You receive an "unable to access registered trace providers" error message when you try to create a trace log while you are logged on to a Windows Server 2003 SP1-based remote computer as a PLUG member (892407)


The information in this article applies to:

  • Microsoft Windows Server 2003 SP1

SYMPTOMS

Assume the following scenario. You are logged on to a Microsoft Windows Server 2003 Service Pack 1 (SP1)-based remote computer as a Performance Log Users Group (PLUG) member. You try to create a trace log. However, you cannot create the trace log, and you receive an error message that is similar to the following:
Unable to access registered trace providers on MachineName. The Trace Log Name properties will not be opened. System message is: Access is denied.
Additionally, you cannot add a performance counter. This symptom occurs when you use Windows Management Instrumentation (WMI) to try to add the performance counter.

CAUSE

This behavior occurs because the security changes to Microsoft Windows XP Service Pack 2 (SP2) were integrated into Windows Server 2003 SP1. These security changes configure certain default settings. Some of these default settings cause the symptoms that are mentioned in the "Symptoms" section.

WORKAROUND

To work around this behavior, follow these steps on the Windows Server 2003 SP1-based remote computer:
  1. Configure the firewall to enable remote procedure calls (RPCs). To do this, follow these steps:
    1. Download and install the Windows Server 2003 Resource Kit tools. The following file is available for download from the Microsoft Download Center:

      DownloadDownload the rktools.exe package now.

      Release Date: April 28, 2003

      For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

      119591 How to obtain Microsoft support files from online services

      Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
    2. Click Start, click Run, type gpedit.msc, and then click OK to open Group Policy Object Editor.
    3. In the left pane, expand Computer Configuration, expand Administrative Templates, expand System, and then click Remote Procedure Call.
    4. In the right pane, double-click Restrictions for Unauthenticated RPC clients, click Disable, click OK, and then quit Group Policy Object Editor.
    5. Click Start, click Run, type cmd, and then click OK.
    6. At the command prompt, type netsh firewall add portopening protocol = TCP port = 135 name = RPCCalls, and then press ENTER.
    7. At the command prompt, type rpccfg /pi 1024-65536, and then press ENTER.

      Note The Rpccfg utility is included in the Windows Server 2003 Resource Kit tools.
  2. Give the user account Component Object Model (COM) security permissions on the remote computer. To do this, follow these steps:
    1. Click Start, click Run, type %windir%\system32\com\comexp.msc, and then click OK to open Component Services.
    2. In the left pane, expand Component Services, expand Computers, right-click My Computer, and then click Properties.
    3. On the COM Security tab, click Edit Limits under Launch and Activation Permissions.
    4. Click Add, add your user name, and then click OK.
    5. Under Group or user names, click your user name, click to select the Allow check box for the Remote Activation permission, and then click OK two times.
  3. Give the user account security permissions for Windows Management Instrumentation (WMI) and for the Common Information Model (CIM) namespace on the remote computer. To do this, follow these steps:
    1. Click Start, click Run, type compmgmt.msc, and then click OK to open the Computer Management tool.
    2. In the left pane, expand Services and Applications, right-click WMI Control, and then click Properties.
    3. On the Security tab, expand Root, click WMI, and then click Security.
    4. Click Add, add your user name, and then click OK.
    5. Click your user name under Group or user names, click to select the Allow check box for the Remote Enable permission, and then click OK.
    6. Click CIMV2, and then click Security.
    7. Click Add, add your user name, and then click OK.
    8. Under Group or user names, click your user name, click to select the Allow check box for the Remote Enable permission, and then click OK two times.

STATUS

This behavior is by design.

MORE INFORMATION

Steps to reproduce the behavior

To reproduce the behavior in which you cannot create a trace log, follow these steps:
  1. Log on to the Windows Server 2003 SP1-based remote computer as a PLUG member.
  2. Click Start, click Run, type compmgmt.msc, and then click OK to open the Computer Management tool.
  3. In the left pane, right-click Computer Management (Local), and then click Connect to another computer.
  4. Type the name of the Windows Server 2003 SP1-based remote computer, and then click OK.
  5. In the left pane, expand System Tools, expand Performance Logs and Alerts, right-click Trace Logs, click New Log Settings, type the name of the trace log that you want to create, and then click OK.
In this scenario, you expect a dialog box to open that prompts you to define the new trace log. However, this operation fails. Additionally, you receive the error message that is mentioned in the "Symptoms" section.

To reproduce the behavior in which you cannot add a performance counter by using WMI, follow these steps:
  1. Log on to the Windows Server 2003 SP1-based remote computer as a PLUG member.
  2. Click Start, click Run, type perfmon /wmi, and then click OK to open the Performance tool.
  3. In the right pane, click the Add button on the toolbar, and then type \\RemoteComputerName under Select counters from computer.

    Note Replace the "RemoteComputerName" placeholder with the name of the Windows Server 2003 SP1-based remote computer.
  4. Click Add.
In this scenario, you expect a new counter object to be displayed. However, the performance counter is not added.
Modification Type:MajorLast Reviewed:5/27/2005
Keywords:kberrmsg kbWinServ2003SP1fix kbprb KB892407 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.