Re: IWbemServices::CreateInstanceEnum return E_ACCESSDENIED

From: Erik J Sawyer (anonymous_at_discussions.microsoft.com)
Date: 06/01/04 

Date: Tue, 1 Jun 2004 14:31:03 -0700

I was able to use RPC_C_AUTHN_LEVEL_CALL on WinXP, with a client running as Admin against the local system. Does the requirement you described come into play under different conditions?
     
     ----- Ivan Brugiolo [MSFT] wrote: -----
     
     RPC_C_AUTHN_LEVEL_CALL need to be changed to
     RPC_C_AUTHN_LEVEL_PKT ot RPC_C_AUTHN_LEVEL_PKT_PRIVACY
     for WinXP, and it's accepted from Win2000 as well.
     WinXP and above will not accept inbound calls at CALL authentication level
     
     --
     This posting is provided "AS IS" with no warranties, and confers no rights.
     Use of any included script samples are subject to the terms specified at
     http://www.microsoft.com/info/cpyright.htm
     
     
     "Erik J Sawyer" <anonymous@discussions.microsoft.com> wrote in message
     news:10603252-D858-4117-A782-6B5F4C175B8D@microsoft.com...
> I ran into something similar. Make sure you're calling CoSetProxyBlanket
     on the WbemServices object before your query calls. It appears that the COM
     security is tighter on XP, so you have to grant impersonation permission to
     the proxy object. For example:
>> hr = CoSetProxyBlanket(pWbemServices, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE,
     NULL, RPC_C_AUTHN_LEVEL_CALL, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE)
>> - Erik J Sawyer
>> ----- howard wrote: -----
>> hi folks,
>> I experienced some bizarre problems ... I installed the
> provider in a stand-alone Windows XP box. To enable the
> client applicaiton remotely connect to it, I created a
> test account in administrator group on this box, I aslo
> gave all the permissions on the "\root" and "\root\test"
> namespace to the test account.
>> Before I lauched the client application, everything works
> perfectly. Wbemtest can access the namespace ( query or
> execute method) without any problem, no matter locally or
> remotely. But the client applicaion failed to query the
> class in "\root\test" from another machine. The client
> application is built on the C++ COM API.
>> It's really a surprise as the application didn't have any
> problem calling IWbemServices::ConnectServer with the test
> account and password. But once the connection is set up,
> IWbemServices::CreateInstanceEnum or
> IWbemServices::ExecQuery returned E_ACCESSDENIED
> (0x80070005)
>> This shouldn't be a credential problem, as
> IWbemServices::ConnectServer() does not return any error.
> And shouldn't be the permission problem on the provider,
> as wbemtest can remotely query or execute without any
> problem. I also looked at the log file of the provider,
> IWbemInstProviderImpl::CreateInstanceEnumAsync() was not
> called at all. The problem should happen at some point
> before that.
>> The wbemcore.log looks like this
>> (Mon May 31 20:30:54 2004.57605593) : CFactory construct
> (Mon May 31 20:30:54 2004.57605593) : CFactory destruct
> (Mon May 31 20:30:54 2004.57605609) : CALL
> ConnectionLogin::NTLMLogin
> wszNetworkResource = \\192.168.50.175\ROOT\Test
> pPreferredLocale = (null)
> lFlags = 0x0
> (Mon May 31 20:30:54 2004.57605609) : DCOM connection from
> test\amtest at authentiction level Packet, AuthnSvc = 10,
> AuthzSvc = 0, Capabilities = 0
> (Mon May 31 20:31:48 2004.57659546) : DllCanUnloadNow was
> called
> (Mon May 31 20:31:48 2004.57659546) : DllCanUnloadNow is
> returning S_FALSE
>> ....
>> If anyone's ever seen this, pls give me a hint, any input
> would be appreciated.
>> thanks
> howard
>

Relevant Pages

  • RE: restricted internet access with GPO
    ... WinXP client and enable folder redirection whereby users cannot save data to ... logs on to he/she will get same desktop, icons, shortcuts etc. ... delete icons they reappear after logoff/logon the profile on the server is ...
    (microsoft.public.windows.group_policy)
  • Re: SMS 2003 w/SP1 without opening WINXP SP2 firewall ports?
    ... checks for new advertisement on the server and run / download the ... The SMS client remote installation is ... I don't think the WinXP firewall by default allows all ports connection ... SMS would likely be blocked if it ...
    (microsoft.public.sms.admin)
  • Re: getting remote desktop back on win98 and winxp lan
    ... can not no matter what I try get the win98 to log into the winxp as ... the remote desltop client. ... frustrated as this same hardware worked great before the crash ...
    (microsoft.public.windowsxp.general)
  • Addind WinXP Pro client to SBS2000
    ... Just reformatted and did new install of WinXP Pro to a current user's pc. ... It connected to network and the Trend Micro OfficeScan Client ... do use the SBS2000 Setup Computer Wizard to create a floppy disc to ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: MIDAS/Datasnap Alternative
    ... DDCAppservice is an I/O Completion Ports ... efficient way of developing server applications. ... Increasing the client base does not typically require ... component for each logical data provider. ...
    (borland.public.delphi.thirdpartytools.general)