000021658 - Creating RSA ClearTrust object via DCOM bridge fails with error: 'no object for moniker'

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021658
Applies ToRSA ClearTrust 5.5.2 Authorization Server (AServer)
Microsoft Windows 2000 Server SP4
J-Integra 1.5.2
IssueCreating RSA ClearTrust object via DCOM bridge fails with error: "no object for moniker"
CauseMicrosoft's fix for the LSASS vulnerability (MS04-011) included changes to the file MSV1_0.dll, effecting changes to NTLM authentication that broke JIntegra's authentication mechanism
ResolutionOption 1 (recommended): Apply RSA ClearTrust hot fix 5.5.2.15_dcom, which replaces the JIntegra jar files with updates that correctly handle the changes to NTLM authentication. NOTE: RSA ClearTrust hot fixes are cumulative only for the objects/archives included in the patch. Hot fix 5.5.2.15_dcom is the only hot fix for the DCOM bridge, and must be applied irrespective of other applied ClearTrust patches.

Option 2: Change default authentication for the DCOM client to 'none' to bypass NTLM authentication:
  1. From the command prompt, enter DCOMCNFG.
     
  2. Select the Default Properties tab.
     
  3. Change the Default Authentication Level to (None).
     
  4. Click OK.

NOTE: This option disables authentication on all DCOM communication, and is insecure by nature. This option should only be used in a test environment.

Option 3: Roll back the change to MSV1_0.dll.  The previous version of the file can be found in %windir%/$NtUninstallKB835732$. NOTE: Rolling back the change will restore the LSASS vulnerability. This option should only be used in a test environment. For more information, see Microsoft's Web site at http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Legacy Article IDa24138

Attachments

    Outcomes