 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Component Services / October 2003COM+ User must be an Administrator??
I tried moving my web application from the development to production server. Development is running Windows 2000 Advanced Server, production is running Windows Server 2003. This is what I did to install it (on both Dev and Prod; the steps were identical): Moved COM objects to server Added COM objects to GAC Used regsvcs to register all objects from the GAC into COM+ (forty-something objects grouped into a half dozen or so applications) Created a local user account on the server Set each COM+ application to run with the Identity of that user (not "Interactive User") Copied the compiled web pages (including /bin folder) to the server Configured a new IIS web site, pointed to that folder On both machines, I can hit the web site and it brings up the login page fine (which is currently a very simple page that makes no object calls). When I log in, it makes a call to one of my COM objects (which then calls others). On Dev (the Win2k box), it runs fine, but on Prod (the Win2k3 box), I get the error included below (with a couple lines about "this was an unhandled exception" removed to make it a bit more brief). If I make the COM+ user a member of the machine's Administrators group, it runs fine, but that kind of defeats my intent of creating a new user. I'm registering the objects manually (using another, Administrators-group-member user) rather than using "automatic" or "lazy" registering, so that shouldn't be my issue. And it works as-is in Win2k. What do I need to do to get Win2k3 to allow it? Server Error in '/' Application. ---------------------------------------------------------------------------- Exception Details: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80131700. Stack Trace: [COMException (0x80131700): Exception from HRESULT: 0x80131700.] System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo) +0 System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, Boolean bQuerySCInfo, Boolean& bIsAnotherProcess, String& uri) +581 System.EnterpriseServices.ServicedComponentProxyAttribute.CreateInstance( Type serverType) +181 System.Runtime.Remoting.Activation.ActivationServices.IsCurrentContextOK( Type serverType, Object[] props, Boolean bNewObj) +74 MyWeb.LogOn.btSubmit_Click(Object sender, EventArgs e) in c:\inetpub\wwwroot\MyWeb\LogOn.aspx.vb:48 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler. RaisePostBackEvent(String eventArgument) +57 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain() +1277 ---------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573 Does nobody have any suggestions for me? I've asked this question in this and the FAQs newsgroups, and neither have received any responses. Is there more information that is needed? I am completely stuck on this and would appreciate any help. > I tried moving my web application from the development to production server. > Development is running Windows 2000 Advanced Server, production is running [quoted text clipped - 56 lines] > Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET > Version:1.1.4322.573 > Does nobody have any suggestions for me? I've asked this question in this > and the FAQs newsgroups, and neither have received any responses. Is there > more information that is needed? I am completely stuck on this and would > appreciate any help. </snip> Since, you are seeing this issue only in win2k3 and not in win2k, it seems like the privileges for a regular "user" is less then what it used to be in win2k. One of the things to try is to find the different account privileges that are provided to that user.When a user is assigned to a package, you needed that user to have at least "Logon as a Batch" privilege. I dont think this has changes. May be, you r user does not have that privilege in Win2k3.. Also, make sure that the user has a "non-blank" password. One of the account policies blocks using the a blank passworded user on packages etc. It only allows them on console logon only. Can that be the problem? Some things to check..  SignatureGirish Bharadwaj Thanks for the feedback. The user has "Logon as Batch" granted already, and there is a password supplied. I don't know if this provides any clue, but if I try running a non-.Net application (same setup as the .Net application, with a series of COM objects that gets called to get to the database), I get a "SQL Server does not exist or access denied" or "no default provider specified" error. The last COM object to be called goes to the registry to get the connection string and then creates an ADO connection with that string. The error changes depending on how I play with permissions, whether I have the COM user in the Users group or take him out and grant the user permissions to read the registry key. It only completely works if the user is in the Administrators group. (SQL Server is set for mixed-mode security, and I am using a SQL username/password to connect rather than Windows authentication.) > > Does nobody have any suggestions for me? I've asked this question in this > > and the FAQs newsgroups, and neither have received any responses. Is there [quoted text clipped - 14 lines] > Can that be the problem? > Some things to check.. One of the things to try might be to allow that NT user to have access to SQL server.. Basically, as a valid login. Usually, on a default install of SQL server, BUILTIN/Administrators have "administrative" access to the SQL server as well. You might want to add the new user into the allowed logins. If that works, maybe you are seeing the same problem that is in non-NET application in a different manner. > Thanks for the feedback. The user has "Logon as Batch" granted already, and > there is a password supplied. [quoted text clipped - 33 lines] > > Can that be the problem? > > Some things to check.. .Net problem is different, because it's not even loading the component that queries the database. As to the other, that would really be interesting. It would leave me wondering, as whom am I really logging in? As the NT account who created the ADO connection, or as the SQL account I specified in the connection string? In the older application, it's the SQL account that has permissions to do what it needs to do. I'd have to go through and grant permissions to the NT account as well, which seems like an unnecessary pain. > One of the things to try might be to allow that NT user to have access to > SQL server.. Basically, as a valid login. Usually, on a default install of [quoted text clipped - 42 lines] > > > Can that be the problem? > > > Some things to check.. > (SQL Server is set for mixed-mode security, and I am >using a SQL username/password to connect rather than Windows >authentication.) In your scenario, SQL connection defaults to using Win32 Named Pipes and Windows authentication even if you provide SQL username/password pair in the connection string. You could do the following to change that: 1. Install SQL client tools, and use it to change the default ( per machine) 2. Change the registry manually to change the default ( per machine) 3. Add "Network Library=dbmssocn" to the connection string to override the default IMHO, the 3rd choice is superior. Try this out with the non-.NET client first. Here is a few links to read about this: PRB: Error "Client Unable to Establish Connection" When You Open ADO Connection from Within MTS/COM+ Component http://support.microsoft.com/default.aspx?scid=kb;en-us;300357 HOWTO: Change SQL Server Default Network Library Without Using Client Network Utility http://support.microsoft.com/default.aspx?scid=kb;en-us;250550 HOWTO: Set the SQL Server Network Library in an ADO Connection String http://support.microsoft.com/default.aspx?scid=kb;en-us;238949 Slava Gurevich >Thanks for the feedback. The user has "Logon as Batch" granted already, and >there is a password supplied. [quoted text clipped - 33 lines] >> Can that be the problem? >> Some things to check.. More weirdness. If I add "Network Library=dbmssocn" (or just "Network=dbmssocn" as suggested by one of the MS links), it doesn't connect at all, even with the COM+ user in the Admin group. And if I check the protocols on the Server and Client Network Utilities, TCP/IP is the only one enabled. The connection string is: "Provider=SQLOLEDB.1;Persist Security Info=False; User ID=<userid>;pwd=<password>;Initial Catalog=<db name>;Data Source=." I've tried changing Data Source to 127.0.0.1, localhost, and the name of the machine, but nothing worked. It only works if Data Source is . and Network Library is not specified, and the COM+ user is an Administrator. MDAC 2.8 is installed. > > (SQL Server is set for mixed-mode security, and I am > >using a SQL username/password to connect rather than Windows [quoted text clipped - 64 lines] > >> Can that be the problem? > >> Some things to check.. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.