473,225 Members | 1,136 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,225 software developers and data experts.

The problem in WMI access to remote server with Windows Credentials

Hello,

Can anybody help to solve the following problem?

My Windows Service trying to access remote machine to get WindowsDirectory
Property over Win32_OperatingSystem WMI class. Both servers are in the same
Active Directory domain, so I create special active directory user and
impersonate to it before invoke WMI.

My code looks like:

foreach (WMI.OperatingSystem sysTest in
WMI.OperatingSystem.GetInstances(scope, new string[] {
"WindowsDirectory" }))
{
return sysTest.WindowsDirectory;
}

This code works fine if I specify UserName and password in the scope, but it
is fail if I use WindowsImpersonation (and specify null as userName in the
scope) with the following error:

System.ArgumentException: Value does not fall within the expected range.
at
System.Runtime.InteropServices.Marshal.ThrowExcept ionForHRInternal(Int32
errorCode, IntPtr errorInfo)
at System.Management.SecurityHandler.Secure(IEnumWbem ClassObject
enumWbem)
at System.Management.ManagementObjectCollection.GetEn umerator()
at WMI.OperatingSystem.OperatingSystem0Collection.Get Enumerator()

The problem here:
public class System.Management.ManagementObjectCollection
{
//...
public ManagementObjectEnumerator GetEnumerator()
{
//...
IEnumWbemClassObject ppEnum = null;
int errorCode = 0;
try
{
errorCode = this.enumWbem.Clone_(out ppEnum);
this.scope.GetSecurityHandler().Secure(ppEnum); //<<<<<<<<< Error
!!!!!!!!!!!!

if ((errorCode & 0x80000000) == 0)
{
errorCode = ppEnum.Reset_();
}
}

The IEnumWbemClassObject.Clone fails with code WBEM_E_ACCESS_DENIED and
returns ppEnum with null, then IWmiSec.BlessIEnumWbemClassObject (It is
called inside SecurityHandler.Secure) fails with ArgumentException.

The most strange in it is this code don't fail if I invoke it from
interactive user (not in service).

Can anybody help me to understand how to fix or workaround this problem? I
found only one solution: to create object without enumerate by specify
direct management path, but it is work only for objects like Win32_Service
here I can build this path, but for Win32_OperatingSystem I can't build
management path because its look like
"\\Server\root\CimV2:Win32_OperatingSystem.Name="M icrosoft Windows Server
2003 Enterprise Edition|C:\\WINDOWS|\\Device\\Harddisk0\\Partition 1" and I
have no idea how to build such path remotely.

Thanks.

Vadim Malishev
PEM Windows Platform Services Team Leader
SWsoft, Inc.
E-mail: vm*******@swsoft.com
Phone: +7 923 240 04 48
ICQ UIN: 74989244
Skype nick: lboos75
Google talk: lb*****@gmail.com
MSN: lb*****@gmail.com
Web Site: http://www.swsoft.com

Jun 8 '07 #1
2 4734
"Vadim Malishev" <vm*******@swsoft.comwrote in message
news:eh**************@TK2MSFTNGP04.phx.gbl...
Hello,

Can anybody help to solve the following problem?

My Windows Service trying to access remote machine to get WindowsDirectory
Property over Win32_OperatingSystem WMI class. Both servers are in the
same
Active Directory domain, so I create special active directory user and
impersonate to it before invoke WMI.

My code looks like:

foreach (WMI.OperatingSystem sysTest in
WMI.OperatingSystem.GetInstances(scope, new string[] {
"WindowsDirectory" }))
{
return sysTest.WindowsDirectory;
}

This code works fine if I specify UserName and password in the scope, but
it
is fail if I use WindowsImpersonation (and specify null as userName in the
scope) with the following error:

System.ArgumentException: Value does not fall within the expected range.
at
System.Runtime.InteropServices.Marshal.ThrowExcept ionForHRInternal(Int32
errorCode, IntPtr errorInfo)
at System.Management.SecurityHandler.Secure(IEnumWbem ClassObject
enumWbem)
at System.Management.ManagementObjectCollection.GetEn umerator()
at WMI.OperatingSystem.OperatingSystem0Collection.Get Enumerator()

The problem here:
public class System.Management.ManagementObjectCollection
{
//...
public ManagementObjectEnumerator GetEnumerator()
{
//...
IEnumWbemClassObject ppEnum = null;
int errorCode = 0;
try
{
errorCode = this.enumWbem.Clone_(out ppEnum);
this.scope.GetSecurityHandler().Secure(ppEnum); //<<<<<<<<< Error
!!!!!!!!!!!!

if ((errorCode & 0x80000000) == 0)
{
errorCode = ppEnum.Reset_();
}
}

The IEnumWbemClassObject.Clone fails with code WBEM_E_ACCESS_DENIED and
returns ppEnum with null, then IWmiSec.BlessIEnumWbemClassObject (It is
called inside SecurityHandler.Secure) fails with ArgumentException.

