English

Bug: Remote connections to ArcGIS Server SOM and SOC fail after upgrading to Windows XP SP2 or Windows Server 2003 SP1

Description

After upgrading to Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1, remote connections to the ArcGIS Server Object Manager (SOM), by way of any ArcGIS Server client including ArcCatalog, fail with the message:

"GIS server is not running on machine X".

Additionally, communications between the SOM and remote Server Object Containers (SOCs) fail and record errors in the server log files such as:

"Access is denied"

Cause

Windows XP SP2 and Windows Server 2003 XP1 implement new DCOM communication restrictions that prevent users from launching or activating remote COM servers unless explicitly granted permission to do so.

The ArcSOM process is a COM server and as such, must be configured to grant remote launch and activation privileges to users in the agsadmin and agsusers groups.

The ArcSOC process is also a COM server and must be configured to allow remote launch and activation privileges for the ArcSOC account user.

Workaround

To correct this problem, edit the global launch and activation permission limits for the machines hosting the ArcGIS Server components (SOM and SOC) and the launch and activation permissions for the ArcSOM process itself.

Before proceeding verify:
- the name of the machine where the ArcGIS Server Object Manager is installed, also called the SOM machine, is 'SOMHost'.
- the name of the machine where the ArcGIS Server Object Container is installed, also called the SOC machine, is 'SOCHost'.
- the ArcSOM account name is 'arcsom' and the ArcSOC account name is 'arcsoc'.

Note:
Step 1 and 2 must be applied on all machines that host a SOM. Step 3 must be applied on all machines that host a SOC. If both SOC and SOM are on the same machine, apply all three steps.

Follow the steps below.

  1. Edit the DCOM launch and activation permission limits under the default properties for the machine hosting the ArcGIS Server SOM process.

    A. Navigate to Start Menu > Control Panel > Administrative Tools > Component Services.
    B. Double-click Console Root to expand it.
    C. Double-click Component Services to expand it.
    D. Double-click Computers to expand it.
    E. Right-click on 'My Computer' and select Properties.
    F. Select the 'Com Security' tab.
    G. Click the 'Edit Limits' button for Launch and Activation Permissions.
    H. Click the 'Add' button and add the SOMHost\agsadmin group in the
    'Enter object names to select (examples):' box. Click OK.
    I. Select the following check box options in the 'Permissions for Administrators' panel:
    - Local Launch
    - Remote Launch
    - Local Activation
    - Remote Activation
    J. Click the 'Add' button and add the SOMHost\agsusers group in the
    'Enter object names to select (examples):' box. Click OK.
    K. Select the following check box options in the 'Permissions for Administrators' panel:
    - Local Launch
    - Remote Launch
    - Local Activation
    - Remote Activation
    L. Click the 'Add' button and add the SOMHost\arcsom account in the
    'Enter object names to select (examples):' box. Click OK.
    M. Select the following check box options in the 'Permissions for Administrators' panel:
    - Local Launch
    - Remote Launch
    - Local Activation
    - Remote Activation
    N. Click OK twice.

  2. Edit the launch and activation permission limits for the ArcSOM process.

    A. Navigate to Start Menu > Control Panel > Administrative Tools > Component Services.
    B. Double-click Console Root to expand it.
    c. Double-click Component Services to expand it.
    D. Double-click Computers to expand it.
    E. Double-click DCOM config to expand it.
    F. Right-click on ArcSOM and select Properties.
    G. Select the 'Com Security' tab.
    H. Select the 'Customize' radio button on the Launch and Activation Permissions sub-panel, if not already selected.
    I. Click the 'Edit' button for Launch and Activation Permissions.
    J. Click the 'Add' button and add the SOMHost\agsadmin account in the
    'Enter object names to select (examples):' box. Click OK.
    K. Select the following check box options in the 'Permissions for Administrators' panel:
    - Local Launch
    - Remote Launch
    - Local Activation
    - Remote Activation
    L. Click the 'Add' button and add the SOMHost\agsusers account in the
    'Enter object names to select (examples):' box. Click OK.
    M. Select the following check box options in the 'Permissions for Administrators' panel:
    - Local Launch
    - Remote Launch
    - Local Activation
    - Remote Activation
    N. Click OK twice.
    Remote connections to the SOM should now be possible.

  3. Edit the launch and activation permission limits for the machine hosting the ArcGIS Server SOC process.

    A. Navigate to Start Menu > Control Panel > Administrative Tools > Component Services.
    B. Double-click Console Root to expand it.
    C. Double-click Component Services to expand it.
    D. Double-click Computers to expand it.
    E. Right-click on 'My Computer' to and select Properties.
    F. Select the 'Com Security' tab
    G. Click the 'Edit Limits' button for Launch and Activation Permissions.
    H. Click the 'Add' button and add the SOCHost\arcsoc account in the
    'Enter object names to select (examples):' box. Click OK.
    I. Select the following check box options in the 'Permissions for Administrators' panel:
    - Local Launch
    - Remote Launch
    - Local Activation
    - Remote Activation
    J. Click OK twice.
    The ArcSOC process can now be launched and activated by a remote Server Object Manager.