DMZ installation: Server.CreateObject Access error while Self-Service portal does not work

Email It to Me Print this Page
Symptoms Admin and Helpdesk portals return an Server.CreateObject Access error:
User-added image

Self Service portal does not load at all, 
User-added image 
Cause To communicate with each other, the front-end and the back-end servers need an account. The account should be created during configuration steps as per the administration guide (called IUSR_Netwrix_DMZ)

The issue occurs when the IUSR_Netwrix_DMZ account does not have permissions to access the COM object of Netwrix Password Manager on the back-end.
Resolution Make sure that:
  1. The IUSR_Netwrix_DMZ account is specified in IIS Basic settings at Connect as
User-added image
  1. The IUSR_Netwrix_DMZ is added to local Distributed COM Users group on both front-end and back-end servers
  2. The IUSR_Netwrix_DMZ is NOT added to the User Rights Assignment – Deny Access to this computer from the network local policy on the back-end 
NOTE. The guide says that USR_Netwrix_DMZ should be a member of Guests group on both server. However if the mentioned policy is enabled, Guests are denied access, so either disable the policy, or remove the account from Guests group in this case.
http://technet.microsoft.com/en-us/library/dn221954.aspx
  1. Default DCOM settings on both the front-end and the back-end grants full access to local Distributed COM Users
User-added image
  1. Netwrix Password Manager COM object on allows access to Everyone
User-added image
 
Was this information helpful?