SAS® Integration Technologies: Administrator's Guide (LDAP Version)
SAS® Integration Technologies: Administrator's Guide (LDAP Version)
SAS® Integration Technologies: Administrator's Guide (LDAP Version)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• Make sure the permissions are correct:<br />
♦ The NT Service Control Manager (SCM) runs in rpcss.exe. The SCM is responsible for launching<br />
SAS under both COM and DCOM.<br />
♦ If you do not have a license for the <strong>Integration</strong> <strong>Technologies</strong> product, the IOM server restricts<br />
incoming connections by allowing connections from the local machine only. As part of this<br />
verification, SAS System <strong>Version</strong> 8 servers must be able to impersonate the client. Because the SAS<br />
Workspace Manager will adjust the impersonation level settings when making a local connection to<br />
allow this check to work, if you are using <strong>Version</strong> 8 of the SAS System, then you should consider<br />
using the SAS Workspace Manager to initiate the client session. SAS System 9 and later servers can<br />
make this determination regardless of whether the client impersonation is enabled.<br />
♦ The system account must have launch and access permissions (the SCM runs under the system<br />
account).<br />
♦ A good technique to use to determine what user ID is being used to read/write files is to enable<br />
auditing on the file. To do this, first use the User Manager Policies Audit... to enable auditing for<br />
File and Object Access. At this point, nothing will actually be audited until the specific files that you<br />
want audited are enabled for auditing. Do this from the File Manager. Select Properties Security tab<br />
Auditing for each file you want to audit. (If you do this for a directory, you can specify all files<br />
under that directory.)<br />
To view the audited information, use the Event Viewer and select Log<br />
Security. This will show you<br />
what user ID attempted to access the files specified through the user manager.<br />
♦ An error message that states "Server execution failed" when trying to connect to the IOM server can<br />
be caused by many things including trying to connect to an IOM server with an expired license or<br />
having an invalid username/password in the dcomcnfg identity settings.<br />
♦ Events work by having the IOM server make a call on an interface that the client provides to SAS. In<br />
order for SAS to make a call on that interface, the client must grant permission to SAS to make the<br />
call.<br />
As another alternative, Microsoft has suggested setting the client's authentication level to None. For a<br />
C/C++ application, this can be controlled through CoInitializeSecurity. For a Visual Basic<br />
application, set the default authenticationLevel to None using dcomcnfg on the client side. Note that<br />
this implies that events cannot be encrypted, and that the only way to encrypt non−event data is<br />
through the server−side authenticationLevel settings in dcomcnfg.<br />
• Make sure the authentication is correct:<br />
COM/DCOM<br />
<strong>SAS®</strong> <strong>Integration</strong> <strong>Technologies</strong>: <strong>Administrator's</strong> <strong>Guide</strong> (<strong>LDAP</strong> <strong>Version</strong>)<br />
♦ On NT 4, the only authentication provided by default is NTLM, which uses RC4 for packet<br />
encryption (if you turn it on, of course).<br />
Troubleshooting a COM/DCOM Connection 101