Microsoft KB Archive/841619

= You cannot connect to the SMS database or expand nodes in the SMS Administrator console tree when you run SMS in Windows XP SP2 =

Article ID: 841619

Article Last Modified on 6/28/2007

-

APPLIES TO


 * Microsoft Systems Management Server 2003
 * Microsoft Systems Management Server 2.0 Standard Edition
 * Microsoft Windows XP Service Pack 2

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
''After you apply Microsoft Windows XP Service Pack 2 (SP2) to a computer that is running the Systems Management Server (SMS) Administrator console, you may not be able to connect to the SMS database or to expand some nodes in the console tree. This issue occurs because of the new settings in the service pack. You can resolve this issue by modifying the Windows Firewall settings. You may also have to set anonymous remote access rights in DCOM or modify local security policy settings.''



SYMPTOMS
When you run the Microsoft Systems Management Server (SMS) Administrator console on a computer that is running Microsoft Windows XP Service Pack 2 (SP2), you may not be able to connect to the SMS database. Additionally, you may not be able to expand some nodes in the console tree. When you try to troubleshoot this issue by using the Wbemtest.exe utility to connect to the \Root\Sms namespace of the site server, you may receive the following error message:

Error Number: 0x8007000e

Facility: Win32

Description: Not enough storage is available to complete this operation.



CAUSE
In Windows XP SP2, this issue occurs because of the configuration of Windows Firewall. Windows Firewall has three settings:
 * On
 * On with no exceptions
 * Off

When the Don't allow exceptions check box is selected, the SMS Administrator console cannot connect to any SMS site database. If Windows Firewall is turned on, and no exceptions are defined, the SMS Administrator console cannot display all the items in the console tree. This is the default setting.



RESOLUTION
To resolve this issue, follow these steps:  Click Start, click Control Panel, and then click Windows Firewall. On the General tab, make sure that Windows Firewall is turned on, and that the Don't allow exceptions setting is not selected. On the Exceptions tab, click Add Program. Click the Browse button, and then open the following file:

%WINDIR%\System32\Wbem\Unsecapp.exe

If you have to define the scope, click Change scope, and then click OK. In the Programs and Services list, click to select the Unsecapp.exe check box. Click the Add Port button.</li> Type 135 in the Port number box, make sure that TCP is selected, and then type a name for the exception in the Name box.

If you have to define the scope, click Change scope, and then click OK.</li> In the Programs and Services list, click to select the check box for the exception that you added in step 7.</li> Click OK.

Note: To view status messages, you must also add a program exception for statview.exe. By default this exe is found here: installdrive\SMSAdmin\bin\i386\statview.exe Without the statview.exe exception, you will see the following error while trying to view status messages:

SMS Could not provide the data that you requested. Please refer to the SMS documentation for troubleshooting information.

</li></ol>

Sometimes, adding these exceptions to Windows Firewall may not resolve the issue. You may also have to set anonymous remote access rights in DCOM for the client computer. Do not make these changes unless adding Unsecapp.exe and TCP port 135 to the exceptions list does not resolve the issue.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To set anonymous remote access rights in DCOM, follow these steps on the XP SP2 computer installed with the SMS Console:
 * 1) Click Start, click Run, and then type dcomcnfg.exe in the Open box.
 * 2) Locate the Console root node, expand Component Services, expand Computers, and then click My Computer.
 * 3) Right-click My Computer, and then click Properties.
 * 4) In My Computer Properties, click the COM Security tab.
 * 5) In Access Permissions, click Edit Limits.
 * 6) Click ANONYMOUS LOGON.
 * 7) In Permissions for ANONYMOUS LOGON, click to select the Allow setting for Remote Access.
 * 8) Click OK two times.
 * 9) Restart your computer.

<div class="status_section">

STATUS
This behavior is by design.

<div class="references_section">