Article ID: 929072
Article Last Modified on 5/1/2007
APPLIES TO
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
SYMPTOMS
When you use Forefront Server Security Administrator on a workstation to connect to a server that is running Microsoft Forefront Security for SharePoint or Microsoft Forefront Security for Exchange Server, you may receive the following error message:
CAUSE
This issue may occur if one of the following conditions is true:
- The FSCController service is disabled.
- There is an issue with DCOM. Forefront Server Security Administrator uses the DCOM protocol to connect to the backend processes.
RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
To troubleshoot this issue, follow these steps:
- Make sure that the FSCController service is enabled on the server. If not, enable this service. Then, use Forefront Server Security Administrator to connect to the server. If this step does not resolve the issue, go to step 2.
- Make sure that the workstation is connected to the server. To do this, run a ping command together with the server name. Or, try to map to a network share on the server.
- Make sure that the workstation and the server are in the same internal domain on the network. Alternatively, make sure that a two-way domain trust exists between the workstation domain and the server domain.
- Make sure that the user account that is logged on to the workstation has the appropriate permissions to access the FSCController service on the server. To do this, follow these steps:
- Click Start, click Run, type dcomcnfg, and then click OK.
- In the left pane, expand Component Services, expand Computers, expand My Computer, and then expand DCOM Config.
- Right-click FSCController, and then click Properties.
- Click the Security tab, and then click Edit in the Launch and Activation Permissions section.
- In the Launch Permission dialog box, make sure that either of the following conditions is true:
- The user account is listed under Group or user names. If the user account is not listed, add this user account. Then, give this user account full permissions.
- The user account is a member of a group that has Allow Access user rights.
- Close the Launch Permission dialog box.
- On the Security tab, click Edit in the Access Permissions section, and then repeat step 3e.
- On the Security tab, click Edit in the Configuration Permissions section, and then repeat step 3e.
- Make sure that DCOM is enabled on the user workstation. Forefront Server Security Administrator connects to the FSCController service by using DCOM. If DCOM is disabled on the user workstation, Forefront Server Security Administrator cannot connect to the FSCController service on the server. To determine whether DCOM is enabled, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole - In the right pane, double-click EnableDCOM.
- Examine the value in the Value data area. If the value is set to Y, DCOM is enabled. If the value is set to N, DCOM is not enabled.
Keywords: kbprb kbexpertiseadvanced kbtshoot KB929072
