search cancel

Symantec Identity Manager - Unable to set terminal services attribute wts16

book

Article ID: 257684

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

When trying to modify an Active Directory Terminal Services attribute the following error is being thrown. Unable to set Terminal Services error with the Reason: rc: 87 - The parameter is incorrect.

Environment

Release : 14.4

Cause

There are two causes of this issue.

1) Permissions

2) Network access. There are times when the network restricts the client to make SAM calls. See the Microsoft article below:

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls

 

Resolution

To confirm it is not permissions related first grant the service account used within IDM "Domain Admin" permissions then test again. Next, install Active Directory User and Computers on both the Active Directory machine and Connector server, and test both with "Domain Admin" and the currently assigned permissions. If you are able to modify the terminal service attributes locally but not remotely with current permissions then it is time to investigate if there are any network access restrictions.

This is managed by your group policy owner and all information regarding network access restrictions can be found in the below Microsoft Article.

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls