Search

Language:  

Available article translations:

Push installation to the local server fails

APPLIES TO:
  • Parallels Remote Application Server

Symptoms

Push installation of RAS components (RDSH or Gateway) to the same server where Publishing Agent and Console are already installed fails. Alternative hostname was previously configured in DNS and is used during the push installation. The error received is "Current credentials used on this system do not allow remote installation":

Windows Event Viewer has the following errors in Security log:

Status 0xC000006D is specific for this issue.      
 

Cause

This problem occurs because of Windows security feature named loopback check functionality, which is by default enabled in Windows Server 2003 SP1 and higher. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Resolution

The resolution is described in Microsoft KB 926642.

Extract from the article:

The following actions should be performed on the affected server:

  1. Click Start, click Run, type regedit, and then click OK;
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0;
  3. Right-click MSV1_0, point to New, and then click Multi-String Value;
  4. In the Name column, type BackConnectionHostNames, and then press ENTER;
  5. Right-click BackConnectionHostNames, and then click Modify;
  6. In the Value data box, type the CNAME or the DNS alias, that is used for this computer, and then click OK;
    Note Type each host name on a separate line;
    Note If the BackConnectionHostNames registry entry exists as a REG_DWORD type, you have to delete the BackConnectionHostNames registry entry;
  7. Quit Registry Editor, and then restart the server;
  8. Launch Parallels RAS Console in elevated mode (Right Mouse Button click → "Run as administrator") and repeat the installation procedure. As for usual remote push installation cases, UAC must be turned off and TCP ports 135 and 445 must be opened.



1d70d1f9c41d01c5f7202a4290e434e1

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No