AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 27.01.2010, 02:08   #1  
Blog bot is offline
Blog bot
Участник
 
25,626 / 848 (80) +++++++
Регистрация: 28.10.2006
emeadaxsupport: Unable to edit the DCOM settings for IIS WAMREG admin service on a Windows Server 2008 R2 when trying to configure Kerberos Authentication for Role Centers
Источник: http://blogs.msdn.com/emeadaxsupport...e-centers.aspx
==============

We came across an issue recently where we were configuring Enterprise Portal and Role Centers to use Kerberos authentication. One of the steps in the whitepaper (and also as given here http://technet.microsoft.com/en-us/l.../ee355057.aspx) is to configure DCOM settings to grant the business connector proxy user account Launch and Activation permissions for the IIS WAMREG admin service package. We were able to do this successfully on a Windows Server 2003 R2/2008 system, however on a Windows Server 2008 R2 system the options are all greyed out/disabled in Component Services.

This is by design. Due to new security considerations, some core system components only grant the local internal account, TrustedInstaller, Full Control permission instead of the local Administrators group.

To be able to modify the settings of IIS WAMREG admin service" on a Windows Server 2008 R2 system, you need to grant the local Administrators group permissions to its registry key as follows:

Registry information: Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.




1. Run Regedit.exe and browse to "HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}" key.

2. Secondary-mouse click on the {61738644-F196-11D0-9953-00C04FD919C1} key and select Permissions... menu option.

3. Click the Advanced button in the Permissions window and select the Owner tab. Under Change owner to select the local Administrators group and click on Apply/OK.

4. Then under Permissions window, select the local Administrators group and under Permissions for Administrators select Full Control.

NOTE: DO NOT modify/change any permissions for the TrustedInstaller account.

5. Click on Apply or OK to make the changes effective.

6. Re-run the Computer Services management console (dcomcnfg.exe) and you should now be able to modify the settings for IIS WAMREG admin service package.

7. After making the necessary changes, reset the permissions for the package in the registry settings back to its defaults:

- first make the account "NT SERVICE\TrustedInstaller" from the local computer the Owner of the key and

- then remove Full Control access for the Administrators group, and leave it with only Read access.




REFERENCES:

The TrustedInstaller account was introduced with Windows Server 2008/Vista - see http://technet.microsoft.com/en-us/l...77(WS.10).aspx for more details.



Источник: http://blogs.msdn.com/emeadaxsupport...e-centers.aspx
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
emeadaxsupport: AX 2009 Setup fails to install IIS Components on Windows Server 2008 R2 Blog bot DAX Blogs 0 12.01.2010 04:44
emeadaxsupport: Unable to validate the AX 2009 Workflow Webservice URL on a Windows Server 2008 R2 x64 Blog bot DAX Blogs 0 05.01.2010 19:16
emeadaxsupport: Group policy setting "System Objects: Default owner for objects created by members of the administrators group" is missing on Windows Server 2008 Blog bot DAX Blogs 2 28.08.2009 02:14
emeadaxsupport: Kerberos authentication issues in a multi server environment affecting the KPI web part Blog bot DAX Blogs 0 26.07.2009 15:07
Microsoft Dynamics CRM Team Blog: Building a Self-Contained Virtual CRM Development Server Blog bot Dynamics CRM: Blogs 0 05.05.2009 10:05

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 19:02.