The most strange in it is this code don't fail if I invoke it from
interactive user (not in service).

Can anybody help me to understand how to fix or workaround this problem? I
found only one solution: to create object without enumerate by specify
direct management path, but it is work only for objects like Win32_Service
here I can build this path, but for Win32_OperatingSystem I can't build
management path because its look like
"\\Server\root\CimV2:Win32_OperatingSystem.Name="M icrosoft Windows Server
2003 Enterprise Edition|C:\\WINDOWS|\\Device\\Harddisk0\\Partition 1" and I
have no idea how to build such path remotely.

Thanks.

Vadim Malishev
PEM Windows Platform Services Team Leader
SWsoft, Inc.
E-mail: vm*******@swsoft.com
Phone: +7 923 240 04 48
ICQ UIN: 74989244
Skype nick: lboos75
Google talk: lb*****@gmail.com
MSN: lb*****@gmail.com
Web Site: http://www.swsoft.com




Please post your code, posting a piece of System.Management's implementation
is of no use for us.
What we need is a small but complete sample that illustrates the issue (a
console sample!), we need to see how you set-up the scope.
Also you need to make sure that the impersonating thread is the thread that
calls the remote server, from your description it looks like the call is
made using the process token (using the Service process identity), not the
impersonating token.
Also we need some more context, what OS and Framework version are you
running this from?

Willy.
Jun 8 '07 #2
Sorry for the answer delay.
Please post your code, posting a piece of System.Management's
implementation is of no use for us.
What we need is a small but complete sample that illustrates the issue (a
console sample!), we need to see how you set-up the scope.
It is not easy.

It is:
MPF (Microsoft Provisioning Framework) provider. This provider registered to
impersonate to the system user (created by installer). This part is
correct - DCOM impersonate my code before invoke Process method. After that
I try to connect WMI.
Also you need to make sure that the impersonating thread is the thread
that calls the remote server, from your description it looks like the call
is made using the process token (using the Service process identity), not
the impersonating token.
Good idea - thank you - I will check it.
Also we need some more context, what OS and Framework version are you
running this from?
Win2003 Ent, .NET 2.
>
Willy.

Vadim.
Jun 13 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Bryce | last post by:
In reference to Q173339, this code works fine if accessing a local queue on the same Server as the IIS is running, but fails if accessing a remote queue I have provided credentials via Anonymous...
21
by: Kevin Swanson | last post by:
I'm attempting some remote registry manipulation via C#. I've written a test app to simply grab a specified key from a specified hive on a specified machine. The call to OpenSubKey is throwing...
4
by: Ian | last post by:
Can anyone help I have a web server on the internet with and ASP.NET application on it, the application is set to allow Anonymous Access and Integrated Windows. The Web.config is set to use...
2
by: Stu | last post by:
Using IIs 6.0 on a Server 2003 box, and using ASP.NET I'm trying to do the following code snippit... Dim NewName As String = "\\network_share_path\edit_me.ppt" Dim PubName As String =...
1
by: Jody Gelowitz | last post by:
We are having an issue in that when trying to read a file that is on Server2 from Server1 (through our ASP.NET project), we receive the error: Access to the path "\\Server2\MyShare\MyFile.tif" is...
1
by: maz01 | last post by:
Hello All, I am developing an application in visual basic 2005 that will run continuously in the background on a users workstation. This application will automatically transfer files from the...
7
by: | last post by:
I'm writing an ASP.NET app, using Visual Studio 2003. VS is running locally on my laptop, but the web app is running on a remote server. My laptop is not in the domain. I do have a domain account....
7
by: =?Utf-8?B?a21jY29za2V5?= | last post by:
I'm trying to access an access database on the file server from a web server using asp.net and IIS 6.0. I can do it when I have anonymous access enabled in IIS 6.0 as in the public internet web...
2
by: Dave | last post by:
I have a web app that needs to access a folder on a different server. The other server "IS" on a domain. I tried using DirectoryInfo, even with a Virtual Directory, only to find that it pertains...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.