BlueCielo Meridian Enterprise 2017 SP1 Administrator's Guide

Enabling DCOM

DCOM might be disabled on the Meridian application server or client computers manually by IT personnel for security reasons or by a script (or group policy) or other software that is installed on the server or client computer.

To enable DCOM on client computers:

1. Open Registry Editor on the client computer and locate the following key:

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
   

2. Change the EnableDCOM value to Y.
3. Reboot the client computer.

To enable DCOM on Meridian server computers:

1. Open dcomcnfg.exe from a command (CMD) window on the server.
2. Expand Component Services, expand Computers, right-click My Computer, and then click Properties.
3. Click the Default Properties tab.
4. Enable the Enable Distributed COM on this computer option and then click OK.

Note    Another cause of failed DCOM communications can be a software firewall on the server, including the integrated Windows firewall. Test this possibility by temporarily disabling the firewall and testing for the client error. If access succeeds, configure the firewall to allow DCOM communication as described in Allowing Web Access through a firewall.

DCOM access can also fail when attempting to open a vault that is hosted on a Windows 2008 R2 (or higher) server. The error message is Failed to get list of vaults on computer 'ServerName'. A security package specific error occurred. This error does not occur from a Window 7 (or higher) client computer.

This error occurs because the user is not properly authenticated by the server as described in Error 80070721 Occurs When Instantiating a COM Component on a Remote Windows 2008 Server in MSDN.

To resolve this issue, we recommend that you implement one of the following solutions:

Solution 1

Configure a Service Principal Name (SPN) for the user as described in the previous linked article and in the setspn command description in the Windows Server 2008 Command-line Reference.

Run the following command on the Windows 2008 R2 server:

setspn -A http/<DomainName> <AccountName>

Solution 2

Allow the computer to be trusted for delegation as described in Allow a computer to be trusted for delegation in Microsoft TechNet. This solution may not be permitted by your organization's security policy. Consult a system administrator before implementing this solution.

Solution 3

Ensure that only one version of the Server Message Block (SMB) protocol (SMBv1 or SMBv2) is used by Windows Server. BlueCielo software depends on the SMB protocol and if you disable all versions of it, vault access will fail. For more in depth information about the SMB protocol versions, see How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server.