none
Cannot access remote registry!

    Question

  • I have four windows DCs, 2x2000 Std; 1x2003 Std (Master), 1x2008 Ent

    I am able to remotly access the registry of all the DC except the 2003. I have tried manually connecting via regedit but it gives me an "Unable to connect..." error. Likewise our new Exchange 2007 installation is throwing errors like "Active Directory server: Registry cannot be accessed".

    I have managed to determine that there is an issue with WMI
    "Failed to initialize all required WMI classes."
    Win32_Processor: WMI: Access denied
    Win32_OperatingSystem: WMI: Access denied

    I am new to this sort of problem and so have little to no experience with group policy or permissions. Below are the current group policy settings for the 2003 master and 2008 DC.

    From the server that cannot be accessed
    Default Domain Security Settings
    2003: Local Policies\User Rights Assignment\Access this computer from the network\{Not Defined}
    2008: Local Policies\User Rights Assignment\Access this computer from the network\{Not Defined}

    Default Domain Controller Security Settings
    2003: Local Policies\User Rights Assignment\Access this computer from the network\{administrators;auth users;everyone;etc web users...}
    2008: Local Policies\User Rights Assignment\Access this computer from the network\{Not Defined}
    (Have tried adding administrators; and auth users to 2008 manually without success)

    Local Computer Policy
    2003: Local Policies\User Rights Assignment\Access this computer from the network\{administrators; auth users; ent domain controllers; everyone;  etc web users...}
    2008: Local Policies\User Rights Assignment\Access this computer from the network\{Not Defined}

    I know they are different becuase they are not replicating becuase the registry on the 2003 box cannot be accessed but how do I fix this?

    Thanks
    Thursday, March 27, 2008 7:09 PM

Answers

  • Yeah, I checked that remote registry service was running, there were not error in the event viewer either.

    I know this wont help anyone in the future, with the same problem; but I did manage to solve the problem by wiping the machie and starting over.

    Thanks for you help I really do appreciate it.
    Monday, March 31, 2008 3:20 PM

All replies

  • I'm not quite sure what you are trying to accomplish?

     

    A few points to remember (appologies if this is obvious but I'm trying to figure out what you are looking for.

    1) Default domain secruity settings apply to all systems/users in the domain, Unless block inheritnace etc. is being utilized

    2) Default Domain controll secruity settings - only apply to DCs

    3) Local computer policy - is the setting on the local machine

     

    So, with the inheritance model in place if you are trying to reach remotely to a system that is a DC you need to look the the Default Domain and Default Domain Controller settings.. If you are trying to access a non-DC then only the default domain policy.

     

    It does seem like a permissions issue. you can open GPMC and do a RSoP report to see if there are conflicting settings being applied to the remote system.

     

    anyway, try to add a little more of what you are trying to accomplish, it may help.

     

    Kevin

     

     

    Friday, March 28, 2008 3:38 PM
  • What I am really trying to say is:
    I am getting an error from the new exchange server 2007 because the registry on the master DC in inaccessible. I can connect to the server's shares, remote desktop, and printers; just not its registry. I have checked the permissions on the registry key's themselves but they all look ok. I have also checked the permissions of the servers registry key HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg (If its even relevant). I can access the registry from the local computer but not remotly.

    Thanks
    Friday, March 28, 2008 5:22 PM
  •  

    Hi,

     

    The remote registry doesn't have relationship with WMI. So it seems not to be a permission issue.

     

    While it is simple but always be ignored:

     

    1.     Please try to check whether Remote Register Service in Services.msc is normally started. Ensure the logon for Remote Registry Services is set to “NT AUTHORITY\LocalService”

     

    2.   Indentify the 'File and Printer Sharing for Microsoft Networks' is enabled on the network interface card in Windows Server 2003.  

     

    Hope this will helps.

    Monday, March 31, 2008 7:25 AM
  • Yeah, I checked that remote registry service was running, there were not error in the event viewer either.

    I know this wont help anyone in the future, with the same problem; but I did manage to solve the problem by wiping the machie and starting over.

    Thanks for you help I really do appreciate it.
    Monday, March 31, 2008 3:20 PM