Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access Denied error when setting up Delegation for AD object

Status
Not open for further replies.
mlchris2

mlchris2

Technical User
Mar 18, 2005
512
US
I am helping our web team design a web farm. We've setup two web servers and placed the site files on a file server.

Im using a document from MS as a guide to setup this whole hosting site files on another server other than the web server. Part of the process is to delegate permissions of services on between two servers.

*In active directory, I go to properties of the web server
*go to the delegation tab.
*select "trust this computer for delegation to specified services only.
*select "use any authentication protocol"
*add the file server and the few services.
"when i apply the changes i get the following error:

"Active Directory: The following Active Directory error occurred: Access is denied."

I have search MS and googled, but havent found any answers. Can anyone offer advice or suggestions?

thanks

We setup the directories with proper permissions as well. I can access a few of the sites (that have page ext of HTM) but sites that have page ext of ASPX, return a 404 error.



Mark C.
 
Sort by date Sort by votes
Are you logged in as Administrator (I know a dumb answer but I have messed up many times)

Also make sure that it has administrator rights and that AD recognizes that you are an administrator. I have been logged in as Administrator and AD didn't have that user in the Users and didn't have me as a Domain Admin I'd mess with the AD securities.

Also are you on the Domain Controller that dispurses AD Roles? Have you Restarted? Is this a new AD setup?

--
-TheCloak

"You Never Know What Hits You, A Gunshot is the Perfect Way" - JFK
 
Upvote 0 Downvote
Cloak,

I was using the ADUC connector on from my laptop and making the change there. I was logged in with my domain account. I am a member of Administrator and Domain Admins group.

When you mentioned if i was on the DC making the change, the light came on. I RDC to the DC, made the change and PRESTO!!!

my guess Im not a member of a group that AD requires to make changes... i will look into it more, but thanks for the insight.


Mark C.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
669
suncit
suncit
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
534
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
287
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
894
gbaughma
gbaughma
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
256
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top