Microsoft KB Archive/871168

From BetaArchive Wiki

Article ID: 871168

Article Last Modified on 10/30/2006


APPLIES TO

  • Microsoft NetMeeting 3.01 Standard Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition



SYMPTOMS

When a member of the Power Users local security group tries to set up the Remote Desktop Sharing (RDS) feature in Microsoft Windows NetMeeting on a computer that is running Microsoft Windows 2000, the user may receive a Dr. Watson error message that is similar to the following:

mnmsrvc.exe caused an exception c0000005

Additionally, the RDS feature is not fully set up and cannot be used.

CAUSE

This behavior occurs because users must have administrator permissions to set up RDS.

RESOLUTION

To resolve this behavior, an administrator must log on to the computer and delete the private key that has been created during this unsuccessful attempt to set up RDS. Then, the administartor can set up RDS. To this, an administrator must follow these steps on the computer where the member of the Power Users local security group experienced the symptoms:

  1. Log on as an administrator.
  2. Locate following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\_NMSTR\Certificates

  3. If the Certificates entry is missing or empty, locate and then click the following folder in Windows Explorer:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

  4. In the right pane, right-click the file that begins with 511a0f3f9e960fa97de3d0b74adfc574_, click Delete, and then click Yes.
  5. Start NetMeeting.
  6. Click Tools, click Options, and then click OK.
  7. Set up RDS.


MORE INFORMATION

Power users cannot complete the RDS Wizard to successfully set up RDS because administrator permissions are required to create the certificate that enables communication between clients. Power users can initiate the certificate request that includes creating the private key, but they cannot write the full certificate to the store because they do not have administrator permissions. Therefore, the certificate request is not completed. The certificate request can only be completed by the user who initiates creating the private key. After an administrator deletes the private key, the administrator can process a new certificate request.

Generally, you can avoid the problem of members of the Power Users local security group not being able to successfully setup RDS by using any one of the following methods:

  • Install RDS as an administrator.
  • Disable RDS by using Group Policy.
  • Change the permissions for the SystemCertificates entry.

Install RDS as an administrator

Install RDS as an administrator before members of the Power Users local security group try to do this. To install RDS as an administrator, follow these steps:

  1. Log on to your computer as an administrator.
  2. Start NetMeeting.
  3. On the Tools menu, click Remote Desktop Sharing, and then click Next.
  4. Follow the instructions in the Remote Desktop Sharing Wizard.


Note RDS does not have to be started.

Disable RDS by using Group Policy

To disable RDS for your domain by using Group Policy, follow these steps:

  1. On the Windows 2000 Server-based domain controller, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click Domain name, and then click Properties.
  3. Click the Group Policy tab.
  4. In the Current Group Policy Object Links for Domain name list, click Default Domain Policy, and then click Edit.
  5. In the left pane, expand Computer Configuration, and then expand Administrative Templates.
  6. Expand Windows Components, and then click NetMeeting.
  7. In the right pane, double-click Disable remote Desktop Sharing.
  8. Click Enabled, click Apply, and then click OK.
  9. Restart the computer.

To disable RDS on a local Windows 2000-based computer by using Group Policy, follow these steps:

  1. Click Start, click Run, type gpedit.msc in the Open box, and then click OK.
  2. In the left pane, expand Computer Configuration, and then expand Administrative Templates.
  3. Expand Windows Components, and then click NetMeeting.
  4. In the right pane, double-click Disable remote Desktop Sharing.
  5. Click Enabled, click Apply, and then click OK.
  6. Restart the computer.

Change the permissions for the SystemCertificates entry

Change the permissions for the SystemCertificates entry so that power users can complete the Remote Desktop Sharing Wizard successfully but not start RDS. To do this, follow these steps:

  1. Click Start, click Run, type Regedt32.exe, and then click OK.
  2. Locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates

  3. Click Security, and then click Permissions.
  4. Click the Power Users security group.
  5. Under Permissions, click to select the Full Control check box in the Allow column.
  6. Click to select the Allow inheritable permissions from parent to propagate to this object check box, click Apply, and then click OK.
  7. Quit Registry Editor.


MORE INFORMATION

For more information about the Remote Desktop Sharing feature in NetMeeting, click the following article numbers to view the articles in the Microsoft Knowledge Base:

249322 Error starting NetMeeting Remote Desktop Sharing


233175 How to use Remote Desktop Sharing in NetMeeting


Keywords: kbprb KB871168



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/871168&oldid=207558
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki