'access denied' calling remote DCOM NT service from ASP

Discussion in 'ASP General' started by Sergey V, Jun 27, 2005.

  1. Sergey V

    Sergey V Guest

    Having following problem

    1. Client: ASP application with anonymous access to be running as
    DOMAIN\my_user on WinXP
    2. Server: DCOM NT Service runs on remote host (W2K Server) under the same
    account DOMAIN\my_user
    security within server is initialized using
    hr = CoInitializeSecurity(&appid, -1, NULL, NULL, 0, 0, 0, EOAC_APPID,
    NULL);

    when trying to access the application from ASP - gettting
    DCOM got error "General access denied error " from the computer MY_SERVER
    when attempting to activate the server:
    in System event log. Granting "everyone" on target system resolves the
    problem, but I would like to have limited user access.

    When running the same client scenario from test C++ application running
    under DOMAIN\my_user interactive account - everything works with no problem.

    The question is what could be wrong with configuration of security under
    IIS?

    Thanks in advance.
    Sergey V, Jun 27, 2005
    #1
    1. Advertising

  2. Sergey V

    Jeff Fink Guest

    "Sergey V" <> wrote in message
    news:...
    > when trying to access the application from ASP - gettting
    > DCOM got error "General access denied error " from the computer MY_SERVER
    > when attempting to activate the server:
    > in System event log. Granting "everyone" on target system resolves the
    > problem, but I would like to have limited user access.
    >
    > When running the same client scenario from test C++ application running
    > under DOMAIN\my_user interactive account - everything works with no

    problem.
    >
    > The question is what could be wrong with configuration of security under
    > IIS?


    Are you logging on via the web page or running anonymous? Does the
    anonymous user have access via DCOM?
    Jeff Fink, Jun 28, 2005
    #2
    1. Advertising

  3. Sergey V

    Sergey V Guest

    "Jeff Fink" <> wrote in message
    news:%...
    >
    > "Sergey V" <> wrote in message
    > news:...
    >> when trying to access the application from ASP - gettting
    >> DCOM got error "General access denied error " from the computer MY_SERVER
    >> when attempting to activate the server:
    >> in System event log. Granting "everyone" on target system resolves the
    >> problem, but I would like to have limited user access.
    >>
    >> When running the same client scenario from test C++ application running
    >> under DOMAIN\my_user interactive account - everything works with no

    > problem.
    >>
    >> The question is what could be wrong with configuration of security under
    >> IIS?

    >
    > Are you logging on via the web page or running anonymous? Does the
    > anonymous user have access via DCOM?
    >
    >


    IIS Virtual Directory security is set to anonymous, but "Account used for
    anonymous access" is DOMAIN\my_user. And I suppose it should be used to both
    access file system and make RPC calls. Isn't it? Did not found references on
    that topic in documentation.
    Sergey V, Jun 28, 2005
    #3
  4. Sergey V

    Sergey V Guest

    Solved: 'access denied' calling remote DCOM NT service from ASP

    Just found the solution, the trick is to :



    1.. Set IIS Virtual Dir "Application Protection" to High (Isloated), now
    we'll get COM+ application registered


    2.. Go to Control Panel -> Administrative Tools -> Component service

    and find the application under Component Services -> My Computer -> COM+
    Applications :

    and specify the user on Identity tab


    "Sergey V" <> wrote in message
    news:...
    > Having following problem
    >
    > 1. Client: ASP application with anonymous access to be running as
    > DOMAIN\my_user on WinXP
    > 2. Server: DCOM NT Service runs on remote host (W2K Server) under the same
    > account DOMAIN\my_user
    > security within server is initialized using
    > hr = CoInitializeSecurity(&appid, -1, NULL, NULL, 0, 0, 0, EOAC_APPID,
    > NULL);
    >
    > when trying to access the application from ASP - gettting
    > DCOM got error "General access denied error " from the computer MY_SERVER
    > when attempting to activate the server:
    > in System event log. Granting "everyone" on target system resolves the
    > problem, but I would like to have limited user access.
    >
    > When running the same client scenario from test C++ application running
    > under DOMAIN\my_user interactive account - everything works with no
    > problem.
    >
    > The question is what could be wrong with configuration of security under
    > IIS?
    >
    > Thanks in advance.
    >
    >
    >
    Sergey V, Jun 28, 2005
    #4
  5. Sergey V

    Jeff Fink Guest

    "Sergey V" <> wrote in message
    news:...
    >
    > IIS Virtual Directory security is set to anonymous, but "Account used for
    > anonymous access" is DOMAIN\my_user. And I suppose it should be used to

    both
    > access file system and make RPC calls. Isn't it? Did not found references

    on
    > that topic in documentation.


    Saw that you found your solution, but I thought I would comment on your
    question. Several years ago, I worked at MS in Redmond and was given the
    task of setting up a prototype web personalization system using existing MS
    products so we could do performance measurements of the different
    components. The idea being that we would use the best parts and build
    better ones for the places where performance was a problem.

    So I put the system together and used an early ADSI build to query a DS from
    an ASP web page (IIS 4). I found dramatically different results when
    querying via ASP versus an identical VBS script run from the command line.
    So different in fact, that you could only query ADSI 64 times via ASP
    (didn't matter if it was 64 times on one page or 64 pages with 1 query)
    before the Windows LDAP client would lock up and stop issuing queries. The
    VBS script had no such limitations.

    They got me a fix, but I never really understood what the problem was. The
    only difference between my ASP and VBS code was the function I called to
    output the results. So there was something in IIS that greatly affected the
    way the objects were called and run. I would suspect that in some ways
    there still is.

    -Jeff
    Jeff Fink, Jun 29, 2005
    #5
  6. Sergey V

    Brian Muth Guest

    This really has nothing to do with the OP's problem.

    The reason Sergey hit an access denied, is that by default, an ASP
    application runs as IWAN_<computer>.

    Brian
    Brian Muth, Jun 29, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex
    Replies:
    3
    Views:
    1,495
    Alvin Bruney
    Dec 2, 2003
  2. bri

    access denied...dcom server

    bri, Dec 2, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    2,495
  3. DotNetJunkies User

    Access denied to DCOM ASP.net WinXP sp2

    DotNetJunkies User, Oct 8, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    472
    =?Utf-8?B?VWJiZTE3?=
    Oct 11, 2004
  4. =?Utf-8?B?VWJiZTE3?=

    access denied to DCOM, winXP sp2

    =?Utf-8?B?VWJiZTE3?=, Oct 8, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    3,126
    =?Utf-8?B?VWJiZTE3?=
    Oct 14, 2004
  5. Replies:
    1
    Views:
    3,462
    CyberOwl
    Sep 7, 2009
Loading...

Share This Page