Unable to run RSOP.msc from Server with error "Access Denied"
I am trying to run RSOP to see what policies are being enforced on one of our servers in order to troubleshoot a seperate issue. The server in question is just an application server that will be running terminal server for some of our people to dial into remotely. I have 1 DC (Windows SBS 2003) running RWW, Exchange, and all the other bells and whistles. I have 3 Win2k3 Standard Servers, one of which is already running Terminal Server with no issues, one will run it (the server with the RSOP issue I need your help with), and one will not. The last server is Windows Server 2008 Essential? (I know it's not core). This server is acting as my Terminal Server License manager.
The previous DC was riddled with issues, and after nearly a year of trying to get it all fixed I finally elected to just blow it up (litterally, we had a bar-b-que), and create a new domain "ContosoOffice.pri" to replace the old domain of "Contoso.com". Everything is working great except for this last server is giving me some grief. I'd love to blow it out and start from scratch, but it is running a piece of software that cost the company twice my salary to have customized, and I really like my job.
The server, call it TS2, works great. The users that need it internally have no issues, but they are not able to access through RWW (unless I add them as domain admins, which is NOT an option), which is why I need to get Terminal Server running on it. I'm having some Group Policy issues trying to get TS2 to run Terminal Server correctly (as well as deploying my System Center agent to it), which is why I need to check what and how policies are being enforced on TS2 using RSOP.msc.
I get the same error when running RSOP logged in as the local server administrator. I checked to ensure that the Domain Admins group is set as local admins, etc.
DSN should not be an issue. I have ZERO errors on my DC (the SBS 2003), and yes the server TS2 is listed in both DNS and AD.
We are currently running a POLICY FREE environment (I wanted all the kinks worked out before I configured the GPOs), so there should be ZERO restrictions on TS2. I'm thinking something from the old domain is still lingering on this server, but not certain where I should look.
This is the process I went through when I joined this (and all other servers) to the new domain (prior to the bar-b-que).
Removed server from old domain to workgroup, rebooted
Ran http:\\SBS2k3\ConnectComputer wizard from SBS server, selected the correct server name from the list, rebooted.
That was it, it was done on the new domain and belived to be without flaw (until I tried to install Terminal Server yesterday). Now, what could be lingering on this server that is supposed to be policy free that is preventing me from running RSOP?
The previous DC was riddled with issues, and after nearly a year of trying to get it all fixed I finally elected to just blow it up (litterally, we had a bar-b-que), and create a new domain "ContosoOffice.pri" to replace the old domain of "Contoso.com". Everything is working great except for this last server is giving me some grief. I'd love to blow it out and start from scratch, but it is running a piece of software that cost the company twice my salary to have customized, and I really like my job.
The server, call it TS2, works great. The users that need it internally have no issues, but they are not able to access through RWW (unless I add them as domain admins, which is NOT an option), which is why I need to get Terminal Server running on it. I'm having some Group Policy issues trying to get TS2 to run Terminal Server correctly (as well as deploying my System Center agent to it), which is why I need to check what and how policies are being enforced on TS2 using RSOP.msc.
I get the same error when running RSOP logged in as the local server administrator. I checked to ensure that the Domain Admins group is set as local admins, etc.
DSN should not be an issue. I have ZERO errors on my DC (the SBS 2003), and yes the server TS2 is listed in both DNS and AD.
We are currently running a POLICY FREE environment (I wanted all the kinks worked out before I configured the GPOs), so there should be ZERO restrictions on TS2. I'm thinking something from the old domain is still lingering on this server, but not certain where I should look.
This is the process I went through when I joined this (and all other servers) to the new domain (prior to the bar-b-que).
Removed server from old domain to workgroup, rebooted
Ran http:\\SBS2k3\ConnectComputer wizard from SBS server, selected the correct server name from the list, rebooted.
That was it, it was done on the new domain and belived to be without flaw (until I tried to install Terminal Server yesterday). Now, what could be lingering on this server that is supposed to be policy free that is preventing me from running RSOP?
ASKER
Got the instructions, running the tests now. Will let you know what the results are.
ASKER
Went through the checklist from the article you refenced. Everything shows just fine, and the three properties the articled wanted me to check on the DCOM Configuration for WMI;
Authentication Level: Default
Launch Permissions: Everyone
Access Permissions: Use Default
Those are all correct on TS2.
I was even to view the properties of TS2 (through wmimgmt.msc) from several workstations and servers.
Any other thoughts?
Authentication Level: Default
Launch Permissions: Everyone
Access Permissions: Use Default
Those are all correct on TS2.
I was even to view the properties of TS2 (through wmimgmt.msc) from several workstations and servers.
Any other thoughts?
ASKER
I can get into the Group Policy editor from TS2 through gpedit.msc, but not RSOP.msc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.sbs/2006-01/msg00739.html
Especially pay your attention to DCOM permissions!