Troubleshooting SCW
Applies To: Windows Server 2003
This topic discusses troubleshooting SCW.
This topic lists some problems and error messages and provides suggestions for handling them. For more detailed information about troubleshooting SCW, see SCW Troubleshooting Guide on the Microsoft Web site (https://go.microsoft.com/fwlink/?linkid=45183).
Common SCW Problems
This section lists circumstances under which SCW might not work as you expect.
SCW does not run on a specific computer
SCW is supported only on Windows Server 2003 with SP1. For details about SCW requirements, see “Requirements for Installing and Running SCW” in Security Configuration Wizard Quick Start Guide.
SCW security policies do not apply to some computers
The security policies that are created with SCW should only be applied to servers and groups of servers running Windows Server 2003 with SP1. The security policies should not be applied to operating systems such as Windows XP or Windows Small Business Server.
IIS role is not detected by SCW
If an SCW security policy is applied to a server before Internet Information Services (IIS) is installed, the server will be configured with the Hypertext Transport Protocol (HTTP) Secure Sockets Layer (SSL) service disabled, as HTTP SSL is not required on a computer that is not a Web server. If IIS is then installed on the server and SCW is run, the Administrator must first ensure that IIS is started, in order for IIS to be detected by SCW. IIS cannot run without the HTTP SSL service.
Error messages
Here are some errors you might encounter with SCW.
Cannot Process XML Data
The Microsoft XML core services are corrupted or not installed.
Cannot Process Security Configuration Database
There is a problem with Main.XML. Check the Application log, which might have more information.
The Security Configuration Wizard cannot continue because the security configuration database processing failed
There is a problem with Main.XML. Check the Application log, which might have more information.
You do not have administrator privileges on the selected server. Click Specify User Account to provide an administrator account on the selected server
You must be an administrator on the local server to run SCW, or you must specify Administrative credentials on a remote server. If you are trying to apply a policy to a server, the policy must be available on the server running SCW. You must also be authenticated as an administrator on the computer that is receiving the policy.
Cannot rollback last applied security policy
Check the Application log, which might have more information.
The selected security policy file has a format that is not valid. Select another security policy file and try again
You can receive this message if you browse to, or type in, an XML file that is not a security policy file. If this is a security policy file that you created, try running SCW again to recreate it.
Not Found!
In the Network Security section of SCW, this message appears if SCW cannot verify that an approved application exists at the specified path. This is not necessarily a problem, as you might be configuring a policy for a remote server. If the application will exist at the specified path at the time the policy is applied, the Not Found! message can be ignored.
Cannot determine the IP address from the computer name. The lookup service is not available
In the Network Security section of SCW, the IP address of the computer name you entered must be resolvable, or you cannot continue. If the computer has a static IP address (not assigned by DHCP), then you can enter the IP address instead of the name.