<< Commerce Server 2002: Reporting — Query Best Practice | Home | Commerce Server 2002: BizDesk Campaign Manager Fails with "Call to Server.CreateObject Failed While Checking Permissions" Error Message >>
Commerce Server 2002: BizDesk Campaign Manager Fails with "Call to Server.CreateObject Failed While Checking Permissions" Error Message

Overview

The above error was occurring on both staging and live environments for a Microsoft Commerce Server 2002 system.  It took us a while to track down the cause, but eventually I fixed it.

References

The title for this post comes from the related Microsoft KB article (Microsoft KB Article 811306).  However, further steps were taken to resolve the problem and are described here.

The cause

The DCOM Configuration for the Microsoft Commerce Server ListManager Service was set to authenticate requests, but the requestors don't have the required permissions.

The solution

As explained in the KB article, changing the permissions is all that is required, but unless you do a reboot or restart the relevant services, it may still continue to fail.  So, what works?

On our box, we have:

  • Authentication Level set to Default
  • Launch and Activation Permissions
    • Administrators, INTERACTIVE, SYSTEM, TERMINAL SERVER USER
      • Local Launch
      • Remote Launch
      • Local Activation
      • Remote Activation
  • Access Permissions
    • INTERACTIVE, SELF, SYSTEM, TERMINAL SERVER USER
      • Local Access
      • Remote Access
    • SYSTEM
      • Local Access
  • Configuration Permissions
    • Administrators
      • Full Control
      • Special Permissions (appears empty)
    • CREATOR OWNER
      • Special Permissions (appears empty)
    • Power Users
      • Read
      • Special Permissions (all except Full Control, Create Link, Write DAC, Write Owner)
    • SYSTEM
      • Full Control
      • Special Permissions (appears empty)
    • Users
      • Read
      • Special Permissions (appears empty)

After changing the permissions, we restarted MS DTC using the Component Services management console and then restarted the Commerce Server ListManager Service.  For good measure I also recommend restarting the IIS Application Pools or restarting IIS completely.

It is worth noting that it didn't work until I had added Access PermissionsThe Launch and Activation Permissions were not sufficient.

The accounts INTERACTIVE and TERMINAL SERVER USER are built-in Windows Server accounts that give access to users that are logged into the server directly, either locally or via Remote Desktop or Terminal Services.  See Well-known security identifiers in Windows operating systems (Microsoft Support) for more information on these security groups.

You may need to add additional accounts depending on your own requirements.

Versions

Metadata


Bookmark with :
Digg It! DZone StumbleUpon Technorati Reddit Del.icio.us Newsvine Furl Blinklist
posted @ Tuesday, January 08, 2008 12:14 PM |

Comments

No comments posted yet.

Post Comment

Title *
Name *
Email
Url
Comment *  


Please add 1 and 7 and type the answer here: