"); gbWndPopupLinks.document.close(); if (!s_bNS3 && gbWndTemp != null) { gbWndTemp.close(); }else { gbWndPopupLinks.focus(); } return true; } return false; } onload = BSSCOnLoad; document.onclick = BSSCOnClick; onunload = BSSCOnUnload; onerror = BSSCOnError; function reDo() { if (innerWidth != origWidth || innerHeight != origHeight) location.reload(); } if ((parseInt(navigator.appVersion) >= 4) && (navigator.appName == "Netscape")) { origWidth = innerWidth; origHeight = innerHeight; onresize = reDo; } //-->

Issue 5 - User Rights

The workstation user must have enough rights on the server to be able to communicate with the NPLSecure service.

Diagnostic

Simply being able to view files in a directory does not necessarily mean that the user has enough rights to start a service.

Be sure that the user id you are using for the client is set up in the server's Administration Tools/User Manager display, and has enough rights. When the user is logged in, verify that on the server.

Use DCOMCNFG on the server and clients. Make sure the 'Distributed COM' option under the 'Default Properties' tab is enabled.

Check whether the server and clients are in the same domain or workgroup; if they are not, the Windows security configuration issues will be much more complicated.

Example 5.A

Installed on a Windows 2000 server and a Windows 2000 client. Tried to start the RunTime on the client, and got the following error message:

NPLSecure error code 14
Server win2k.local.test.
Last DCOM error: access is denied.
Make sure NPLsecure service is installed correctly.

The Event Viewer system log on the client contained the following error message:

Source: DCOM
Event ID: 10006
Description: DCOM got error 'General access denied error' from the computer win2k.local.test when attempting to activate the server.

DCOMCNFG was used on the client and server to confirm that the 'Distributed COM' option was enabled on both computers, and that the access and launch permissions for the NPLSecure service were correct. The client was able to 'ping win2k.local.test' successfully.

Solution

The user's account was found to be in the Guest group, which had minimal access privileges.

It was also found that the server was not in the same domain as the client, so the server could not authenticate the client's credentials within the domain. It checked the login name and password under which the user had logged onto the client, and these did not match any accounts on the server, so the server refused to grant access.

The issue was resolved by setting up a user account on the server with the same name and password that were being used on the client, and moving the user to another group with sufficient access privileges to start the NPLSecure service. Alternatively, the server and/or client could have been reconfigured to put them in the same domain, allowing the server and client to share their credentials.

Example 5.B

Windows 2000 domain controller
  Does not have NPL installed on it.

NT 4.0 server:
  NPL is installed on it
  Not a domain controller
  Does not log into the domain
  Is a member of a workgroup

Windows 98 Workstation
  Logs into the domain
  Is also a member of the same workgroup as the NT 4.0 server.
  The user has the same user name for logging into the domain and the NT 4.0 server (where NPL is installed) but uses different passwords.

Try to run the runtime and the Windows blue screen is displayed with the text:

A fatal exception 0E has occurred at 0028:C02D197A in VXD VREDIR(06)
+ 00006B3A. The current application will be terminated.

· Press any key to terminate the current application.
· Press CTRL+ALT+DEL again to restart your computer. You will lose any unsaved information in all applications.

Press any key to continue

Then an NPLSecure error dialog:

NPLSecure error code 14
Server servername
Last DCOM error: The remote procedure call failed.

Solution

Make sure the usernames and passwords are the same for both the domain and the computer with NPL on it. The username and password being used must be valid on the server where NPL is installed.

Example 5.C

User installed pcAnywhere on the server, then removed it. Now NPL Runs fine on the server but I get NPLSecure error 24 with the text "Call was rejected by callee" from the workstations.

What happened? The full version of pcAnywhere 10.5 can be installed two ways: "pcAnywhere for the Individual" or "pcAnywhere for the Professional".

When "pcAnywhere for the Individual" is installed on a system and later it is uninstalled, DCOM is disabled by the uninstallation process. If "pcAnywhere for the professional" is installed, when it is uninstalled DCOM is not disabled.

Solution

To re-enable DCOM after pcAnywhere for Individuals has removed it, run dcomcnfg.exe.

On NT 4.0 and Windows 2000 workstations and servers:

1. Select the Default Properties tab.
2. Place a check next to "Enable Distributed COM on this computer".
3. Click OK and close the window.
4. Reboot the machine for the changes to take effect.

On Windows XP Professional:

1. Click on Component Services,
2. Click on the Computers folder,
3. Right click on the computer where you want to enable DCOM.
4. Select properties.
5. Select the Default Properties tab.
6. Place a check next to "Enable Distributed COM on this computer".
7. Click OK and close the Component Services window.
8. Reboot the machine for the changes to take effect.

NPL should run like it did before.