FIX: "Access is denied" status error when you use a delegated user account to try to monitor services in Forefront Threat Management Gateway 2010

Article ID: 2701952 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You use a Microsoft Forefront Threat Management Gateway 2010 array that contains several users in a workgroup.
  • You delegate the administration of the array to a user account that is not part of the built-in administrator account.
  • The user account is mirrored on each member server of the array and is part of the local Administrators group of each member server.
  • You use the user account to open Microsoft Management Console (MMC) in Forefront Threat Management Gateway from one of the following:
    • A member server that is not the "Report Server"
    • A Forefront Threat Management Gateway remote management computer.
  • You try to monitor the Forefront Threat Management Gateway services on the Services tab.

In this scenario, you notice that the SQL Server (ISARS) and SQL Server Reporting Services (ISARS) services are running on the Report Server and that these services report the following status error:
Service status cannot be determined: Access is denied.

Note This same status error can be seen for the Email protection service if the service is being used on the array. Additionally, the following services display the same status error:
  • Exchange Edge Transport Server role
  • Microsoft Protection for Exchange Server 2010

CAUSE

This problem occurs because Forefront Threat Management Gateway does not set the service permissions in such a way that the user account can query the status of the services.

RESOLUTION

To resolve this issue, install the hotfix package that is described in the following Microsoft Knowledge Base article:
2689195 Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2701952 - Last Review: May 4, 2012 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
Keywords: 
kbexpertiseinter kbbug kbsurveynew kbqfe kbfix KB2701952

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com