search cancel

Symantec Identity Manager - Unable to set terminal services attribute wts16


Article ID: 257684


Updated On:


CA Identity Suite CA Identity Manager


When trying to modify an Active Directory Terminal Services attribute the following error is being thrown. Unable to set Terminal Services error with the Reason: rc: 87 - The parameter is incorrect.


Release : 14.4


There are two causes of this issue.

1) Permissions

2) Network access. There are times when the network restricts the client to make SAM calls. See the Microsoft article below:



To confirm it is not permissions related first grant the service account used within IDM "Domain Admin" permissions then test again. Next, install Active Directory User and Computers on both the Active Directory machine and Connector server, and test both with "Domain Admin" and the currently assigned permissions. If you are able to modify the terminal service attributes locally but not remotely with current permissions then it is time to investigate if there are any network access restrictions.

This is managed by your group policy owner and all information regarding network access restrictions can be found in the below Microsoft Article.