arcserve-KB : How to use a "arcserve RHA Users" Domain Security group for delegated security scenario management

Last Update: 2016-04-27 14:30:24 UTC


This document explains the details, requirements, and how to use a Domain Security Group named 'CA ARCserve RHA Users' instead of a local user group on each of the RHA Engine or RHA Control Service servers in order to take advantage of the ACL License key feature for delegated security as outlined in the bookshelf information Managing Users.


NOTE: This configuration requires that you install CA ARCserve RHA R16.5 GA or R16.5 SP1 first and then create a CA Support Ticket to obtain the two fixes referenced.

NOTE: ACL Delegated security feature requires a special license and is supported for only Content Distribution or D2D Integrated scenarios types only


  1. Install CA ARCserve RHA R16.5 SP1. (Can be obtained from
  2. Then create a technical support ticket to obtain one of the following applicable fixes:
    1. For RHA R16.5: FIX T55U003
    2. For RHA R16.5 SP1: FIX T55U006
  3. You will want to apply these fixes to the Control Service and/or Engine servers that you want to use to Domain Security group ACL access with. Note that this can be mixed and matched within the environment. i.e. The Control Service might apply this when it is installed on a Domain Controller that doesn't have local user groups.
    1. On the Control Service server
      1. Stop the CA ARCserve RHA Control Service service from within the Windows Services MMC
      2. Rename the file: C:\Program Files (x86)\CA\ARCserve RHA\Manager\mng_core_com.dll to mng_core_com.aclpatch
        • For 32bit OS: C:\Program Files\CA\ARCserve RHA\Manager\mng_core_com.dll
      3. Copy in the mng_core_com.dll file from the patch provided from CA support
      4. Find the mng_core_com.cfg file and open it with Notepad
      5. At the end of the file add a new line with the following: UseDomainForACL = True
      6. Save the file
      7. Start the CA ARCserve RHA Control Service
    2. On each engine host server that will use the Domain Security Group
      1. Stop the CA ARCserve RHA Engine Service service from within the Windows Services MMC
      2. Rename the file: C:\Program Files\CA\ARCserve RHA\engine\ws_rep.exe  to ws_rep.aclpatch
      3. Copy the file ws_repx86.exe or ws_repx64.exe to the C:\Program Files\CA\ARCserve RHA\engine folder that was provided in the patch from support and applies to the OS bit level (x86 = 32bit, x64 = 64bit)
      4. Rename the file copied above to ws_rep.exe
      5. Find the ws_rep.cfg file and open it with Notepad
      6. At the end of the file add a new line with the following: UseDomainForACL = True
      7. Save the file
      8. Start the CA ARCserve RHA Engine service
  4. Now on a Domain Controller open Active Directory Users and Computers
    1. Add a new Domain Security Group named 'CA ARCserve RHA Users'
    2. Add member users to this group that will be administrators/viewers of the scenarios, including the user that will be the Super Admin.
  5. Now log into the CA ARCserve RHA Overview page on the Control Service server with an account that is at least a local Administrator.
  6. Apply the ACL license key to activate the ACL license.
  7. Then Select Scenario > Set Super User Group
    1. Choose which Domain Group or User you would like to have Super User/Admin rights within the Control Service
  8. Now you can assign users rights based on the Domain Users and Groups that you apply to the CA ARCserve RHA Users Domain security group
    1. To allow for temporary Super Admin access rights
      1. Create a Domain Security group specifically for RHA Super Users (i.e. RHASuperUsers group)
      2. Add this group as a member to the Domain group 'CA ARCserve RHA Users'
      3. Assign this group as the 'Super User' group within the RHA Manager
      4. Then when you need to assign temporary access to users for Super Admin rights you can simply add them as a member to the RHASuperUsers Domain Security group until they complete their task (i.e. creating new scenarios or to edit the Master host)
      5. And then remove them from this group to revoke the elevated privleges.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request