When trying to remotely install the ServerProtect Normal Server to a Windows host, the following error message may appear:
"Error: Failed to complete this operation.
Target server: <servername> (538051622)"
Here are the additional information for this scenario:
- The ServerProtect Information Server (IS) is on Windows 2008 R2 x64 and is a member of a domain.
- The target ServerProtect Normal Server (NS) is on Windows 2003 x64 and is not a member of a domain.
- The target ServerProtect NS is located in a DMZ.
- The necessary ports have been confirmed to be set in the firewall. The ports are stated in this Knowledge Base article:
- The ServerProtect NS is successfully installed, but cannot be added from the management console. The error message, "No response from the server [servername]", appears.
- Running a packet capture trace indicates a binding for NTLMSSP_AUTH from IS to NS with the value domain\servername$.
This issue happens due to the changes in Windows 2008 R2, which affect the RPC binding between the SPNT Normal Server and Information Server. These are the changes in the NTLM Authentication regarding session security and the NTLM fallback for System Services.
Since this issue has been isolated to happen only on Windows 2008 R2, this will not occur when the Information Server is hosted on a Windows 2003 or 2008 server.
You can refer to this article for additional information about this topic:
To resolve this issue, please do the following:
- Go to Control Panel > Administrative Tools > Local Security Policy .
- Under Local Policies, go to Security Options .
- Change the following settings:
- Network Security: Allow "Local system" to use "Computer identity" for NTLM. Set this value to "DISABLED".
- Network Security: LAN Manager authentication level - Set this value to "Send LM & NTLM". Use NTLMv2 session if needed.
- Network Security: Minimum session security for NTLM SSP-based (including secure RPC) clients. Disable "Require 128-bit encryption" if it is enabled. If the configuration is "No minimum", then do not change this setting.
- Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers. Disable "Require 128-bit encryption" if it is enabled. If the configuration is "No minimum", then do not change this setting.
- Network access: Let the "Everyone" permission apply to "anonymous users". Set this value to "ENABLED".
After completing the changes on the ServerProtect IS hosted on a Windows 2008 R2 server, the following functionalities will work:
- Installation for a new ServerProtect Normal Server from the management console
- Addition of an existing ServerProtect Normal Server from the management console
- Deployment of product update/upgrades from the management console
If the above steps did not resolve the issue, then do the following: