The iSCSI service does not start after you install iSCSI Initiator 2.0 on a Windows 2000 Server-based computer (909585)


The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

Consider the following scenario. You install Microsoft iSCSI Initiator 2.0 on a Microsoft Windows 2000 Server-based computer. Then, you try to discover iSCSI targets. Or, you try to stop or to restart the iSCSI service. In this scenario, you experience the following symptoms:
  • The iSCSI service does not start.
  • During the installation of iSCSI Initiator 2.0, you receive the following error message:
    An error occurred while setting security for the WMI interface. A required privilege is not held by the client.
    Please see the Microsoft iSCSI Initiator documentation for further information.
  • When the iSCSI service tries to start, you receive the following error message:
    Could not start the Microsoft iSCSI Initiator Service service on Local Computer.
    Error 1314: A required privilege is not held by the client.
  • The following events are logged in the System log:
    Event ID - 106
    Error 0x00000522 while initializing iSCSI initiator service at checkpoint 6.
    Event ID - 7023
    The Microsoft iSCSI Initiator Service service terminated with the following error: A required privilege is not held by the client.

CAUSE

This problem occurs if you use the Audit object access policy setting to enable auditing on the Windows Management Instrumentation (WMI) GUIDs before you install iSCSI Initiator 2.0. Specifically, this problem occurs if one of the following conditions is true:
  • The security descriptors that are assigned to the WMI interfaces for iSCSI are not valid.
  • The security descriptors that are assigned to the WMI interfaces for iSCSI have SACLs assigned to them.

    Note A SACL is a data structure that is included in a security descriptor. A SACL indicates that auditing for the object should be performed. WMI GUIDs do not support auditing.
If a WMI GUID is accessed when the security descriptor for the GUID includes a SACL, the "error occurred while setting security for the WMI interface" error that is mentioned in the "Symptoms" section is returned.

RESOLUTION

To resolve this problem, use one of the following methods.

Method 1: Disable the audit policy

Note This is the recommended method.

To resolve this problem, make sure that the Audit object access policy setting is set to No auditing. To do this, you must determine where the policy is set on all levels that apply to the system. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

314955 How to audit Active Directory objects in Windows 2000

Method 2: Delete the relevant values from the registry

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. You may be able to resolve this problem by manually deleting the relevant values from the registry.

Notes
  • If you manually delete the relevant values, these GUIDs will use the default security descriptor for WMI GUIDs. This functionality could allow unauthorized users to access the WMI GUIDs.
  • If you use this method, and then you reinstall iSCSI Initiator 2.0, you must use this method again to delete the registry values after the reinstallation.
To delete these registry values, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\Security

  3. Select the following values, one at a time. Then, for each value, click Delete on the Edit menu.
    • 1221948A-6332-4ac2-AA04-268AABCECE4F
    • 225B9D64-47A9-41c8-81CD-69BC02652D87
    • 36B58EA2-C461-4bb0-AC8E-952F59D251ED
    • 391F3325-0BA3-4083-A861-CF4F6F97A527
    • 41646815-7524-4bc0-904A-CD7D510EAC02
    • 420512D9-0537-4c67-A779-84BA7B29CE9F
    • 45755098-4291-43df-9720-B58642DD63DF
    • 46B122C0-3767-4069-916E-3A43702F05CE
    • 4AE27CD9-8DFA-4c37-A42C-B88A93E3E521
    • 53EF8D5F-36F3-4124-8B76-C6AD521A1021
    • 556BC0B0-0FB5-40f2-9255-B7D9A669DAEC
    • 58515BF3-2F59-4f37-B74F-85AEEC652AD6
    • 5C59FD61-E919-4687-84E2-7200ABE2209B
    • 7A2C6C2B-E5A5-49ad-AD68-133089ACD74D
    • 7BB02370-B8AE-4d29-88DE-76951D3245BA
    • 84CA6FD6-B152-4e6a-8869-FDE5E37B6157
    • 8EAEF9D8-C053-49d3-9205-65C703C2ECC1
    • B35694DE-D323-49d2-ABB2-8139209AD150
    • B4D1C606-8682-4b7a-AC6B-D883D91555FB
    • C75258E9-BE79-4a48-A23D-EEB6F8FB940C
    • C827993C-6D1F-4194-9B5C-D7C0A5F1CFB7
    • D7931411-0376-4869-A491-8D679BFC004A
    • E67E1BDB-D130-4143-9EB2-8BEE1899FD52
    • EA4D82BF-29DA-4e12-800A-E5437964462C
    • F022F413-3BF5-47ec-A942-33B81CF8E7FF
    • FA30C290-68DB-430a-AF76-91A2E1C49154
  4. Click Yes to verify each deletion.
  5. Quit Registry Editor.
If you still experience this problem after you delete these values, delete the following value if it exists:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\Security\00000000-0000-0000-0000-000000000000

Note By deleting this value, you reset the security descriptor for all WMI GUIDs that do not have an explicit security descriptor assigned.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

Microsoft iSCSI Software Initiator Osaka Users Guide

http://download.microsoft.com/download/a/e/9/ae91dea1-66d9-417c-ade4-92d824b871af/uguide.doc.

Modification Type:MinorLast Reviewed:2/1/2006
Keywords:kbtshoot kberrmsg KB909585 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.