cancel
Showing results for 
Search instead for 
Did you mean: 

upgraded from evault 9.0.2 to 9.0.3 now i am not able to access directory service

Adil
Level 3

Hi

I upgraded vault from 9.0.1 to 9.0.3  services and everything went through with no isssues . 

 

but now i am having problems accessing admin console , all services are running but when I open admin console and point it to local server I am getting can not connect to directory service .  Please help , thanks  .

also on the event logs i am getting these errors :

 

The EnterpriseVault.DirectoryConnection object reported an error.

General access denied error

Internal references:

Error [0x80070005]

{CDirectoryConnectionObject::GetSyncSlotInfo} [.\DirectoryConnectionObject.cpp, lines {10310,10320}, built Nov 11 21:02:52 2011]

For more information, see Help and Support Center at http://evevent.symantec.com/rosetta/showevent.asp?EvtID=8390

 

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{12DDEEC1-BFF4-11D1-8008-0000F879BEF2}

to the user  SID (S-1-5-21-823518204-963894560-725345543-1126). This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

1 ACCEPTED SOLUTION

Accepted Solutions

LCT
Level 6
Accredited Certified

Try this:

Grant the user permissions to start the COM component. To do this, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_CLASSES_ROOT\CLSID\CLSID value

    Note In this subkey, "CLSID value" is a placeholder for the CLSID information that appears in the message.

  3. In the right pane, double-click AppID.
    The Edit String dialog box appears. Leave this dialog box open and continue to the next step.
  4. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
    If a Windows Security Alert message prompts you to keep blocking the Microsoft Management Console program, click to unblock the program.
  5. In Component Services, double-click Component Services, double-click Computers, double-click My Computer, and then click DCOM Config.
  6. In the details pane, locate the program by using the friendly name.
    If the AppGUID identifier is listed instead of the friendly name, locate the program by using this identifier.
  7. Right-click the program, and then click Properties.
  8. Click the Security tab.
  9. In the Launch and Activation Permissions area, click Customize, and then click Edit.
  10. Click Add, type the user’s account name, and then click OK.
  11. While the user is selected, click to select the Allow check boxes for the following items:
    • Local Launch
    • Remote Launch
    • Local Activation
    • Remote Activation
  12. Click OK two times.
  13. Quit Registry Editor.
Grant the correct permissions to the Network Service account

To grant the correct permissions to the Network Service account, follow these steps:

  1. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
  2. In Component Services, double-click Component Services, and then double-click Computers.
  3. Right-click My Computer, and then click Properties.
  4. Click the COM Security tab.
  5. In the Launch and Activation Permissions area, click Edit Default.
  6. Click Add, type Network Service, and then click OK.
  7. While Network Service is selected, click to select the Allow check boxes for the following items:
    • Local Launch
    • Remote Launch
    • Local Activation
    • Remote Activation

    Click OK two times.

View solution in original post

6 REPLIES 6

Percy_Vere
Level 6
Employee Accredited

Check your server DCOM settings by going to dcomcnfg from the start menu. The ev service account should have full access remote and local.

Adil
Level 3

do you mean the ev service account application ?

LCT
Level 6
Accredited Certified

Try this:

Grant the user permissions to start the COM component. To do this, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_CLASSES_ROOT\CLSID\CLSID value

    Note In this subkey, "CLSID value" is a placeholder for the CLSID information that appears in the message.

  3. In the right pane, double-click AppID.
    The Edit String dialog box appears. Leave this dialog box open and continue to the next step.
  4. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
    If a Windows Security Alert message prompts you to keep blocking the Microsoft Management Console program, click to unblock the program.
  5. In Component Services, double-click Component Services, double-click Computers, double-click My Computer, and then click DCOM Config.
  6. In the details pane, locate the program by using the friendly name.
    If the AppGUID identifier is listed instead of the friendly name, locate the program by using this identifier.
  7. Right-click the program, and then click Properties.
  8. Click the Security tab.
  9. In the Launch and Activation Permissions area, click Customize, and then click Edit.
  10. Click Add, type the user’s account name, and then click OK.
  11. While the user is selected, click to select the Allow check boxes for the following items:
    • Local Launch
    • Remote Launch
    • Local Activation
    • Remote Activation
  12. Click OK two times.
  13. Quit Registry Editor.
Grant the correct permissions to the Network Service account

To grant the correct permissions to the Network Service account, follow these steps:

  1. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
  2. In Component Services, double-click Component Services, and then double-click Computers.
  3. Right-click My Computer, and then click Properties.
  4. Click the COM Security tab.
  5. In the Launch and Activation Permissions area, click Edit Default.
  6. Click Add, type Network Service, and then click OK.
  7. While Network Service is selected, click to select the Allow check boxes for the following items:
    • Local Launch
    • Remote Launch
    • Local Activation
    • Remote Activation

    Click OK two times.

LCT
Level 6
Accredited Certified

By the way, are you logged onto the EV server as the VSA? Are you running the console from a remote machine/server using an account other than VSA? Did you perform the upgrade using the vault service account? Check and make sure EV services are still running under the VSA.

Adil
Level 3

yes i am logged in as the vsa , and running the console from same server using remote desktop . yes I did the upgrade using the vault service account . all services are running but still not able to connect to directory service or shopping cart .

Adil
Level 3

thanks CTEV    .  ok so I find out what was the problem .

the VSA account was a member of domain admins before  and had all permissions to the sever AD , SQL  etc  .

yesterday before the upgrade  one of the admins removed that account from domain admins group per symantec recommedations . As we rebooted the server today , all permissions were lost ..

what I did is add the VSA back to domain admins and users were able to connect to archives , and I was able to access the console .

 

Thanks