Ex2007 EVS on Windows 2008
- From: Nick Burkitt <nick.burkitt@xxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Oct 2008 17:40:00 -0700
Hi.
I have a C++ application that uses WMI to gather information from other
servers. When connecting to an Exchange 2007 EVS running on a Windows 2008
cluster, I am able to connect to the WMI namespace "root\MSCluster" of a
node, but when I try to enumerate the MSCluster_Cluster instances, I get
ACCESS_DENIED. This appears to be because the authentication level in the
proxy security blanket for the IWbemServices interface is not set to
PKT_PRIVACY.
The "Security Blanket Negotiation" story is that "When a proxy is
created...COM chooses the higher of the authentication levels specified by
the client and the server."
If this is true, then the server is specifying an authentication level of
PKT, but when I call IWbemServices::CreateInstanceEnum to enumerate the
MSCluster_Cluster instances, it somehow expects an authentication level of
PKT_PRIVACY.
Calling CoQueryProxyBlanket immediately after connecting, shows that the
negotiated value for AUTHN level is in fact PKT:
"CoQueryProxyBlanket() returned Authorization Service: GSS_NEGOTIATE,
Authentication Service: NONE, Server Principal Name:
host/<servername>.<domain>.com, Authorization Level: PKT, Impersonation
Level: IMPERSONATE, Capabilities: MUTUAL_AUTH"
So, am I missing something? How do I go about ensuring that I have the
correct AUTHN level if the server doesn't ask for it?
Thanks,
-Nick
.
- Follow-Ups:
- RE: Ex2007 EVS on Windows 2008
- From: "Jialiang Ge [MSFT]"
- RE: Ex2007 EVS on Windows 2008
- Prev by Date: Re: ConnectServer using impersonation token
- Next by Date: RE: Ex2007 EVS on Windows 2008
- Previous by thread: ConnectServer using impersonation token
- Next by thread: RE: Ex2007 EVS on Windows 2008
- Index(es):
Relevant Pages
|
