FIX: BUG: MTS Trusted Impersonators Group Name Is Too Long

 Last reviewed: March 4, 1998
Article ID: Q181775
The information in this article applies to:
  • Microsoft Transaction Server version 2.0

SYMPTOMS

Unexpected behavior may occur when you access Microsoft Transaction Server (MTS) components that have package security enabled from Internet Information Server 4.0 Active Server Pages on a backup domain controller (BDC) with the latest Windows NT QFE installed. Users who should have access may be denied access and users who do not have access may be allowed. In addition, the ISecurityProperty information can be incorrect.

CAUSE

When Microsoft Transaction Server (or Internet Information Server version 4.0) is installed on a BDC, a global group is created instead of a local group. The "MTS Trusted Impersonators" group name length (25 characters) exceeds the maximum length allowed for a global group name. The global group name has a 20 character limit, but the local group name can have up to 256 characters.

WORKAROUND

To work around this problem, perform the following the procedure:

  1. Shut down the Internet Information Server (IIS) and/or the MTS Administrative console.

  2. Open a command window.

  3. At a command prompt, run "net stop iisadmin /y" to shut down the IIS services.

  4. At a command prompt, run "net stop msdtc" to shut down the Microsoft Distributed Transaction Coordinator (DTC) service.

  5. At a command prompt, run "mtxstop.exe" to stop all MTS server processes.

  6. From the command prompt, run "usrmgr.exe" to start User Manager for Domains.

  7. Delete the "MTS Trusted Impersonators" global group.

  8. Create a new local group named "MTS Trusted Impersonators".

  9. Add the IWAM_<MachineName> account to the local group.

  10. Close User Manager for Domains.

  11. At a command prompt, run "net start mstdc" to restart the DTC service.

  12. At a command prompt, run "net start w3svc" to restart the IIS services.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Transaction Server version 2.0. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information. 

Keywords          : TSrvSecurity kbbug2.00
Version           : WinNT:2.0
Platform          : winnt
Issue type        : kbbug
Solution Type     : kbfix

================================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: March 4, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.