Resolution
fact
Directory and Resource Administrator 6.60
symptom
Error: 'Access denied' when launching the Directory and Resource Administrator MMC interface on a client workstation running Windows XP SP1.
symptom
cause
This error occurs because of an issue in Kerberos security which requires the UserToUser protocol when targeting a user account.
fix
fix
A workaround for this issue is to upgrade the operating system of the Directory and Resource Administrator server to Windows 2003.
note
Directory and Resource Administrator 6.60
symptom
Error: 'Access denied' when launching the Directory and Resource Administrator MMC interface on a client workstation running Windows XP SP1.
symptom
The error occurs when attempting to connect to an administration server running Windows 2000 server managing a Windows 2003 domain.
cause
This error occurs because of an issue in Kerberos security which requires the UserToUser protocol when targeting a user account.
fix
Microsoft has acknowledged this as a problem and has resolved it in hotfix Q328194.
The hotfix is not available publicly and cannot be distributed by NetIQ. In order to obtain it, please contact Microsoft and reference issue number Q328194. The hotfix must be installed on the Windows 2000 server running the Directory and Resource Administrator server component.
fix
A workaround for this issue is to upgrade the operating system of the Directory and Resource Administrator server to Windows 2003.
note
The above discussed problem is encountered only if the following criteria are met:
- The Directory and Resource Administrator server is running on a Windows 2000 Member Server.
- Directory and Resource Administrator is managing a Windows 2003 domain.
- The Assistant Admin launches the MMC interface from a workstation running Windows XP SP1.
Additional Information
Formerly known as NETIQKB28652