Environment
NetIQ Directory Resource Administrator 8.7.x
NetIQ Directory Resource Administrator 9.0.x
NetIQ Directory Resource Administrator 9.1.x
Situation
After applying the July 2018 Microsoft Windows Server 2012 R2 patches, the legacy Directory Resource Administrator (DRA) Web Console (accessed via the URL: http(s):\\<IISServer>\DRAClient) returns an HTTP 500 error code. This occurs when any user attempts to launch the web client.
Resolution
Remove any of the following patches:
- KB4338419 – Dot Net Framework roll up update
- KB4054566 – Dot Net Framework 4.7.2 update
Cause
Within the July 2018 Microsoft Windows 2012 patches, there were patches for Microsoft DOT Net Framework. One of these patches affected the behavior of Windows DCOM and IIS. The legacy web console relies on an Application Pool hosted within Windows IIS. This app pool communicates with the DRA Administration Service using Windows DCOM.
Additional Information
Microsoft has identified this as a known issue. This information is documented within the Microsoft Support link -- https://support.microsoft.com/en-us/help/4345913/access-denied-errors-after-installing-july-2018-security-rollup-update
As of the DRA 9.1 release, the legacy Web Console is no longer the default Web UI option for DRA. Future releases of DRA will remove access to the legacy web console. As of 9.0.1 and newer the Web Console is a part of the DRARestExtensions installer.