RE: Problems with security requirements in Windows WorkGroups.

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Domingo,

After further research, I've got some information that may help on this
issue. For two non-domain computers(with local accounts) scenario in
remoting, you can check the following setting in windows Local security
policy:

**launch secpol.msc or use the following path to open local security
setting

"control panel-->administrative tools-->local security policy"

**In the opened mmc console, locate "Local Policies--> Security Options"
node in left view

** in the right view, find the following setting item:

Network access: Sharing and security model for local accounts

the setting could be set to "guest only". If so, switch it to "classic"

reboot the machine and test again to see whether it works. In my local
test environment, I used two windows XP boxes, after changed the above mode
to "classic" on both ones, the local accounts works for non-domain
environment remoting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: stcheng@xxxxxxxxxxxxxxxxxxxx ("Steven Cheng")
Organization: Microsoft
Date: Fri, 21 Mar 2008 11:04:18 GMT
Subject: RE: Problems with security requirements in Windows WorkGroups.

Lines: 311
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.dotnet.languages.csharp:81264
NNTP-Posting-Host: TOMCATIMPORT3 10.201.220.210

Hi Domingo,

After testing on two workgroup(non-domain) machines, I've repro the
problem. I'll do some further research on this and let you know as soon as
I get any new update.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: =?Utf-8?B?dmlzdWFsX2RldmVs?= <visualdevel@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <800CF03C-C49C-4E08-B27F-681FEBC8F60D@xxxxxxxxxxxxx>
<p3vBGF1fIHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<975D4CC3-0401-4DB3-A064-C4D3E5D2C9DA@xxxxxxxxxxxxx>
<I5VjYqkgIHA.4672@xxxxxxxxxxxxxxxxxxxxxx>
<885394C5-87AB-4E98-B379-520807BC5B10@xxxxxxxxxxxxx>
<XI2Jg3OhIHA.360@xxxxxxxxxxxxxxxxxxxxxx>
<mQnbaZOiIHA.6264@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Problems with security requirements in Windows WorkGroups.
Date: Tue, 18 Mar 2008 07:43:02 -0700


Ok Steven, I will wait until you test a non-domain environment (remember
I
tested a WorkGroup).

Thanks,

Domingo.


""Steven Cheng"" wrote:

Hi Domingo,

I have performed some tests on the projects, so far I've tried running
it
on multiple machines (such as XP or windows 2k3 server). I have domain
environment, so I use local accounts to run both of them and here is
the
result:

** with duplicated account(same username/password), it works

** with a normal local account(only exists on client machine), it fails.

I'll try establising a non-domain environment to see whether it
differs.
It
may take some further time since all my existing local test environment
are
in domain.

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments
and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------

Date: Thu, 13 Mar 2008 09:37:14 GMT
Subject: RE: Problems with security requirements in Windows WorkGroups.
X-Tomcat-NG: microsoft.public.dotnet.languages.csharp
Message-ID: <XI2Jg3OhIHA.360@xxxxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.dotnet.languages.csharp
Lines: 227
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.languages.csharp:79936
NNTP-Posting-Host: TOMCATIMPORT3 10.201.220.210

Hi Domingo,

I've got the email. Seems it is origially routered to an incorrect
folder
which made me miss it. I'll perform some test on it and let you know
my
results.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments
and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of
service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
From: =?Utf-8?B?d29taW4=?= <vt_supervisor@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <800CF03C-C49C-4E08-B27F-681FEBC8F60D@xxxxxxxxxxxxx>
<p3vBGF1fIHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<975D4CC3-0401-4DB3-A064-C4D3E5D2C9DA@xxxxxxxxxxxxx>
<I5VjYqkgIHA.4672@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Problems with security requirements in Windows
WorkGroups.
Date: Wed, 12 Mar 2008 02:40:00 -0700


Hi again, Steven.

I have sent you an email some days ago with the example code to the
address
you wrote me below. Did you receive it? If not, please let me know to
try
to
send it again.

Thank you very much, sincerally,

Domingo.

--
Domingo L�³pez.
Software Engineer & Project Manager.
Visual Tools.



""Steven Cheng"" wrote:

Thanks for your reply Domingo,

You can reach me through the following email:

"stcheng" + "@" + "microsoft.com"

Best regards,

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your
comments
and
suggestions about how we

can improve the support we provide to you. Please feel free to let
my
manager know what you think of

the level of service provided. You can send feedback directly to my
manager
at: msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
From: =?Utf-8?B?d29taW4=?=
<vt_supervisor@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <800CF03C-C49C-4E08-B27F-681FEBC8F60D@xxxxxxxxxxxxx>
<p3vBGF1fIHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Problems with security requirements in Windows
WorkGroups.
Date: Thu, 6 Mar 2008 08:57:02 -0800


Hello Steven, first of all, thank you for your quick answer.

