-
August 12th, 2004, 03:00 AM
#1
Warning....XP SP2 and DCom
Installed XP SP2 on my work machine today (to cure a problem of a roaming profile not being found). Anyway, our DCom object decided to promptly stop working for me - but continued working for all the win2k developers.
Ended up deleting the firewall that the service pack put in, no difference. 3 of us spent 3 hrs trying to get msdn to give up the secret....trying all sorts of different things, eventually figured out the problem with the roaming profile was less of a problem than not being able to work, so rolled back the service pack install. All is ok now (apart from the roaming profile)
Be nice to Harley riders...
-
August 12th, 2004, 03:37 AM
#2
Here author says Dcom security has been improved. Hope Microsoft did not improve so
much that now you cannot use it anymore...
from http://www.updatexp.com/windows-xp-service-pack-2.html
After installing XP Service Pack 2 RC2 the Windows Firewall is enabled by default...
1) This might "break" application compatibility, if the application does not work
with "stateful filtering" by default. (Windows Firewall uses a process called
stateful packet filtering.)
2) It may also conflict with other active software and hardware firewalls... now
more folks are using routers with built-in firewalls on their Broadband
connections, there is room for conflicts to happen here!
and
Applications that perform just-in-time (JIT) code generation or execute memory
from the default process stack or heap MAY lead to problems in the Windows XP
Service pack 2 "Execution Protection" environment. In some rare circumstances an
application may cease to function.
Last edited by Cimperiali; August 12th, 2004 at 03:53 AM.
...at present time, using mainly Net 4.0, Vs 2010
Special thanks to Lothar "the Great" Haensler, Chris Eastwood , dr_Michael, ClearCode, Iouri and
all the other wonderful people who made and make Codeguru a great place.
Come back soon, you Gurus.
-
August 12th, 2004, 03:45 AM
#3
some more infos on Xp sp2 and Dcom
from http://blogs.msdn.com/greggm/archive...29/200907.aspx
the big change is that if the client and server are running on different
machines, and the Client is running on XP SP2, then this will no longer
work
[...]
XP SP2 introduces the concept of machine wide security limits for DCOM. The
default limits require that all remote requests must from an authenticated user.
The way this used to work is that the server would impersonate the client
(CoImpersonateClient), this would give the server an impersonation token that
represents the client user. This token is very useful as long as the server only
tries to use it on the server’s machine. However, when the server tries to use it
on another machine, it won’t work.
[...]
To make this work, you need to stop impersonating the client in the server, and
instead find a way to make the callbacks work using the server process’s identity.
If you are on the same domain (or domains with two-way trust), the easy way to
do this is to run the server as Local System or Network Service. These accounts
can make calls off the box using credentials from the machine account. You could
also use a domain account, or a local account which exists on both machines with
the same user name and password. If the machines aren’t on the same domain
(or domains with two-way trust), then you need to have accounts with matching
user names and passwords.
...at present time, using mainly Net 4.0, Vs 2010
Special thanks to Lothar "the Great" Haensler, Chris Eastwood , dr_Michael, ClearCode, Iouri and
all the other wonderful people who made and make Codeguru a great place.
Come back soon, you Gurus.
-
August 12th, 2004, 03:59 AM
#4
This seems interesting...
I do not have Xp, so neither sp2 of Xp, ence couldd not test, but the following seems promising as how to make Dcom work...
http://blogs.tonygoodhew.com/xpsp2/a...05/19/271.aspx
...at present time, using mainly Net 4.0, Vs 2010
Special thanks to Lothar "the Great" Haensler, Chris Eastwood , dr_Michael, ClearCode, Iouri and
all the other wonderful people who made and make Codeguru a great place.
Come back soon, you Gurus.
-
August 12th, 2004, 05:49 AM
#5
Thanks for the help, Cesare - we've looked at pretty much everything we could find on the web to no avail (I don't think I saw the blogs though - I'll show the other guys tomorrow morning). I did turn the firewall off - still no better. The problem seems to come on the Server.CreateObject() call. User carrying out the call is administrator on the client and on the domain.
Both client and server are on the same domain, I'm not too sure about the security aspect (not exactly my area) but security on the dcom object is pretty tight as it writes to a police database (and no, I can't do anything about your traffic fines)...
The major problem is that our client (see if you can guess who they are) is about to start a system wide upgrade to XP SP2 - and obviously if they do, our applications will no longer work unless we can find the answer. I believe my boss is going to be raising a service call with M$ about this.
I'm going to have a bit more of a read and see if anything is said that we haven't already tried.
Be nice to Harley riders...
-
August 12th, 2004, 05:51 AM
#6
Originally Posted by Cimperiali
Here author says Dcom security has been improved. Hope Microsoft did not improve so
much that now you cannot use it anymore...
Oh yeah - M$ have improved security so much that if you install SP2 your machine is basically stand alone!!!!!!
Can anyone tell that I'm not impressed
Be nice to Harley riders...
-
December 10th, 2004, 10:03 AM
#7
Re: Warning....XP SP2 and DCom
DCOM still works with XP SP2. You just have to change some settings.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|