How to resolve Windows Server access denied errors during Discovery, Orchestration, or Integration HubIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Resolve the Windows Server error "Access is denied (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" that occurs when running a Discovery, Orchestration, or IntegrationHub step. This article provides common causes and resolutions for this error. The following prerequisites must be met for PowerShell probes to run successfully: The environment is configured to allow communication between the MID Server and the target server.A credential with the necessary rights is configured for the target server. It is often necessary to work with the Windows team managing the target server to resolve access issues. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All supported releases Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } This error can result from one or more of the following conditions: Incorrect credentials are configured for the target Windows Server.The credential does not contain the domain name.The credential does not have the required permissions.Windows Management Instrumentation (WMI) is disabled or not configured properly on the target Windows Server.WMI permissions are not configured correctly.One or more WMI-related services are disabled.The EnableDCOM registry entry (controls the global activation and call policies) is disabled on the MID Server or the target Windows Server.The execution policy on the target server does not allow scripts to run.The target server does not allow remote execution. Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Incorrect credentials configured for target Windows Server Verify that the user name and password for the Windows Server are correct: Log in to the target Windows Server using a remote desktop connection.If the connection fails, the credentials are incorrect. Obtain the correct credentials and configure them as described in the Service Mapping documentation.If the connection succeeds, continue with the following troubleshooting steps. The credential does not contain the domain name Go to MID Server > Credentials.Select the Windows credential configured for the target Windows Server.Verify that the credential contains the domain name. The domain name appears before the user name and is separated with a backslash (\).If the domain name is missing, add it to the credential. Use the domain name that allows access to the target Windows Server. Credential permissions For information on credential permissions, review the following documentation: Windows credentialsWindows probes and permissions WMI is disabled or not configured properly on the target Windows Server Verify that WMI is enabled on the target Windows Server: On the Windows Server, go to Start > Run.Enter wbemtest.Verify that the Windows Management Instrumentation Tester application starts. If it starts, WMI is enabled.In the Windows Management Instrumentation Tester window, select Connect.In the Connect window, leave the default values for Namespace and Credentials, then select Connect.Select Query.In the Query window, enter the following WMI query, Select * from Win32_ComputerSystem Select Apply.Verify that a reply with the computer name is returned. WMI permissions Verify that WMI permissions are configured correctly: In Windows Explorer, go to Server Manager.In the tree, select Configuration, right-click WMI Control, and select Properties.In the WMI Control Properties window, select Security.Select the Root folder, then select Security.In the Security for Root window, select Advanced.In the Advanced Security Settings for Root window, double-click Administrators.In the Permission Entry for Root window, verify that all checkboxes are selected. WMI-related services are disabled In Server Manager, go to Configuration > Services and verify that the following services are not disabled: Remote Access Auto Connection ManagerRemote Access Connection ManagerRemote Procedure Call (RPC)Remote Procedure Call (RPC) LocatorRemote RegistryServerWindows Management InstrumentationWindows Management Instrumentation Driver ExtensionsWMI Performance Adapter EnableDCOM registry entry is disabled Verify that DCOM is enabled on both the MID Server and the target Windows Server: Open the registry on the MID Server.Verify the following registry entry: Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole Name: EnableDCOM Type: REG_SZ Data: Y Repeat steps 1–2 on the target Windows Server. Execution policy does not allow scripts to run Verify that the execution policy allows scripts to run. See the following documentation for requirements: PowerShell for Discovery and Service Mapping The following Microsoft documentation describes how to check and set the execution policy: Get-ExecutionPolicySet-ExecutionPolicy Target server does not allow remote execution Enable remote execution on the target server. See the following Microsoft documentation: Enable-PSRemoting