Warning....XP SP2 and DCom
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 7 of 7

Thread: Warning....XP SP2 and DCom

  1. #1
    Join Date
    Apr 2002
    Location
    Melbourne, Victoria, Australia
    Posts
    1,792

    Warning....XP SP2 and DCom

    Installed XP SP2 on my work machine today (to cure a problem of a roaming profile not being found). Anyway, our DCom object decided to promptly stop working for me - but continued working for all the win2k developers.

    Ended up deleting the firewall that the service pack put in, no difference. 3 of us spent 3 hrs trying to get msdn to give up the secret....trying all sorts of different things, eventually figured out the problem with the roaming profile was less of a problem than not being able to work, so rolled back the service pack install. All is ok now (apart from the roaming profile)
    Be nice to Harley riders...

  2. #2
    Join Date
    Jul 2000
    Location
    Milano, Italy
    Posts
    7,726
    Here author says Dcom security has been improved. Hope Microsoft did not improve so
    much that now you cannot use it anymore...
    from http://www.updatexp.com/windows-xp-service-pack-2.html
    After installing XP Service Pack 2 RC2 the Windows Firewall is enabled by default...

    1) This might "break" application compatibility, if the application does not work
    with "stateful filtering" by default. (Windows Firewall uses a process called
    stateful packet filtering.)

    2) It may also conflict with other active software and hardware firewalls... now
    more folks are using routers with built-in firewalls on their Broadband
    connections, there is room for conflicts to happen here!
    and
    Applications that perform just-in-time (JIT) code generation or execute memory
    from the default process stack or heap MAY lead to problems in the Windows XP
    Service pack 2 "Execution Protection" environment. In some rare circumstances an
    application may cease to function.
    Last edited by Cimperiali; August 12th, 2004 at 04:53 AM.
    ...at present time, using mainly Net 4.0, Vs 2010



    Special thanks to Lothar "the Great" Haensler, Chris Eastwood , dr_Michael, ClearCode, Iouri and
    all the other wonderful people who made and make Codeguru a great place.
    Come back soon, you Gurus.

  3. #3
    Join Date
    Jul 2000
    Location
    Milano, Italy
    Posts
    7,726

    some more infos on Xp sp2 and Dcom

    from http://blogs.msdn.com/greggm/archive...29/200907.aspx

    the big change is that if the client and server are running on different
    machines, and the Client is running on XP SP2, then this will no longer
    work
    [...]
    XP SP2 introduces the concept of machine wide security limits for DCOM. The
    default limits require that all remote requests must from an authenticated user.
    The way this used to work is that the server would impersonate the client
    (CoImpersonateClient), this would give the server an impersonation token that
    represents the client user. This token is very useful as long as the server only
    tries to use it on the serverís machine. However, when the server tries to use it
    on another machine, it wonít work.
    [...]
    To make this work, you need to stop impersonating the client in the server, and
    instead find a way to make the callbacks work using the server processís identity.
    If you are on the same domain (or domains with two-way trust), the easy way to
    do this is to run the server as Local System or Network Service. These accounts
    can make calls off the box using credentials from the machine account. You could
    also use a domain account, or a local account which exists on both machines with
    the same user name and password. If the machines arenít on the same domain
    (or domains with two-way trust), then you need to have accounts with matching
    user names and passwords.

    ...at present time, using mainly Net 4.0, Vs 2010



    Special thanks to Lothar "the Great" Haensler, Chris Eastwood , dr_Michael, ClearCode, Iouri and
    all the other wonderful people who made and make Codeguru a great place.
    Come back soon, you Gurus.

  4. #4
    Join Date
    Jul 2000
    Location
    Milano, Italy
    Posts
    7,726

    This seems interesting...

    I do not have Xp, so neither sp2 of Xp, ence couldd not test, but the following seems promising as how to make Dcom work...
    http://blogs.tonygoodhew.com/xpsp2/a...05/19/271.aspx
    ...at present time, using mainly Net 4.0, Vs 2010



    Special thanks to Lothar "the Great" Haensler, Chris Eastwood , dr_Michael, ClearCode, Iouri and
    all the other wonderful people who made and make Codeguru a great place.
    Come back soon, you Gurus.

  5. #5
    Join Date
    Apr 2002
    Location
    Melbourne, Victoria, Australia
    Posts
    1,792
    Thanks for the help, Cesare - we've looked at pretty much everything we could find on the web to no avail (I don't think I saw the blogs though - I'll show the other guys tomorrow morning). I did turn the firewall off - still no better. The problem seems to come on the Server.CreateObject() call. User carrying out the call is administrator on the client and on the domain.

    Both client and server are on the same domain, I'm not too sure about the security aspect (not exactly my area) but security on the dcom object is pretty tight as it writes to a police database (and no, I can't do anything about your traffic fines)...

    The major problem is that our client (see if you can guess who they are) is about to start a system wide upgrade to XP SP2 - and obviously if they do, our applications will no longer work unless we can find the answer. I believe my boss is going to be raising a service call with M$ about this.

    I'm going to have a bit more of a read and see if anything is said that we haven't already tried.
    Be nice to Harley riders...

  6. #6
    Join Date
    Apr 2002
    Location
    Melbourne, Victoria, Australia
    Posts
    1,792
    Quote Originally Posted by Cimperiali
    Here author says Dcom security has been improved. Hope Microsoft did not improve so
    much that now you cannot use it anymore...
    Oh yeah - M$ have improved security so much that if you install SP2 your machine is basically stand alone!!!!!!

    Can anyone tell that I'm not impressed
    Be nice to Harley riders...

  7. #7
    Join Date
    May 2000
    Location
    Wi, USA
    Posts
    144

    Re: Warning....XP SP2 and DCom

    DCOM still works with XP SP2. You just have to change some settings.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center