 

VeeJayRecana_0-1747702323771.png

 

1 ACCEPTED SOLUTION

Maik Skoddow
Tera Patron
Tera Patron

Hi @Vee Jay Recana 

 

The root cause of a "MIDFilePermEnforcer" issue in the ServiceNow MID Server is primarily related to insufficient file system permissions for the user account running the MID Server service, particularly on the MID Server's "agent" folder and its contents.

 

Explanation of the Root Cause

The MIDFilePermEnforcer is a script or process that runs during MID Server startup to enforce correct file permissions on the "agent" directory and its subfolders. If the MID Server user account (the Windows user running the MID Server service) does not have Full Control permissions on the "agent" folder and its contents, the enforcement script cannot modify the Access Control Lists (ACLs) as required. This results in errors such as:

  • "Unable to execute command to save the current ACL to a temp file."

  • "An unexpected error occurred: Access is denied."

  • Permission denied errors when trying to move or modify files within the agent directory.

These permission issues can cause files to get "stuck" in the ECC queue or prevent the MID Server from properly managing its files, though the MID Server may continue to function with reduced security enforcement.

 

Common Causes

  • Running the MID Server service under a user account that lacks adequate permissions on the MID Server installation directory, especially the "agent" folder.

  • Changes in security policies or upgrades (e.g., Orlando version and later) introduced stricter file permission enforcement, requiring explicit permission settings.

  • The user running the MID Server service is not included in the allowed groups for the "agent" folder access control entries (ACE), which typically include SYSTEM, local Administrators, and the specific MID Server service user.

 

How to Resolve the Issue

  1. Grant Full Control Permissions
    Ensure the Windows user running the MID Server service has Full Control over the "agent" folder and all its contents. This includes read, write, modify, and execute permissions.

  2. Verify the MID Server Service User
    Check which user account is running the MID Server service (via services.msc on Windows) and confirm that this user has the necessary permissions on the MID Server directory.

  3. Run MID Server as Administrator (If Applicable)
    Temporarily running the MID Server service under an Administrator account can help resolve permission issues. After permissions are corrected, you can switch back to a non-admin user if needed.

  4. Restart the MID Server
    After adjusting permissions, restart the MID Server service to allow the permission enforcement script to run successfully and clear the issue.

  5. Check MID Server Logs
    Review MID Server logs for detailed error messages related to file permissions or the MIDFilePermEnforcer process to confirm the root cause and validate resolution steps12.

  6. If Issues Persist, Contact ServiceNow Support
    For complex cases or if the problem remains unresolved, reaching out to ServiceNow Support is recommended.

 

Maik

View solution in original post

4 REPLIES 4

Maik Skoddow
Tera Patron
Tera Patron

Hi @Vee Jay Recana 

 

The root cause of a "MIDFilePermEnforcer" issue in the ServiceNow MID Server is primarily related to insufficient file system permissions for the user account running the MID Server service, particularly on the MID Server's "agent" folder and its contents.

 

Explanation of the Root Cause

The MIDFilePermEnforcer is a script or process that runs during MID Server startup to enforce correct file permissions on the "agent" directory and its subfolders. If the MID Server user account (the Windows user running the MID Server service) does not have Full Control permissions on the "agent" folder and its contents, the enforcement script cannot modify the Access Control Lists (ACLs) as required. This results in errors such as:

  • "Unable to execute command to save the current ACL to a temp file."

  • "An unexpected error occurred: Access is denied."

  • Permission denied errors when trying to move or modify files within the agent directory.

These permission issues can cause files to get "stuck" in the ECC queue or prevent the MID Server from properly managing its files, though the MID Server may continue to function with reduced security enforcement.

 

Common Causes

  • Running the MID Server service under a user account that lacks adequate permissions on the MID Server installation directory, especially the "agent" folder.

  • Changes in security policies or upgrades (e.g., Orlando version and later) introduced stricter file permission enforcement, requiring explicit permission settings.

  • The user running the MID Server service is not included in the allowed groups for the "agent" folder access control entries (ACE), which typically include SYSTEM, local Administrators, and the specific MID Server service user.

 

How to Resolve the Issue

  1. Grant Full Control Permissions
    Ensure the Windows user running the MID Server service has Full Control over the "agent" folder and all its contents. This includes read, write, modify, and execute permissions.

  2. Verify the MID Server Service User
    Check which user account is running the MID Server service (via services.msc on Windows) and confirm that this user has the necessary permissions on the MID Server directory.

  3. Run MID Server as Administrator (If Applicable)
    Temporarily running the MID Server service under an Administrator account can help resolve permission issues. After permissions are corrected, you can switch back to a non-admin user if needed.

  4. Restart the MID Server
    After adjusting permissions, restart the MID Server service to allow the permission enforcement script to run successfully and clear the issue.

  5. Check MID Server Logs
    Review MID Server logs for detailed error messages related to file permissions or the MIDFilePermEnforcer process to confirm the root cause and validate resolution steps12.

  6. If Issues Persist, Contact ServiceNow Support
    For complex cases or if the problem remains unresolved, reaching out to ServiceNow Support is recommended.

 

Maik

Harish Bainsla
Tera Sage
Tera Sage

Hi @Vee Jay Recana 

Follow these steps

1. Check mid server logs

2.Restart mid server

3. Verify file permission 

4. Validate mid server 

and already @Maik Skoddow  have mentioned some more troubleshooting steps 

SK Chand Basha
Giga Sage

Hi @Vee Jay Recana 

 

Along with Mike comment refer the below thread hope it helps. 

 

https://www.servicenow.com/community/itom-forum/midfilepermenforcer-issue/m-p/999579/page/2

Harish Bainsla
Tera Sage
Tera Sage

Please accept solution if my answer helps