The Control Compliance Suite (CCS) Data Collection / RMS Client Console fails to open with error: "A failure occurred: Failed to connect to the Bindview Information Server because access was denied."

Article:TECH114051  |  Created: 2008-01-31  |  Updated: 2010-08-12  |  Article URL http://www.symantec.com/docs/TECH114051
Article Type
Technical Solution

Product(s)

Issue



The full error is: "A failure occurred: Failed to connect to the Bindview Information Server because access was denied. In order for the RMS Console to connect to a remote Information Server computer, your account must have the following security policy privileges on that computer:

Access this computer from the network
Allow log on locally
Bypass traverse checking

Your user account must also have DCOM permissions to use the BVProcess Manager object, which you can check using Windows' DCOMCNFG utility."


Solution



On the Symantec Information Server (BVIS), go to Start > Run. Type DCOMCNFG in the box and click OK.

  1. Expand Component Services > Computers.
  2. Right-click My Computer, go to Properties.
  3. Click on the Default properties tab and make sure "Enable Distributed COM on this computer" is selected.
  4. Click on the COM Security tab.
  5. Under Access Permissions, click the Edit Default button.  The Access Permission dialog box appears.
  6. Click the Add button.
  7. Click the Object Types button, then verify that all check boxes are selected.
  8. Click the Locations button, then select the computer name of the Information Server in the list.
  9. In the "Enter the object names to select" dialog, type the group names "bv console users" and "bv console admins".
  10. Click OK.  The Access Permission dialog box appears again.
  11. Under "Group or User Names" select each group name.  Make sure that both Local and Remote Access have "Allow" checked under Permissions at the bottom.
  12. Repeat steps 6-12 for Launch and Activation Permissions.
  13. Restart the Information Server.
  • IMPORTANT NOTE:  Changes to the DCOM settings do not take effect until the Information Server is restarted.



IF DCOM IS NOT BEING USED LOCALLY DUE TO A SECURITY POLICY:

If the Domain Controller in the domain is running Windows 2003 SP1 or later and the BVIS and remote consoles do not have DCOM enabled due to a security policy, users wanting to remotely access applications that utilize DCOM will need to be added to the BUILTIN\Distributed COM Users group on the BVIS. This is a new group object which was added in Win2k3 SP1. Domain Admins should already have this right, but ordinary users do not.



 



Legacy ID



2008013112073853


Article URL http://www.symantec.com/docs/TECH114051


Terms of use for this information are found in Legal Notices