FIX: "Access is denied" status error when you use a delegated user account to try to monitor services in Forefront Threat Management Gateway 2010

Article ID: 2701952 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You use a Microsoft Forefront Threat Management Gateway 2010 array that contains several users in a workgroup.
  • You delegate the administration of the array to a user account that is not part of the built-in administrator account.
  • The user account is mirrored on each member server of the array and is part of the local Administrators group of each member server.
  • You use the user account to open Microsoft Management Console (MMC) in Forefront Threat Management Gateway from one of the following:
    • A member server that is not the "Report Server"
    • A Forefront Threat Management Gateway remote management computer.
  • You try to monitor the Forefront Threat Management Gateway services on the Services tab.

In this scenario, you notice that the SQL Server (ISARS) and SQL Server Reporting Services (ISARS) services are running on the Report Server and that these services report the following status error:
Service status cannot be determined: Access is denied.

Note This same status error can be seen for the Email protection service if the service is being used on the array. Additionally, the following services display the same status error:
  • Exchange Edge Transport Server role
  • Microsoft Protection for Exchange Server 2010
Back to the top | Give Feedback

CAUSE

This problem occurs because Forefront Threat Management Gateway does not set the service permissions in such a way that the user account can query the status of the services.
Back to the top | Give Feedback

RESOLUTION

To resolve this issue, install the hotfix package that is described in the following Microsoft Knowledge Base article:
2689195
(http://support.microsoft.com/kb/2689195/ )
Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684
(http://support.microsoft.com/kb/824684/ )
Description of the standard terminology that is used to describe Microsoft software updates

Back to the top | Give Feedback

Properties

Article ID: 2701952 - Last Review: May 4, 2012 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
Keywords: 
kbexpertiseinter kbbug kbsurveynew kbqfe kbfix KB2701952
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top