whypurplishblue/cassia

Access is denied

Closed this issue · 11 comments

1. Worked fine in development
2. Production server on windows 2008 threw an exception on 
manager.GetRemoteServer(_serverName). There is no way to send crendentials.


   at Cassia.Impl.NativeMethodsHelper.GetSessionInfos
(ITerminalServerHandle server)\r\n   at 
Cassia.Impl.TerminalServer.GetSessions()\r\n   at 
mw.Operations.Plugin.Editorial.FilingDocumentControl.GetActiveSessionInfo()
\r\n   at 
mw.Operations.Plugin.Editorial.FilingDocumentControl.InvokeRemoteConnection
()\r\n   at 
mw.Operations.Plugin.Editorial.FilingDocumentControl.OpenDocument()\r\n   
at mw.Operations.Plugin.Editorial.ReleaseForm.Open(String releaseID, 
String sourceID, String regionId, String officeId, String contentTypeId, 
String customerId, String releaseCode, String company, String 
grdJobStatus, String languageCode, String language, String loginName)
\r\n   at mw.Operations.Plugin.Editorial.EditorialControl.OpenRelease
(String ReleaseID, String SourceID, String regionId, String officeId, 
String contentTypeId, String customerId, String releaseTypeId, String 
Company, String grdJobStatus, String languageCode, String language)\r\n   
at mw.Operations.Plugin.Editorial.EditorialControl.OpenSelectedRelease()
\r\n   at mw.Operations.Plugin.Editorial.EditorialControl.mnuOpen_Click
(Object sender, EventArgs e)\r\n   at Telerik.WinControls.RadItem.OnClick
(EventArgs e)\r\n   at Telerik.WinControls.UI.RadButtonItem.OnClick
(EventArgs e)\r\n   at Telerik.WinControls.UI.RadMenuItem.OnClick
(EventArgs e)\r\n   at Telerik.WinControls.RadItem.DoClick(EventArgs e)
\r\n   at Telerik.WinControls.RadItem.PerformClick()\r\n   at 
Telerik.WinControls.UI.RadDropDownMenu.OnMouseClick(MouseEventArgs e)
\r\n   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons 
button, Int32 clicks)\r\n   at System.Windows.Forms.Control.WndProc
(Message& m)\r\n   at Telerik.WinControls.RadControl.WndProc(Message& m)
\r\n   at Telerik.WinControls.UI.RadPopupControlBase.WndProc(Message& m)
\r\n   at System.Windows.Forms.Control.ControlNativeWindow.WndProc
(Message& m)\r\n   at System.Windows.Forms.NativeWindow.Callback(IntPtr 
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)"

Original issue reported on code.google.com by tellmani...@gmail.com on 17 Mar 2010 at 10:17

If you want to send credentials, you would need to use impersonation, as the 
underlying 
Windows Terminal Services API does not provide any functions that take user 
name/password 
information. See the following blog post:
http://blogs.msdn.com/shawnfa/archive/2005/03/21/400088.aspx

As for the access denied exception:
- What version of Cassia are you using?
- What version of Windows is the client machine running (the one calling 
GetSessions())?
- Do both the client and server machines belong to the same domain?
- Does the user account that the code is running under have administrator 
privileges on the 
remote server? Is that account a domain account or local account?

Original comment by danports on 18 Mar 2010 at 12:13

- What version of Cassia are you using?
Latest version
- What version of Windows is the client machine running (the one calling 
GetSessions
())?
Windows Server 2008
- Do both the client and server machines belong to the same domain?
Yes
- Does the user account that the code is running under have administrator 
privileges 
on the 
remote server? 
No. It will be any user in active directory
Is that account a domain account or local account?
User  logged in will have domain account.

Original comment by tellmani...@gmail.com on 18 Mar 2010 at 1:40

> No. It will be any user in active directory

That might be your issue there. Does it work if you run the code under an 
account that 
is an administrator on the remote server?

Original comment by danports on 18 Mar 2010 at 12:48

Getting and Access denied error as well.
I am using impersonate = "true"  I have checked to make sure that my 
credentials are 
being impersonated. I have admin access to the servers in question.

If I remote into the server hosting my ASP.NET App and access 
http://localhost/myapp 
from within RDP everything works as expected. 

However, if I access my app from any other machine via http://<<address>>/myapp 
I 
get access denied on server.open(); 

It works fine if I run it localy on any machine but as soon as I host it I get 
access denied.

Original comment by TheHosp...@gmail.com on 29 Mar 2010 at 5:17

@TheHospice: This sounds like a UAC issue.
- What version of Cassia are you using?
- Are you calling GetRemoteServer() regardless of whether the app is accessed 
via
localhost or http://some-name?
- What version of Windows is the client machine running (the one calling 
server.Open())?
- What version of Windows is the server machine running (the one you are trying 
to
query with server.Open())?
- Do both the client and server machines belong to the same domain?
- Could you attach a simple reproduction case for this? That would be very 
helpful,
as I haven't been able to reproduce this sort of problem to date.

Original comment by danports on 30 Mar 2010 at 1:23

  • Changed title: Access is denied
You could try disabling remote UAC on the terminal server as discussed in the 
WMI docs 
here: http://msdn.microsoft.com/en-us/library/aa826699(VS.85).aspx. I'm 
thinking that 
the named pipe hardening in Vista/2008 (http://msdn.microsoft.com/en-
us/library/bb757001.aspx) has something to do with this problem.

Original comment by danports on 4 Apr 2010 at 3:37

I had a similar issue, it turns out I was just doing impersonation wrong, here 
is a
sample program that uses impersonation to talk to another machine that is not 
on the
domain.

Original comment by left...@gmail.com on 5 May 2010 at 7:59

Attachments:

Thanks for the feedback and the impersonation sample, leftler. I suspect that 
there 
could be multiple reasons for the access denied exception, making it a bit hard 
to 
track down what the issue is in each server configuration. It might be a good 
idea to 
add a feature to the library to make it easier to do impersonation, even though 
the 
LogonUser API is not TS-related per se. I'll create a separate issue to track 
that.

Original comment by danports on 5 May 2010 at 11:04

Closing this issue since I haven't heard any further complaints and wasn't able 
to reproduce the issue. If anyone has anything to add, we can always reopen the 
issue.

Original comment by danports on 17 Apr 2011 at 12:25

  • Changed state: Invalid
I am running into something similar to this I think.  I am a little unclear if 
I am expecting the library to do more than it can.  I am trying to connect to 
get information about sessions running on RDC clients, not an actual terminal 
server.  Is this possible?  I am a domain admin so I don't see how that could 
be a problem.  I think you only need to use impersonation if I am connecting 
from a machine that does not have credentials over the client.  As of right now 
I can use the library to successfully get info about 2003 and 2008 terminal 
server, connecting from a windows XP machine.  I am actually trying to do the 
opposite though, I would like those servers to be able to determine if client 
machines are in use, idle, etc.  Whenever I attempt this I get an "Access 
Denied" error.  Any ideas on this?

Original comment by MathewJS...@gmail.com on 13 Jun 2011 at 3:24

Mathew,

Are you trying to determine whether the console session on a given workstation 
is idle or to which remote desktop servers a given workstation is connected?

See also this thread: 
http://groups.google.com/group/cassia-users/browse_thread/thread/1a6d65d7f22782b
6?hl=en

If you'd like to continue this conversation, it would probably be better to do 
that on the Cassia users mailing list here: 
http://groups.google.com/group/cassia-users?hl=en

Original comment by danports on 13 Jun 2011 at 4:58