Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(934539) - Describes an issue in which services that use named pipes cannot connect between Windows Vista-based computers. A workaround is provided.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 934539 - Last Review: April 23, 2007 - Revision: 1.2

Error message when a system service on a Windows Vista-based computer connects to a system service on another Windows Vista-based computer: "cannot connect to machine"

View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

SYMPTOMS

A system service on a Windows Vista-based computer uses named pipes to connect to a system service on another Windows Vista-based computer. Both services run under the local system account. However, when the system service on the first computer tries to connect to the system service on the second computer, you receive one of the following error messages:

Error message 1
Server1_name: cannot connect to machine "Server2_name" (0x00000005)!
Error message 2
Server1_name: cannot connect to machine "Server2_name" (0x00000035)!
Back to the top

WORKAROUND

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To resolve this issue, follow these steps on the first computer:
  1. Click Start
    Collapse this imageExpand this image
    Start button
    , and then type policy in the Start Search box.
  2. Right-click Local Security Policy, and then click Run as administrator.
  3. Expand Local Policies.
  4. Click Security Options.
  5. In the Policy list, double-click Network Access: Named Pipes that can be accessed anonymously.
  6. On the Local Policy Setting tab, type the name of the second computer. This is the Server2_name name in the error message that you received.
  7. Click OK.
  8. Double-click Network access: Let Everyone permissions apply to anonymous users.
  9. Click Enabled, and then click OK.
Back to the top

MORE INFORMATION

By default, the Network access: Let Everyone permissions apply to anonymous users policy setting is disabled.

Windows Vista lets anonymous users perform certain activities, such as enumerating the names of domain accounts and the names of network shares. For example, Windows Vista lets an administrator grant access to users in a trusted domain that does not maintain a reciprocal trust. By default, the Everyone security identifier (SID) is removed from the token that is created for anonymous connections. Therefore, permissions that are granted to the Everyone group do not apply to anonymous users. Anonymous users may access only those resources for which the anonymous user has been explicitly granted permissions.

By default, the Network access: Named pipes that can be accessed anonymously policy setting is None. This security setting determines whether named pipes have attributes and permissions that enable anonymous access. If the Network access: Named pipes that can be accessed anonymously policy is enabled, the Everyone SID is added to the token that is created for anonymous connections. In this case, an anonymous user may access any resource for which the Everyone group has been granted permissions.
Back to the top

REFERENCES

For more information about network persmissions, click the following article number to view the article in the Microsoft Knowledge Base:
823659  (http://kbalertz.com/Feedback.aspx?kbNumber=823659/ ) Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments
Back to the top
APPLIES TO
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Business N
  • Windows Vista Business N 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Basic N
  • Windows Vista Home Basic N 64-bit Edition
  • Windows Vista Home Premium
  • Windows Vista Starter
Back to the top
Keywords: 
kbexpertiseinter kbexpertiseadvanced kbtshoot kbprb KB934539
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

FrankyT Report As Irrelevant  
Written: 5/1/2007 6:04 PM
This doesn't work for Vista Home Premium, because the Local security policy mmc snapin does not come with vista home.



Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting