AD server: Registry & WMI cannot be accessed
When I use the best practices analyzer connectivity test I get the the following errorsActive Directory server: Registry cannot be accessed and
Cannot connect to the registry on server SERVERNAME.trusteed.local. This could be the result of a network or permissions problem. Error: Either a required impersonation level was not provided, or the provided impersonation level is invalidActive Directory server: WMI cannot be accessed
Cannot connect to the Windows Management Instrumentation (WMI) repository on server SERVERNAME.trusteed.local. This could be the result of a network or permissions problem. Error: Access denied Single Forest, Single DomainExchange 2007 SP1 running on Windows Server Ent 2008.Master DC is running Windows 2003 SP 2I have followed the directions here but still no luck.Thanks
March 27th, 2008 8:16pm
Is remote registry activated ?
Regards,
Johan
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2008 5:52pm
Looks like permission issue, try with account with has full admin rights on DC & Exchange.
April 9th, 2008 6:21pm
I was unable to remidy this issue so I had to wipe the machine and start over.Thanks for your time and effort.
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2008 10:54pm
I actually have the same problem. 1. I tried all 5 steps and none fixed it.2.How do I tell it the account information for the Edge server? Its a local account not an AD account.1.The Microsoft Exchange Server Analyzer Tool uses remote procedure calls (RPCs) to read the CurrentVersion string value from the following registry key on the Exchange Server computer:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\CurrentVersion
If the Exchange Server Analyzer cannot read this registry value for any reason, an error is displayed.
To correct this error
Ensure that the Exchange Server computer has been started and is
connected to the network
Use the Ping command to see if the Exchange Server computer
is reachable
If there is a firewall in place, check to see if RPC ports are
blocked
Ensure that the Remote Registry service on the Exchange
Server computer has been started.
Check the permissions for the account under which the Exchange Server Analyzer Tool is running to ensure that it has sufficient permissions to read the registry on the Exchange Server computer.
For more information about troubleshooting network connectivity problems, see the Microsoft Knowledge Base article 325487, "How to troubleshoot network connectivity problems" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=325487).
For more information about troubleshooting Exchange Server Best Practices Analyzer Tool connectivity problems, see "Microsoft Exchange Server Best Practices Analyzer Tool Troubleshooting Connectivity Problems" (http://go.microsoft.com/fwlink/?linkid=56285).
2.The Microsoft Exchange Server Analyzer Tool queries the Win32_ComputerSystem Microsoft Windows Management Instrumentation (WMI) class to determine whether a value is set for the Name key. If the WMI query fails, and the Exchange Server is not running on Microsoft WindowsNT Server4.0, the Exchange Server Analyzer displays an error.
There are two likely causes for this error:
The account that runs the Exchange Server Analyzer does not have sufficient permissions to query WMI classes.
A network issue is preventing the Exchange Server Analyzer from contacting the computer.To correct this error
Make sure that the Exchange Server computer has been started and is connected to the network.
Use the PING command to see if the Exchange Server computer is reachable.
If there is a firewall, check to see if remote procedure call (RPC) ports are blocked.
Examine the permissions for the account under which the Exchange Server Analyzer is running. The account under which the Exchange Server Analyzer is running must have local Administrator permissions on each Exchange server that it is scanning.
Alternatively, you can grant specific WMI permission to the account under which the Exchange Server Analyzer is running:
On the Exchange computer, open the Computer Management Microsoft Management Console (MMC) tree.
Under Services and Applications, right-click WMI Control, and then click Properties.
On the WMI Controls Property page, click the Security tab, and then expand Root.
Select the CIMV2 folder, and click Security.
On the Security for ROOT\CIMV2 page, add the account under which the Exchange Server Analyzer runs.
Select the account that you added in Step 5 above. In Permissions for Selected_Account, under the Allow column, select both Remote Enable and Read Security, and then click OK.
For more information about troubleshooting network connectivity problems, see the Microsoft Knowledge Base article 325487, "How to troubleshoot network connectivity problems" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=325487).
For more information about troubleshooting Exchange Server Best Practices Analyzer Tool connectivity problems, see "Microsoft Exchange Server Best Practices Analyzer Tool Troubleshooting Connectivity Problems" (http://go.microsoft.com/fwlink/?LinkId=56285).
For more information about port requirements, see the Knowledge Base article 832017, "Service overview and network port requirements for the Windows Server system" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=832017).
August 5th, 2008 4:48pm
I am having the same Exchange 2007 problem.Exbpa running on the exchange 2k7server (lan) cannot contact the edge server(dmz). Iverifiedthe dns settings. The firewall is wide open from lan to edge server I can ping the edge server just fine. In response to the last post.The admin accounton the exchange server running exbpa is onour local domain internally and does not exist on the edge server which is not on the domain and has connectivity via ADAM. How can I give permissions toaccess the remote registry on the edge server? Am I missing something here?
Free Windows Admin Tool Kit Click here and download it now
August 7th, 2008 9:32pm