I built a sample application for dcom by following the steps given in this link.
After building the client and test DCom server, i tried to run client in my system and it worked correctly. But if i try to rum client from remote location, an error message is coming saying "Access is denied".
How can i run my client in remote location?
And also will i able to see the test DCOM Server in dcomcnfg.exe?
If yes where can i see it?
I was able to see it in regedit.
You might well have already done this, but can I just cover some basics...?
Go to the "Component Services" MMC snap-in, right-click on "My Computer" there and select "Properties".
In the "Default Properties" tab, make sure that "Enable Distributed COM on this computer" is enabled.
In the "COM Security" tab, make sure the access, launch and activate permissions are configured to allow the scenario you're in.
The followings are what I have got so far, but I am still digging, you may find a better way anyway. Do the followings with elevated permission.
First run the server.exe on both computer to register them (/regserver).
Add incoming firewall rules on server machine to accept incoming client DCOM connection.
Define same user with same password on both computer (assuming you are not in a Domain). Add them to "Distributed COM Users".
run DCOMCNFG and do the followings:
Console Root>Component Services>Computers>My Computer>Properties>Default Properties>Enable Distributed COM on this computer
Console Root>Component Services>Computers>My Computer>Properties>Default Properties>Default Authentication Level>Connect
Console Root>Component Services>Computers>My Computer>Properties>Default Properties>Default Impersonation Level>Identify
Console Root>Component Services>Computers>My Computer>Properties>Default Protocols>Connection-oriented TCP/IP
Console Root>Component Services>Computers>My Computer>Properties>COM Security>Access Permissions>Edit Limits>Add "Distributed COM Users" with Local and Remote Access enabled
Console Root>Component Services>Computers>My Computer>Properties>COM Security>Lunch and Activation Permissions>Edit Limits>Add "Distributed COM Users" with Local and Remote Lunch and Activation enabled
Under My Computer find the server (it should be there if it is registered correctly)
server.exe>Properties>General>Authentication Level>Default
server.exe>Properties>Location>Run application on this computer enabled
server.exe>Security>Lunch and Activation Permissions>Customize>Edit>Add Distributed COM Users with Local and Remote Lunch and Activation enabled
server.exe>Security>Access Permissions>Customize>Edit>Add Distributed COM Users with Local and Remote Access enabled
server.exe>Endpoints>DCOM-Oriented endpoints>Add Connection-oriented TCP/IP
server.exe>Identity>select The interactive user or The launching user, which one is appropriate
After the above setting I am always able to call implemented server interface from the client application.
I hope it helps,
Zonouzi
Related
I have two systems, one is an ERP and the other is a POS application, and i have a customer which uses an usb token to assign some files. I have two scenarios:
When i use the ERP to assign a file, he calls a application which is made just for do it, its called DFe and it works well, he finds the certificate.
In my POS, to do the same operation, it calls general service application who menages all our system, and this service call DFe, but when DFe is called from my general service, it doesn't find mine certificate, Windows returns the error "key set is not defined". I already did my service logon with user's credentials, but it didn't worked
Why my application doesn't find the certificate in this second scenario?
PS: The system is Windows 7
I solved the problem moving the certificate from local user to computer local on mmc.exe, I set the service to run on local computer and it works
I have configured smtp settings in web.config and I was able to successfully send email when working on my local machine. But when I uploaded the code on the server, its giving me following exception
Mailbox unavailable. The server response was: 5.7.3 Requested action aborted
Meanwhile, I also received an email from Microsoft telling me that an attempt to login to my account from a new location was blocked. I clearly understand the problem that server is in a different part of the world than where I usually login to a Windows Live account. That's why it is blocking the account to login. But I want it to login and send email using my credentials on from remote server. There must be some settings in Windows Live account but I failed to find one.
Contacting Hotmail Support Center first to find out if its really possible what you are intending to do might be helpful. I think if hotmail web administration has put a security check, it must be for a purpose of stopping such remote login activities.
Right, this is driving me insane. This works fine locally with Excel 2013, but when the website is published to a remote server with Excel 2010 it fails. From what I can see the DCOM configuration is the same locally as remote.
After fighting with Excel 2010 and DCOM permissions for over an hour now the best I have got is this exception: System.Runtime.InteropServices.COMException (0x80070BBC): Office has detected a problem with this file. To help protect your computer this file cannot be opened.
