Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

remote administration

Status
Not open for further replies.
fluid11

fluid11

IS-IT--Management
Jan 22, 2002
1,627
US
I'm having a problem connecting to an ISA server remotely. I'm running the ISA Management Tools on my Windows 2000 workstation. When I try to connect to the server, I get the following error...

"The operation failed. You do not have the necessary permissions to perform this action. Failed to connect".

I'm a member of the Domain Admins, Administrators, Enterprise Admins, and all of the other admins groups, including the local Admins group on the ISA server itself. The only user that can connect remotely is the Administrator account that we used to install the server. If I do a "runas", and then switch to the Administrator account, it works okay.

Thanks,
Chris
 
Sort by date Sort by votes
Here's how I fixed the problem....




1. On the affected ISA Server, verify these DCOM settings using the
DCOMCNFG tool by typing DCOMCNFG at thr Run line (Start...Run..).

Once the tool is open, change the authentication to none for each
of the following applications: FPC Class (1) FPC Class (2) mspadmn
EventSystem (This one will have a GUID that appears as
{1BE1F766-5536-11D1-B726-00C04FB926AF}.

1. a) Simply choose the application, click properties, then change
the Authentication Level. 1. b) For each DCOM application above, go to the
Security Tab, choose "Use customer configuration permissions" and give the
following members Full Control: "Authenticated users", your user account,
and the local administrators group.

2. On the ISA MMC, right-click the server, properties, Security
Tab, then Add "Authenticated users", your user account, and the local
administrators group to the ISA server with Full Control.

3. Just to be safe, be sure your domain account is a member of the
Local Administrators group on the ISA Server(s).

4. In RegEdt32, add "Authenticated Users" your user account, and
the Local Administrators group to HKEY_LOCAL_MACHINE\Software\Microsoft\Fpc

5. Start DCOMCNFG and reset settings on the Default properties tab:

- Enable DCOM on this computer
- Default Authentication Level: Connect
- Default Impersonate Level: Impersonate

6. Check these registry settings and verify that they are set as
indicated on the
ISA Server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameter
s]
"AutoShareServer"="1"

7. Check the fqdn that ISA was installed with.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Arrays\{array
guid}\Servers {serverguid}\msFPCFQDN = "server.domain.com".

Also, double check the following keys to make sure they have the
hostname. It
should just say "server" not "server.domain.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Arrays\{array guid}\msFPCName =

"server" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Arrays\{array
guid}\Servers\ {server
guid} \msFPCName = "server"




 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
547
nnaarrnn
nnaarrnn
MeesterDull
  • Locked
  • Question
Can't remote into my SonicWall
Replies
0
Views
102
MeesterDull
MeesterDull
raist3001
  • Locked
  • Question
Unable to remote into PBX behind Sonicwall TZ-190
Replies
1
Views
117
fojin
fojin
captnops
  • Locked
  • Question
Cisco PIX remote access problem
Replies
0
Views
67
captnops
captnops
handle2110
  • Locked
  • Question
Cisco SSL VPN Remote Desktop server in other site
Replies
1
Views
90
unclerico
unclerico

Part and Inventory Search

Sponsor

Back
Top