반품
-
제목
Business logic error Access denied when installing the Administrative Service or Administrative Service always querying -
설명
1- When tried to install the Administrative Service got a pop-up message saying: "Business logic error: Access is denied. (Exception from HRESULT:0x800700005 (E_ACCESSDENIED))".
2- The Administrative Service is in querying or calculating status and never stops.
-
원인
Microsoft DCOM authentication hardening was applied to the server affecting the communication between the Administrative Service and the Desktop Authority Manager Service for this reason, the Administrative Service is not able to report the status and the service cannot be re-installed or installed.
The Windows System Event log will show the following:
“The server-side authentication level policy does not allow the user DOMAIN\USERID SID (DOMAIN\USERID) from address to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.”
For more details about the DCOM Hardening process please visit the sites below:
KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)
DCOM authentication hardening: what you need to know
-
해결 방안
This situation has been reported under the Defect Number DAMS-5526.
By now there is an option to disable the DCOM Hardening using a Registry key and this option will be available until March 14, 2023, according to Microsoft.
Registry setting to enable or disable the hardening changes:
Enable or disable the hardening changes using the following registry key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
Value Name: "RequireIntegrityActivationAuthenticationLevel"
Type: dword
Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to enabled.
Note: Enter Value Data in hexadecimal format.
Important: Restart your device after setting this registry key for it to take effect.
After March 14, 2023, apply all the cumulative Microsoft patches on the KDA server and the DCs in order to have the Administrative service installed.
If the problem persists after applying all the Microsoft updates, please contact Contact Support.
