Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CoCreateInstanceEx failure Access is Denied

1,022 views
Skip to first unread message

Moshe Haim

unread,
Jul 24, 2003, 9:10:01 AM7/24/03
to
Hi,

I have a COM server (out of process EXE).

I have installed it on a machine, set the default
authentication level to none and added "Allow"
to "Everyone" for launch and access premissions.
I set the launching to "Interactive User"

When I try CoCreateInstance from 1 machine to another I
get "Access is denied". (same situation reversing the
machines works!).

It works only when I set the default authentication level
to "None" and default impersonation level to "Impersonate"
on the machine that has the server.

However I understand this can be done programatically.
I tried adding CoInitializeSecurity like this right after
CoInitializeEx in the client app.

HRESULT hrSecurity=CoInitializeSecurity(NULL, 0, NULL,
NULL, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE,
NULL, EOAC_NONE, NULL);

I also added the COAUTHINFO member to the COSERVERINFO in
CoCreateInstanceEx so it requests authentication
level "None" and Impersonation level "Impersonate".
(I found these in articles on how to disable COM
authentication).

It still doesn't work. More than that, it seems that
calling CoCreateInstanceEx with these parameters causes it
to fail even when I set the defaults to None/Impersonate.

Can anyone please tell me:
1. What am I doing wrong?
2. I really want my process to allow anyone, so disabling
authentication seems a good idea, can you give me detailed
explenation on how to do it programatically?

Thanks,
Moshe.


Santhosh Pillai [MS]

unread,
Jul 24, 2003, 1:12:29 PM7/24/03
to
Are these 2 machines in the same domain?
Does the System Event log tell you anything about the user that's trying to
access the Server?
What happens if you try to run the simple sample 259011
(http://support.microsoft.com/?id=259011)?


"Moshe Haim" <mosh...@hotmail.com> wrote in message
news:0df401c351e4$e42291d0$a001...@phx.gbl...

Moshe Haim

unread,
Jul 27, 2003, 3:47:10 AM7/27/03
to
Hi,

The 2 machines are under the same domain.

The system event log does not show my errors. but it does
show "Access is denied" error when another machine tried
to connect to it (a different DCOM server).

The simple app works very nicely.
I am using ATL to generate the executable and I re-tried
it today:
wrote a simple DCOM ATL object. No aggregarion, STA, no
connection points etc.

used nmake to create Proxy/Stub DLL.

Wrote a simple console app like the sample one and I still

get "Access is denied".

I do however know that the remote machine does not have
access to manage the user accounts on it while my machine
does, can that be the problem?

But if so, why did the simple app work fine?

Thanks,
Moshe.

>.
>

Santhosh Pillai [MS]

unread,
Jul 27, 2003, 1:35:31 PM7/27/03
to
The simple app turns off Security.
You may want to comment out the CoInitializeSecurity call on the ATL Server
and try again.

In short, if you are using DCOM securely (with Authentication turned on on
both the machines), and if the DCOM server is running under "Launching
User", then whoever is logged on in the client machine should have Access
Permissions and if the Server if it is NOT already launched, the account
should also have Launch permissions.

There are a bunch of KBs describing this in detail.


"Moshe Haim" <mosh...@hotmail.com> wrote in message

news:034c01c35413$492b1d60$a501...@phx.gbl...

0 new messages