This is the result of a web application trying to open a *.xls file from a location it has just uploaded to. The application pool is running under ApplicationPoolIdentity and I have set the permissions for this specific app pool under mmc -32 on Launch and Activation Permissions so there's no problem running Excel. What I think I'm facing here is protected mode issues as the file is definitely not corrupt.
I've gone into Excel and Trust Centre settings and have added the location where the *.xls file is uploaded to (and subsequently opened) as a trusted location. If I open the file on the hosting server (under my domain account) I don't get the protected view block on the file - however, the Identity on the DCOM configuration is set to the launching user. So, what does this mean from the following (or something I haven't listed):
I need to add this location as trusted at a group policy level because the account launching the actual application doesn't have this configuration in its profile?
I need to create an actual account on the server and use this account as the Identity for running the application?
... ?
Just to clarify I've already been down the DCOM Security config route and RIDICULOUS issues with C:\Windows\System32\config\systemprofile\Desktop and C:\Windows\SysWOW64\config\systemprofile\Desktop. The configuration is:
.NET 4.5 (classic pipeline) app pool running under ApplicationPoolIdentity
DCOM Config > Security > Launch and Activation Permissions all set for this specific identity (Access Permissions and Configuration Permissions all set to Use Default)
File is uploaded correctly and appears in destination, opening on the server itself (under my domain account) respects the Trusted Location and doesn't give protected mode warning
Process to parse fails with the above exception.
Here is a screenshot of the Interop assembly I'm using if this is pertinent.
Ok... for anyone stumbling on this issue I have bitten the bullet and had to do the following:
Create a local account (AutomatedOffice in my instance) and set DCOM config to run Excel under this account
Log in as above account and change Excel settings to add folder in application root to trusted location and disable protected mode messages
Allow "Network Service" to invoke DCOM processes locally (through server DCOM config and not CLSID config)
Add NTFS permissions for this account on C:\Windows[System32|SYSWOW64]\config\systemprofile\Desktop paths
What was weird, after creating the account I was getting the following exception Retrieving the COM class factory for component with CLSID {00024500-0000-0000-C000-000000000046} failed due to the following error: 80070005 Access is denied. which was resolved by adding HOST\Users and HOST\NetworkServices group to DCOM security (local only!!!) settings.
You need to add in trust center, security locations the folder where your website is published, for examplo if your website reads a file from c:\temporal\ you must put on excel, security locations that folder name
I developed an application in Delphi 2010 that reads XML data from a transactional queue. It works fine if the queue is local or remote and I don't have to set permissions in both cases.
Now I have to convert that application into a Windows Service. I copied and pasted the same application into the service code, but when I try to read the queue I get the "Access denied" error. I'm doing the tests on my local machine.
Some people say that it's a matter of permissions. I found here in Stack Overflow some posts to the same problem but I didn't find the solution.
Any ideas? I'm using Windows 7 as well.
If you are running the application locally, you are running it under your Windows logon credentials. Services by default are launched under a different user account which may not have the same rights as your account does.
Bring up the service manager (start->services.msc), find your service in the list, right click it and select Properties. Then select the Log On tab and change it to a specific account name/password. (Use your account name / password.) You'll then be executing the code using the same credentials so your Access Denied error should go away.
I'm setting up a windows service that monitors other services and will restart them if they get disconnected. For security reasons I've decided to run this service on a special "service" account and for each service it's supposed to have access to it granted to the service account by an administrator.
In order to do this I'm using the "ServiceController" class. I've been able to get it to work with local computer services but when I attempt to connect to a another network on the computer I get an invalidoperationexception. Is there a "browse" or "discover" permission that I can give to the service account?
'First line throw exception even though the service account has permission set for that 'particular service and that particular machine. Again works fine if the service is 'located on same machine
services = ServiceController.GetServices(serviceComputer).ToList()
Dim serviceOfInterest As ServiceController = (From service In _
services.DefaultIfEmpty(Nothing) _
Where service.ServiceName = "SomeServiceName" _
Select service).SingleOrDefault()
serviceOfInterest.Start();
The permissions you need are described here: http://msdn.microsoft.com/en-us/library/ms685981(VS.85).aspx.
Specifically, to obtain list of services you need SC_MANAGER_ENUMERATE_SERVICE. According to the table in the link above this permission is granted to:
Local authenticated users
LOCAL SYSTEM
BUILTIN\ADMINISTRATORS
apparently when connecting remotely the first two options are out, you only have one option left -- being part of the local administrators group.