This article has been archived. It is offered "as is" and will no longer be updated.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Consider the following scenario. You install Microsoft iSCSI Initiator 2.0 on a Microsoft Windows 2000 Server-based computer. Then, you try to discover iSCSI targets. Or, you try to stop or to restart the iSCSI service. In this scenario, you experience the following symptoms:
The iSCSI service does not start.
During the installation of iSCSI Initiator 2.0, you receive the following error message:
An error occurred while setting security for the WMI interface. A required privilege is not held by the client. Please see the Microsoft iSCSI Initiator documentation for further information.
When the iSCSI service tries to start, you receive the following error message:
Could not start the Microsoft iSCSI Initiator Service service on Local Computer. Error 1314: A required privilege is not held by the client.
The following events are logged in the System log:
Event ID - 106 Error 0x00000522 while initializing iSCSI initiator service at checkpoint 6.
Event ID - 7023 The Microsoft iSCSI Initiator Service service terminated with the following error: A required privilege is not held by the client.
This problem occurs if you use the Audit object access policy setting to enable auditing on the Windows Management Instrumentation (WMI) GUIDs before you install iSCSI Initiator 2.0. Specifically, this problem occurs if one of the following conditions is true:
The security descriptors that are assigned to the WMI interfaces for iSCSI are not valid.
The security descriptors that are assigned to the WMI interfaces for iSCSI have SACLs assigned to them.
Note A SACL is a data structure that is included in a security descriptor. A SACL indicates that auditing for the object should be performed. WMI GUIDs do not support auditing.
If a WMI GUID is accessed when the security descriptor for the GUID includes a SACL, the "error occurred while setting security for the WMI interface" error that is mentioned in the "Symptoms" section is returned.
To resolve this problem, use one of the following methods.
Method 1: Disable the audit policy
Note This is the recommended method.
To resolve this problem, make sure that the Audit object access policy setting is set to No auditing. To do this, you must determine where the policy is set on all levels that apply to the system. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
314955 How to audit Active Directory objects in Windows 2000
Method 2: Delete the relevant values from the registry
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. You may be able to resolve this problem by manually deleting the relevant values from the registry.
If you manually delete the relevant values, these GUIDs will use the default security descriptor for WMI GUIDs. This functionality could allow unauthorized users to access the WMI GUIDs.
If you use this method, and then you reinstall iSCSI Initiator 2.0, you must use this method again to delete the registry values after the reinstallation.
To delete these registry values, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey: