In some cases SRM transfers fail because they are tried via the plain dCap protocol (URL starts with dcap://). Since plain dCap is unauthenticated, the dCache server will have no information about the user trying to access the system. While the transfer will succeed if the UNIX file permissions allow access to anybody (e.g. mode 777), it will fail otherwise.

Usually all doors are registered in SRM as potential access points for dCache. During a protocol negotiation the SRM chooses one of the available doors. You can force srmcp to use the GSIdCap protocol (-protocol=gsidcap) or you can unregister plain, unauthenticated dCap from known protocols: From the file config/door.batch remove -loginBroker=LoginBroker and restart dCap door with

[root] # jobs/door stop
[root] # jobs/door -logfile=<dCacheLocation>/log/door.log start