NetIQ AppManager 7.0.x
NetIQ AppManager 8.x
NetIQ AppManager MFXP Module
Use the following tips to help resolve this issue.
- Verify that the DCOM impersonation level is set to "impersonate."
Verify that the IMA DataStore can be successfully reached from the failing server. You *should* be able to verify this by creating an ICA session from that server.
Per the Citrx SDK in regards to security:
MFCOM Security Implementation
MFCOM uses RPC impersonation to control access to the IMA and the data stored in the IMA databases.
Only MetaFrame administrators are allowed to access the IMA and its data. To ensure that users using MFCOM calls to access the administrative functions are subject to the same access restrictions, MFCOM runs its calls in the context of the calling user by impersonating the user before accessing the IMA.
Security enforcement is performed in the IMA, which checks the administrative privileges of the impersonated user against the access privileges assigned to the user by a full administrator who has full access to the IMA.
Impersonation is the only technology used in MFCOM for access security.
It continues to say:
The following procedure is not necessary for most MetaFrame installations unless the system administrator has changed the DCOM configuration. If some of the SDK applications fail to execute, or display error messages, perform the steps in Configuring DCOM Access Permissions on Windows 2000 or Configuring DCOM Access Permissions on Windows 2003 to ensure that the DCOM settings are correctly configured.
Since MFCOM uses impersonation to implement security, the MetaFrame system must be configured to use impersonation in the DCOM security setting. Set the Default Impersonation Level setting to Impersonation because no other setting will work with MFCOM.
MFCOM initializes the access security by itself and ignores the access permissions set by the system.
Configuring the DCOM Access Permissions On Windows 2003:
- Run the DCOMCNFG tool at a command line prompt.
- Expand Component Services and Computers
- Right-click My Computer
- Click the Default Properties tab
- Verify that Enable Distributed COM on this computer is selected
- Verify that Impersonate is selected in the Default Impersonation Level drop-down list
- Click OK