|
Posted by Romain on September 5, 2006, 3:43 pm
Please log in for more thread options Hi,
I have exactly the same problem and the KB articles pointed by the BPA tool
does nothing ... Please can you give us some additional troubleshootings
steps to solve this issue ?
thanks
"Andrew Hayes" wrote:
> Herman, Roger... How would the solution be implemented if the server in
> question is NOT a domain controller?
>
> I've been trying to run the Microsoft Exchange Server Best Practices
> Analyzer Tool remotely (as it suggests), but it always fails with a "WMI
> cannot be accessed". None of the items listed in the associated help article
> were problems. I followed another WMI related article and ran winMSD, but
> that wouldn't connect to the remote computer either.
>
> Trying to view the computer properties when I've used Computer Management to
> remotely connect gives me a "Win32: Access is Denied" error, but I can't
> find out who it's denying access to... Certainly not the user logged in to
> the workstation as that is the Exchange Admin.
>
> I've checked and double-checked the WMI control settings in Computer
> Management and set verbose logging, but I don't find any mention of
> Win32_ComputerSystem or Win32_Processor in either the framework or wbemcore
> logs. I even went so far as to add the network service and exchange admin
> user to the DCOM Users group.
>
> Running the command "rundll32 wbemupgd, CheckWMISetup" doesn't even modifiy
> the original setup.log file and I can't tell whether that means it ran
> successfully or not at all.
>
> I tried adding domain\machine to the "Impersonate a client after
> authentication" in the Local Policy Settings of the exchange server but that
> didn't help either.
>
> At this point in time I've tried a dozen different tactics to get it to work
> and none of them have been successful. I can't even get any of the logs to
> tell me why access is denied to Win32 and WMI.
>
> I'm at a loss as to what could be going wrong, and more importantly, how I
> can fix it.
>
> > Interesting resolution. Thanks for the postback with the info.
> > Roger
> >
> >> Roger,
> >>
> >> I found the issue, the Service account needed to added to the Default
> >> Domain
> >> Controller policy for the User Right Assignment "Impersonate a client
> >> after
> >> authenication". Once I did that and restart WMI, all is well.
> >>
> >> Thanks for responding though.
> >>
> >> "Herm_MCP" wrote:
> >>
> >>> Roger,
> >>>
> >>> When I look at the WBEM log :Framework.log, I see that it is failing on
> >>> all
> >>> the classes with a bunch of errors similar to the one below:
> >>> Impersonation running as: NT AUTHORITY\NETWORK SERVICE 06/26/2006
> >>> 12:13:46.857 thread:1460
> >>> [d:\srvrtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3759]
> >>> ExecQueryAsync: select __RELPATH, LoadPercentage from Win32_Processor -
> >>> FAILED (80041003) 06/26/2006
> >>> 12:13:46.857 thread:1460
> >>> [d:\srvrtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.830
> >>>
> >>> Any ideas?
> >>> When I look at a machine that is working and not a DC, the impersonation
> >>> is
> >>> done by \domainname\computername$
> >>>
> >>> Herman
> >>>
> >>> "Roger Abell [MVP]" wrote:
> >>>
> >>> > Hmmm
> >>> > I have not encountered what you report under those circumstances.
> >>> > The KB is advisory that one should apply SP1 to the PDC FSMO first,
> >>> > or at least synchronously with other DCs.
> >>> > The existence of the new level of DCOM security does not in the
> >>> > default
> >>> > configuration of fresh SP install have the impact you are indicating.
> >>> > You would find that nesting such as Domain Admins in the DCom Users
> >>> > group would have no effect on your current issue.
> >>> >
> >>> > --
> >>> > Roger Abell
> >>> > Microsoft MVP (Windows Server : Security)
> >>> >
> >>> > > Thanks for replying Roger.
> >>> > >
> >>> > > The access is local and it only happens on the DCs of this domain.
> >>> > > Firewall
> >>> > > is turned off. I do not believe the Security Wizard was used.
> >>> > >
> >>> > > What do you think about the article I listed earlier?
> >>> > >
> >>> > > "Roger Abell [MVP]" wrote:
> >>> > >
> >>> > >> Is the access local, with the code running on the machine whose
> >>> > >> WMI repository is accessed, or remote?
> >>> > >> Do these W2k3 have the firewall turned on?
> >>> > >> Was the Security Configuration Wizard used to tighten these?
> >>> > >>
> >>> > >>
> >>> > >> > Morning,
> >>> > >> >
> >>> > >> > I have an issue were WMI is giving an acces denied error when I
> >>> > >> > try and
> >>> > >> > run
> >>> > >> > wmimgmt.msc. Also, when I run wbemtest and try to access the
> >>> > >> > W32_Processor
> >>> > >> > class I get a Access Denied.
> >>> > >> >
> >>> > >> > The server(s) in question are 2003 Standard Edition SP1 boxes and
> >>> > >> > I
> >>> > >> > think
> >>> > >> > this issue has something to do with this article :
> >>> > >> > http://support.microsoft.com/?kbid=914023
> >>> > >> >
> >>> > >> > Anyone have any ideas.
> >>> > >> > Thanks,
> >>> > >> > Herman
> >>> > >>
> >>> > >>
> >>> > >>
> >>> >
> >>> >
> >>> >
> >
> >
>
>
>
| 
XML Sitemap