|
|
|
date: Wed, 22 Feb 2006 15:58:35 -0000,
group: microsoft.public.platformsdk.com_ole
back
DCOM / NT Service problems under Win 2003
Hi all, got a really annoying problem that we are struggling to solve.
I've creating a DCOM server interface as an NT Service so that it could
effectively run all the time, regardless of if any users were logged on to
Windows. I was directed to a MSDN article
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncomg/html/localserv.asp
which described the necessary registry changes that needed to be made in
order to get the service to work correctly.
Having followed this, we have created out DCOM / NTService which works
perfectly fine under Windows 2000.When we tested it on Windows XP service
pack two we had to make some amendments to the permissions in order to get
it to function properly. Under XP SP2 the NT Service ran ok but we couldn't
connect to it with our client application. We basically resolved it by
adding the current user account into all the permissions for DCOM on that
machine AND for the particular DCOM server.
Now we are trying to get it to work under Windows 2003 Enterprise with no
sucess. We've tried all the combinations that we can think of, of adding in
users to the permissions with no success. It's is defiantly a security
permissions problem. The Service starts ok and runs fine but the client
cannot connect to it. One of our Russian Developers found this article
http://www.rsdn.ru/article/com/comsec.xml#ERBA which (although it is in
Russian) we've followed but still with not success. The code has been
tested with and without the following
HRESULT hr = CoInitializeSecurity(sd, -1, NULL, NULL,
RPC_C_AUTHN_LEVEL_PKT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL);
to no avail - hr never equals S_OK. The article seems to suggest that if a
users is a member of a group that does not have permissions to run DCOM,
then even if the user is directly added to the permissions for that object,
they still will not be able to execute the DCOM object. It also seems to
suggest that if a user is a member of two groups, A & B, if A is allowed to
run DCOM and B is not, then overall the user will NOT be able to run the
DCOM object <- is this correct?
I anyone shed some light on this, it's a real problem for use
Many thanks in advance,
Mike Collins
date: Wed, 22 Feb 2006 15:58:35 -0000
author: Mike Collins
Re: DCOM / NT Service problems under Win 2003
> I've creating a DCOM server interface as an NT Service so that it could
> effectively run all the time, regardless of if any users were logged on to
......
> Russian) we've followed but still with not success. The code has been
> tested with and without the following
>
> HRESULT hr = CoInitializeSecurity(sd, -1, NULL, NULL,
> RPC_C_AUTHN_LEVEL_PKT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE,
> NULL);
>
> to no avail - hr never equals S_OK. The article seems to suggest that if
> a
Hi Mike,
My dollar is on missing registry entries.
Can you list all entries you write to?
m
http://bubbler.net/outlaw/blog
date: Fri, 21 Apr 2006 10:42:21 -0400
author: Mario Contestabile
|
|
