1.877.778.2753

TASKE Support Knowledge Base

Summary

When deploying a TASKE web application Microsoft® Internet Information Services (IIS) must reside on the TASKE web server computer. Security features introduced with some Windows operating systems will deny the TASKE application access to resources on the server computer. This article will describe how to diagnose and provide sufficient permissions to the TASKE application in order to function.

Issue

One of the following errors displays when attempting to access the log in page for a TASKE web application:

<<TASKE Web Application Name> Services Are Not Running

The <TASKE web application name> Services are not running or cannot be located. Please consult with your system administrator.

In TASKE Console, all required TASKE servers and services are running.

Reason

Windows security features are denying access to the default user accounts (IUSR and IWAM) for IIS. The TASKE Web Server application uses these accounts to communicate with the client applications.

Solution

The permissions to the IIS user accounts must be changed to accept requests from the TASKE Web Server application. Use one of the following two methods from the TASKE web server computer to change the permissions for these accounts. The second method is more secure, but the user accounts may need to be unblocked again if the TASKE web server components are re-installed or upgraded. The first method unblocks the user accounts permanently, but is less secure.

If  you still receive a Services Are Not Running error, follow the steps listed in Article 10175 to recreate the IIS IUSR and IWAM accounts.

If you still receive a Services Are Not Running error, the Windows Firewall may be blocking the TASKE applications. Refer to Article 10120 for instructions on how to add TASKE to the exceptions list in Windows Firewall.

Grant All Applications Access to the IIS IUSR and IWAM Accounts

Use the following instructions from the TASKE web server computer to grant all applications access to the IIS IUSR and IWAM user accounts.

  1. Select Run from the Windows Start menu and run dcomcnfg.exe to open the Component Services window.
  2. In the Console Root tree, expand Component Services, expand Computers, right-click My Computer, and select Properties. If a Windows Security Alert displays, click Unblock add the Microsoft Management Console to the Firewall Exceptions list.
  3. In the My Computer Properties, select the COM Security tab. Click Edit Default in the Launch and Activation Permissions section to open the Launch Permission dialog box.
  4. Click Add to open the Select Users dialog box and click Locations to open the Locations dialog box. Select the computer name at the top of the location list and return to the Select Users dialog box. In the Enter the object names to select box, enter:
    For Windows 2008: IUSR
    For all other Windows OS: IUSR_<machine name>; IWAM_<machine name>

    where <machine name> is the local computer name.

  5. Return to the Launch Permission dialog box and enable the Allow check boxes for Local Launch, Remote Launch, Local Activation, and Remote Activation for the selected users.
  6. Close all windows. Select Run from the Windows Start menu and run iisreset.exe to stop and restart IIS.
Grant the TASKE Web Server Access to the IIS IUSR and IWAM Accounts

Use the following instructions from the TASKE web server computer to grant the TASKE Web Server access to the IIS IUSR and IWAM user accounts.

  1. Select Run from the Windows Start menu and run dcomcnfg.exe to open the Component Services window.
  2. In the Console Root tree, expand Component Services, expand Computers, expand My Computer, and expand DCOM Config. If a Windows Security Alert displays, click Unblock add the Microsoft Management Console to the Firewall Exceptions list.
  3. Scroll down the DCOM Config list, right-click ttwebsv and select Properties. In the ttwebsv Properties, select the Security tab, enable the Customize radio button in the Launch and Activation Permissions section, and click the Edit button to open the Launch Permission dialog box.
  4. Click Add to open the Select Users dialog box and click Locations to open the Locations dialog box. Select the computer name at the top of the location list and return to the Select Users dialog box. In the Enter the object names to select box, enter:
    For Windows 2008: IUSR
    For all other Windows OS: IUSR_<machine name>; IWAM_<machine name>

    where <machine name> is the local computer name.

  5. Return to the Launch Permission dialog box and enable the Allow check boxes for Local Launch, Remote Launch, Local Activation, and Remote Activation for the selected users.
  6. Close all windows. Select Run from the Windows Start menu and run iisreset.exe to stop and restart IIS.

Applies to:

Telephone Systems:

  • All

Tags:

administrationIISIUSRIWAMsecurityservice

Leave a Comment

You must be logged in to post a comment.