Access is denied
Closed this issue · 11 comments
GoogleCodeExporter commented
1. Worked fine in development
2. Production server on windows 2008 threw an exception on
manager.GetRemoteServer(_serverName). There is no way to send crendentials.
at Cassia.Impl.NativeMethodsHelper.GetSessionInfos
(ITerminalServerHandle server)\r\n at
Cassia.Impl.TerminalServer.GetSessions()\r\n at
mw.Operations.Plugin.Editorial.FilingDocumentControl.GetActiveSessionInfo()
\r\n at
mw.Operations.Plugin.Editorial.FilingDocumentControl.InvokeRemoteConnection
()\r\n at
mw.Operations.Plugin.Editorial.FilingDocumentControl.OpenDocument()\r\n
at mw.Operations.Plugin.Editorial.ReleaseForm.Open(String releaseID,
String sourceID, String regionId, String officeId, String contentTypeId,
String customerId, String releaseCode, String company, String
grdJobStatus, String languageCode, String language, String loginName)
\r\n at mw.Operations.Plugin.Editorial.EditorialControl.OpenRelease
(String ReleaseID, String SourceID, String regionId, String officeId,
String contentTypeId, String customerId, String releaseTypeId, String
Company, String grdJobStatus, String languageCode, String language)\r\n
at mw.Operations.Plugin.Editorial.EditorialControl.OpenSelectedRelease()
\r\n at mw.Operations.Plugin.Editorial.EditorialControl.mnuOpen_Click
(Object sender, EventArgs e)\r\n at Telerik.WinControls.RadItem.OnClick
(EventArgs e)\r\n at Telerik.WinControls.UI.RadButtonItem.OnClick
(EventArgs e)\r\n at Telerik.WinControls.UI.RadMenuItem.OnClick
(EventArgs e)\r\n at Telerik.WinControls.RadItem.DoClick(EventArgs e)
\r\n at Telerik.WinControls.RadItem.PerformClick()\r\n at
Telerik.WinControls.UI.RadDropDownMenu.OnMouseClick(MouseEventArgs e)
\r\n at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons
button, Int32 clicks)\r\n at System.Windows.Forms.Control.WndProc
(Message& m)\r\n at Telerik.WinControls.RadControl.WndProc(Message& m)
\r\n at Telerik.WinControls.UI.RadPopupControlBase.WndProc(Message& m)
\r\n at System.Windows.Forms.Control.ControlNativeWindow.WndProc
(Message& m)\r\n at System.Windows.Forms.NativeWindow.Callback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)"
Original issue reported on code.google.com by tellmani...@gmail.com
on 17 Mar 2010 at 10:17
GoogleCodeExporter commented
If you want to send credentials, you would need to use impersonation, as the
underlying
Windows Terminal Services API does not provide any functions that take user
name/password
information. See the following blog post:
http://blogs.msdn.com/shawnfa/archive/2005/03/21/400088.aspx
As for the access denied exception:
- What version of Cassia are you using?
- What version of Windows is the client machine running (the one calling
GetSessions())?
- Do both the client and server machines belong to the same domain?
- Does the user account that the code is running under have administrator
privileges on the
remote server? Is that account a domain account or local account?
Original comment by danports
on 18 Mar 2010 at 12:13
GoogleCodeExporter commented
- What version of Cassia are you using?
Latest version
- What version of Windows is the client machine running (the one calling
GetSessions
())?
Windows Server 2008
- Do both the client and server machines belong to the same domain?
Yes
- Does the user account that the code is running under have administrator
privileges
on the
remote server?
No. It will be any user in active directory
Is that account a domain account or local account?
User logged in will have domain account.
Original comment by tellmani...@gmail.com
on 18 Mar 2010 at 1:40
GoogleCodeExporter commented
> No. It will be any user in active directory
That might be your issue there. Does it work if you run the code under an
account that
is an administrator on the remote server?
Original comment by danports
on 18 Mar 2010 at 12:48
GoogleCodeExporter commented
Getting and Access denied error as well.
I am using impersonate = "true" I have checked to make sure that my
credentials are
being impersonated. I have admin access to the servers in question.
If I remote into the server hosting my ASP.NET App and access
http://localhost/myapp
from within RDP everything works as expected.
However, if I access my app from any other machine via http://<<address>>/myapp
I
get access denied on server.open();
It works fine if I run it localy on any machine but as soon as I host it I get
access denied.
Original comment by TheHosp...@gmail.com
on 29 Mar 2010 at 5:17
GoogleCodeExporter commented
@TheHospice: This sounds like a UAC issue.
- What version of Cassia are you using?
- Are you calling GetRemoteServer() regardless of whether the app is accessed
via
localhost or http://some-name?
- What version of Windows is the client machine running (the one calling
server.Open())?
- What version of Windows is the server machine running (the one you are trying
to
query with server.Open())?
- Do both the client and server machines belong to the same domain?
- Could you attach a simple reproduction case for this? That would be very
helpful,
as I haven't been able to reproduce this sort of problem to date.
Original comment by danports
on 30 Mar 2010 at 1:23
- Changed title: Access is denied
GoogleCodeExporter commented
You could try disabling remote UAC on the terminal server as discussed in the
WMI docs
here: http://msdn.microsoft.com/en-us/library/aa826699(VS.85).aspx. I'm
thinking that
the named pipe hardening in Vista/2008 (http://msdn.microsoft.com/en-
us/library/bb757001.aspx) has something to do with this problem.
Original comment by danports
on 4 Apr 2010 at 3:37
GoogleCodeExporter commented
I had a similar issue, it turns out I was just doing impersonation wrong, here
is a
sample program that uses impersonation to talk to another machine that is not
on the
domain.
Original comment by left...@gmail.com
on 5 May 2010 at 7:59
Attachments:
GoogleCodeExporter commented
Thanks for the feedback and the impersonation sample, leftler. I suspect that
there
could be multiple reasons for the access denied exception, making it a bit hard
to
track down what the issue is in each server configuration. It might be a good
idea to
add a feature to the library to make it easier to do impersonation, even though
the
LogonUser API is not TS-related per se. I'll create a separate issue to track
that.
Original comment by danports
on 5 May 2010 at 11:04
GoogleCodeExporter commented
Closing this issue since I haven't heard any further complaints and wasn't able
to reproduce the issue. If anyone has anything to add, we can always reopen the
issue.
Original comment by danports
on 17 Apr 2011 at 12:25
- Changed state: Invalid
GoogleCodeExporter commented
I am running into something similar to this I think. I am a little unclear if
I am expecting the library to do more than it can. I am trying to connect to
get information about sessions running on RDC clients, not an actual terminal
server. Is this possible? I am a domain admin so I don't see how that could
be a problem. I think you only need to use impersonation if I am connecting
from a machine that does not have credentials over the client. As of right now
I can use the library to successfully get info about 2003 and 2008 terminal
server, connecting from a windows XP machine. I am actually trying to do the
opposite though, I would like those servers to be able to determine if client
machines are in use, idle, etc. Whenever I attempt this I get an "Access
Denied" error. Any ideas on this?
Original comment by MathewJS...@gmail.com
on 13 Jun 2011 at 3:24
GoogleCodeExporter commented
Mathew,
Are you trying to determine whether the console session on a given workstation
is idle or to which remote desktop servers a given workstation is connected?
See also this thread:
http://groups.google.com/group/cassia-users/browse_thread/thread/1a6d65d7f22782b
6?hl=en
If you'd like to continue this conversation, it would probably be better to do
that on the Cassia users mailing list here:
http://groups.google.com/group/cassia-users?hl=en
Original comment by danports
on 13 Jun 2011 at 4:58