Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsVB SyntaxEnterprise DevelopmentDatabase AccessControlsCOMWin APICrystal ReportDeploymentGeneralGeneral 2
Related Topics
VB.NET / ASP.NETMS SQL ServerMS AccessOther Database ProductsMore Topics ...

VB Forum / COM / June 2005


Tip: Looking for answers? Try searching our database.

2003 Server DCOM authentication problem!

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Johhny 0 - 15 Jun 2005 21:10 GMT
We have a COM+ application written in Vb6 that we have installed at many
sites. Now three of these sites are all having the same problem; namely, that
on the client they have to be logged in with domain admin rights in order to
not receive a "Permission Denied" error when activating the remote component
via proxy. This is not an IIS/ASP application, FYI. The identity of the
package is a domain admin.

Everything is working fine except at these three sites, and they all have
2003 server with SP1 applied.

Now, I've tried all of the following, without effect:
- turned off "Enforce access checks for this application" on the application
- changed "Authentication Level" to "none" and "Impersonation" to
"Anonymous" on the package, and also in default properties for "My Computer"
on the server.
- Added "NETWORK", "INTERACTIVE" and "SYSTEM" with full permissions for
"Launch Permissions" and "Access Permissions" under default properties for
"My Computer" (I cannot see where to set these permissions for my application
- it's not listed - either by progID or name - in DCOM Config).
- I've even tried added roles that contained "Everyone" and assigned that to
my application and all components!

Any help would be greatly appreciated!!

John
Reply to this Message
Tony Proctor - 16 Jun 2005 11:13 GMT
I'm missing something here John. If your application is not showing up in
dcomcnfg, how have you managed to try all those variations of the DCOM
settings?

       Tony Proctor

> We have a COM+ application written in Vb6 that we have installed at many
> sites. Now three of these sites are all having the same problem; namely, that
[quoted text clipped - 21 lines]
>
> John
Reply to this Message
Johhny 0 - 16 Jun 2005 23:27 GMT
To answer your question:
The application is there in COM+ applications, but not under the DCOM Config
node in the Component Services MMC snap-in. Some of the settings apply there.
The security settings I changed I did under default COM security under
properties of "My Computer".

However, I think I've got it now. I noticed that the client side DCOM error
in the event log was returning the GUID of a component, not the entire
application - and this led me to realize that a secondary Library application
we have wasn't configured right (apparantly this is new to 2003 - not
inheriting everything from the main "Server" application that calls it).
Woops!  Oh well, maybe someone else will benefit from the post :)

Thanks!

> I'm missing something here John. If your application is not showing up in
> dcomcnfg, how have you managed to try all those variations of the DCOM
[quoted text clipped - 34 lines]
> >
> > John
Reply to this Message
Paul Clement - 16 Jun 2005 14:41 GMT
¤ We have a COM+ application written in Vb6 that we have installed at many
¤ sites. Now three of these sites are all having the same problem; namely, that
¤ on the client they have to be logged in with domain admin rights in order to
¤ not receive a "Permission Denied" error when activating the remote component
¤ via proxy. This is not an IIS/ASP application, FYI. The identity of the
¤ package is a domain admin.
¤
¤ Everything is working fine except at these three sites, and they all have
¤ 2003 server with SP1 applied.
¤
¤ Now, I've tried all of the following, without effect:
¤ - turned off "Enforce access checks for this application" on the application
¤ - changed "Authentication Level" to "none" and "Impersonation" to
¤ "Anonymous" on the package, and also in default properties for "My Computer"
¤ on the server.
¤ - Added "NETWORK", "INTERACTIVE" and "SYSTEM" with full permissions for
¤ "Launch Permissions" and "Access Permissions" under default properties for
¤ "My Computer" (I cannot see where to set these permissions for my application
¤ - it's not listed - either by progID or name - in DCOM Config).
¤ - I've even tried added roles that contained "Everyone" and assigned that to
¤ my application and all components!
¤
¤ Any help would be greatly appreciated!!

I think you need to take a look at the below article. Remote activation is disabled by default for
non-administrators in 2003 SP1.

DCOM Security Enhancements in Windows Server 2003 Service Pack 1
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/html/cbfe62
e6-c88f-4144-a5a7-4df872ee4f3a.asp


Paul
~~~~
Microsoft MVP (Visual Basic)
Reply to this Message
Johhny 0 - 17 Jun 2005 14:50 GMT
Paul,
Thanks!! That aricle was extremely helpful. I was still having issues after
my last post, and this solved it!

John

> ¤ We have a COM+ application written in Vb6 that we have installed at many
> ¤ sites. Now three of these sites are all having the same problem; namely, that
[quoted text clipped - 30 lines]
> ~~~~
> Microsoft MVP (Visual Basic)
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.