Yes, of course I have a security error as you can read in the
error
message
I obtain:

"A remote side security requirement was not fulfilled during
authentication.
Try increase the ProtectionLevel and/or ImpersonationLevel".

(No Inner Exception is thrown)

I can give you some code generated for the error purpose. It
consists
in a
small chat application between a client (ChatClient) and a server
(ChatServer). By the way, how should I send you the code? I can
not
find a
way in my web news interface... :(

I am executing the example in two machines with Windows XP, the
same
users
and passwords in both machines and belonging to a WorkGroup.

When I try to use the TCP channel I get the error (with NO inner
exception
messages) I have written above.

Thanks again and regards,

Domingo.
--
Domingo LÃ?Æ?Ã?³pez.
Software Engineer & Project Manager.
Visual Tools.



""Steven Cheng"" wrote:

Hi Domingo,

From your description, I got that you're encountering some
security
error
when using .net remoting to communicate between client , server
application, correct?

Based on my experience, this general error message could be
caused
by
many
things such as user identity not supplied, or the client and
server
channel's security setting not match.....

As for the error, what's the innerException, generally the inner
exception
may provide some further information. Also, for non-domain
machines
that
need to communicate under windows authentication, you need to
use
a
duplicated account(with same username/password) on both sides.
If
convenient, you can try creating a simplified client/server
project
pair(with a very simple remoting class) to demonstrate the
problem.
And
you
can send me the package so that I can also perform some tests on
my
side.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to



http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#not
i
f
ications.



Note: The MSDN Managed Newsgroup support offering is for
non-urgent
issues
where an initial response from the community or a Microsoft
Support
Engineer within 1 business day is acceptable. Please note that
each
follow
up response may take approximately 2 business days as the
support
professional working with you may need further investigation to
reach
the
most efficient resolution. The offering is not appropriate for
situations
that require urgent, real-time or phone-based interactions or
complex
project analysis and dump analysis issues. Issues of this nature
are
best
handled working with a dedicated Microsoft Support Engineer by
contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers
no
rights.


--------------------
From: =?Utf-8?B?d29taW4=?=
<vt_supervisor@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Problems with security requirements in Windows
WorkGroups.
Date: Wed, 5 Mar 2008 07:21:03 -0800

Hello everybody,

I have a .NET C# client-server application that is being used
in
two
machines with Windows XP installed. Both the client and the
server
are
executed into users of a Work Group.

I am using .NET Remoting to connect the client and the server
with
a
TCP
channel. The registration of the channel is made by using the
following
code:

"ChannelServices.RegisterChannel(channel, true);"

Where "channel" is a TCP channel. The ensureSecurity option is
set
to
"true"
in order to ensure the channel encryption.

Both the client and sever must send objects to each other
(usually
using a
proxy).

The problem is, although this environment works well in most of
the
cases,
I
have an example where I obtain the following error text when
the
server
tries
to access the client proxy (the error is displayed in the
client):

"A remote side security requirement was not fulfilled during
authentication.
Try increase the ProtectionLevel and/or ImpersonationLevel".

It is important to remark that the (.NET Remoting) proxies have
right
permissions when accessing the server from the client.

After that, I have proved making the following change to the
TCP
channel:

"ChannelServices.RegisterChannel(channel, false);"

That is, setting "false" the ensureSecurity option. So this
means
(as
the
Microsoft documentation says) that the channel will be
encrypted
only
in
case
it is possible. So in this case the error is resolved because
although
the
server does not have the proper client credentials, the channel
will
not




.

Relevant Pages

  • RE: Problems with security requirements in Windows WorkGroups.
    ... Steven Cheng ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Upgrading Windows SharePoint Services 2.0 scalable hosting mod
    ... It's bad enough that the thread has it seems moved offline so the rest of us miss out on the chance of seeing any useful information, but could you both at least please spare the newsgroup these updates about off-line exchanges of e-mail! ... Steven Cheng wrote: ... Microsoft MSDN Online Support Lead ... Please feel free to let my manager know what you think of the level of service provided. ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: Transferring membership parameters
    ... Steven Cheng ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ...
    (microsoft.public.dotnet.general)
  • RE: Error with VS 2008 when adding WCF Service
    ... Steven Cheng ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ... Error with VS 2008 when adding WCF Service ...
    (microsoft.public.vsnet.general)
  • Re: ASP.NET choose website project or web application project
    ... Steven Cheng ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ... Get notification to my posts through email? ...
    (microsoft.public.vsnet.general)