Article ID: 2779526 - View products that this article applies to.
When attempting to connect to your System Center 2012 Orchestrator Management Server using the Runbook Designer application, the following error is returned:
Access Denied. If you are using the local administrators group to manage permissions, you might need to start the Runbook Designer with Run as Administrator.
This can occur if the user account launching the Runbook Designer application does not have sufficient permissions to access, launch and activate the omanagement Distributed COM (DCOM) Server on the Management Server computer from a remote computer.
Allowing users to connect to the System Center Orchestrator Management Server using the Runbook Designer application consists of two layers of authorization. The first layer, where this error occurs, is the ability to access, then launch and activate the DCOM Server called omanagement. During installation a group referred to as the Orchestrator Users Group is either selected or created and granted the permissions to be able to connect to the omanagement DCOM Server remotely without requiring membership to the local administrators group on the Management Server.
In order to allow additional users the same authorization to access, launch and activate the omanagement DCOM Server remotely, we must add those users either directly or indirectly via group membership into the DCOM security structure. It is recommended to add an Active Directory based security group rather than direct users so that the DCOM Service does not need to be restarted each time a user is desired to be added or removed from authorization.
To add additional users and/or security groups to be authorized for remote access, launch and activation of the omanagement DCOM Server, follow the instructions below:
In addition to DCOM Server authorization, the user account must have direct or indirect permissions granted inside the Runbook Designer to the various components. If the user does not have at least read permissions to the Runbooks node in the Runbook Designer's navigation pane, they will receive a different error message that could be misinterpreted as this problem as this is the default node that the Runbook Designer takes the user to upon successful connection to the Management Server. That error message appears as below:
A general error has occurred. The error returned was:
Access is denied. (80070005)
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.