Microsoft KB Archive/895952

From BetaArchive Wiki

Article ID: 895952

Article Last Modified on 10/25/2006


APPLIES TO

  • Microsoft Operations Manager (MOM) 2005



SYMPTOMS

You receive the following error message when you try to open the Microsoft Operations Manager (MOM) 2005 Administrator Console on a computer that is not the MOM 2005 server:

You do not have the appropriate privilege to connect to this MOM Management Server.

You must be a member of at least the MOM Users group. Contact your MOM Administrator if you need access to the MOM Administrator Console.

You receive the following error message when you try to open the MOM 2005 Operators Console:

Access denied to server: server name

Note server name is the name of your MOM 2005 server.

CAUSE

This problem may occur if the following conditions are true:

  • The MOM 2005 server is a Microsoft Windows Server 2003-based computer.
  • You installed Windows Server 2003 Service Pack 1 (SP1) on this computer.


WORKAROUND

To work around this problem, you can add domain user accounts to the Distributed COM Users security group on the MOM 2005 server. These domain user accounts are the accounts that you want to remotely access the MOM 2005 Administrator Console and the MOM 2005 Operator Console. The Distributed COM Users group is located in the Builtin container of the Active Directory Users and Computers tool. If the MOM 2005 server is not a domain controller, the Distributed COM Users group is located in the Groups container of the Computer Management tool.

You can simplify account maintenance by creating a custom domain user group. Add the user accounts that you want to the custom user group, and then add the custom user group to the Distributed COM Users group.

Create the custom domain user group

  1. On the domain controller, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand your domain's container, right-click Users, point to New, and then click Group.
  3. Name the new group MOM Remote Users, and then click OK.

Populate the custom domain user group

Note domain is the name of your domain.

  1. In Active Directory Users and Computers, click the Users container.
  2. Double-click MOM Remote Users, click the Members tab, and then click Add.
  3. Type the domain\user account that you want, and then click OK.
  4. Repeat step 2 and step 3 for each user account that you want to access the MOM 2005 Administrator Console and the MOM 2005 Operators Console.
  5. Click OK to close the MOM Remote Users properties.

Add the custom user group to the Distributed COM Users group

If the MOM 2005 server is a domain controller, follow these steps:

  1. In Active Directory Users and Computers, expand the Active Directory Users and Computers\domain container.
  2. Click Builtin, and then double-click Distributed COM Users.
  3. On the Members tab, click Add.
  4. Type domain\MOM Remote Users, and then click OK two times.

If the MOM 2005 server is a member server, follow these steps:

  1. Click Start, point to Administrative Tools, and then click Computer Management.
  2. Expand Local Users and Groups, and then click Groups.
  3. Double-click Distributed COM Users, and then click Add.
  4. Add the MOM Remote Users user group that you created earlier, and then click OK two times.

Note You must add the user group or the user accounts to the Distributed COM Users group on each MOM 2005 server.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Keywords: atdownload kbgetsp kbbug kbqfe kbopmanmmc kbopman2005spfix kbopman2005bug kbtshoot kberrmsg kbuser kbupgrade kbinterop kbsecurity KB895952



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/895952&oldid=213781
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki