When you create a Microsoft Application Center 2000 application pool, you may notice that unrecognized users and groups may appear in the Internet Information Services (IIS) 6.0 metabase after Application Center 2000 replication occurs.
This problem occurs when local group permissions and local user permissions that are contained in the
AdminACL property are replicated by the Application Center replication driver. In this case, the
AdminACL property may contain security identifier (SID) information that maps to local users or local groups that do not exist on the destination computer.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the
Time Zone tab in the
Date and Time item in Control Panel.
Date Time Version Size File name
-------------------------------------------------
07-Dec-2004 00:58 1.0.781.9 43,520 Rdrvmb.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684Â
(http://kbalertz.com/Feedback.aspx?kbNumber=824684/
)
Description of the standard terminology that is used to describe Microsoft software updates
Installation instructions
This hotfix adds the
DisableAdminACL value to the Application Center 2000 metabase replication driver. You can use the
DisableAdminACL value to disable the
AdminACL property replication if a specific metabase value is detected.
This hotfix adds the
DisableAdminACL key to the IIS metabase in the following IIS metabase path:
/WebReplication/local/ReplicationResourceTypes/MB/
After you apply this hotfix, you must use the Mdutil.exe file utility to add a value to disable or enable
AdminACL property replication. You must use the Mdutil.exe utility that is in the Support directory of the Application Center Service Pack 2 (SP2) installation files.
To disable
AdminACL property replication, follow these steps.
Warning If you edit the metabase incorrectly, you can cause serious problems that may require that you reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.
Note Always back up the metabase before you edit it.
- Log on to the computer that is running Application Center 2000 by using an account that has administrative permissions.
- Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type the following command:
mdutil.exe SET /WebReplication/local/ReplicationResourceTypes/MB/DisableAdminACL/AttrValue "1"
NoteAttrValue 1 disables
AdminACL property replication and
AttrValue 0 enables
AdminACL property replication.