Share via

DCOM calls to methods returns E_ACCESSDANIED general access denied error after successfull CoCreateInstanceEx Windows 10

Question

Monday, December 26, 2016 6:51 PM

I am making a simple client to connect to an OPC Server via DCOM on a virtual machine. I tested the same code on a Windows 7 Machine and it worked properly, but after moving the coding to Windows 10 it stopped working (the virtual machine containing the DCOM server is the same). The point is that I am able to instantiate a the COM object but I am not able to call any of its methods because I am receiving the E_ACCESSDENIED result. These are the steps:

I am making a simple client to connect to an OPC Server via DCOM on a virtual machine. I tested the same code on a Windows 7 Machine and it worked properly, but after moving the coding to Windows 10 it stopped working (the virtual machine containing the DCOM server is the same). The point is that I am able to instantiate a the COM object but I am not able to call any of its methods because I am receiving the E_ACCESSDENIED result. These are the steps:

I am firstly calling CoInitializeSecurity this way:

hr = CoInitialize(0);
hr = CoInitializeSecurity(
        0, 
        -1, 
        NULL, 
        NULL, 
        RPC_C_AUTHN_LEVEL_CONNECT, 
        RPC_C_IMP_LEVEL_IMPERSONATE,
        NULL, 
        EOAC_NONE, 
        NULL);

After that I call CoCreateInstanceEx:
tagMULTI_QI res;
res.pIID = &__uuidof(IOPCServer);
res.pItf = NULL;

hr = CoCreateInstanceEx(
    clsid,
    NULL,
    CLSCTX_INPROC_SERVER,
    &sin,
    1,
    &res);

This returns hr = S_OK and the res.hr has S_OK value as well. But after that any call retrieves E_ACCESSDENIED result. This is:

hr = server->GetStatus(&status);

IOPCItemProperties* ItemProperties;

hr = server->QueryInterface(
            __uuidof(IOPCItemProperties),
            (void**)&ItemProperties);

Any idea what can be causing the problem? Could be someting related to the Windows 10 OS?

All replies (8)

Tuesday, December 27, 2016 8:18 AM

Hi daiiniel,

Thank you for posting here.

According to error message(E_ACCESSDENIED) ,I think that The user's privileges are causing this problem. Did you try to use the RPC_C_AUTHN_LEVEL_NONE property**. ** If it succeeds, increase the user's privileges

If the data be passed within client and server. Maybe you can use the RPC_C_AUTHN_LEVEL_PKT

Authenticates the credentials of the client only when the client establishes a relationship with the server. Datagram transports always use RPC_AUTHN_LEVEL_PKT instead

Best Regards,

Hart

Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].

Tuesday, January 3, 2017 12:51 PM

Hello Hart,

Many thanks for your support, and sorry for my lates presponse. The point is that the same code works when it runs on a Windows 7 machine and it does not when it runs on a Windows 10 one. So I don't know if I have change any COM or DCOM configuration on the Windows 10 SO in order to connect.

Once I run the program in the Windows 10 machine I am able to instantiate the COM object (it returns S_OK) but I am not able to call any of its methods (they retun S_ACCESSDENIED).

I tried the tips you gave me but then I was not able to call CoCreateInstanceEx.

My actual code is:

hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);

    hr = CoInitializeSecurity(
        0,
        -1,
        NULL,
        NULL,
        RPC_C_AUTHN_LEVEL_CONNECT,
        RPC_C_IMP_LEVEL_IMPERSONATE,
        NULL,
        EOAC_NONE,
        NULL);

    char* user = "User";
    char* domain = "";
    char* password = "password";

    COAUTHIDENTITY id;

    id.User = (USHORT*)user;
    id.UserLength = strlen(user);

    id.Domain = (USHORT*)domain;
    id.DomainLength = strlen(domain);

    id.Password = (USHORT*)password;
    id.PasswordLength = strlen(password);

    id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

    COAUTHINFO coin;

    coin.dwAuthnSvc = RPC_C_AUTHN_WINNT;
        coin.dwAuthzSvc = RPC_C_AUTHZ_NONE;
        coin.pwszServerPrincName = NULL;
        coin.dwAuthnLevel = RPC_C_AUTHN_LEVEL_CONNECT;
        coin.dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE;
        coin.pAuthIdentityData = &id;
        coin.dwCapabilities = EOAC_NONE;
    COSERVERINFO sin;

    sin.dwReserved1 = 0;
    sin.dwReserved2 = 0;
    sin.pwszName = L"192.168.56.101";
    sin.pAuthInfo = &coin;

    tagMULTI_QI res;

    res.pIID = &__uuidof(IOPCServerList2);
    res.pItf = NULL;

    hr = CoCreateInstanceEx(
        clsid,
        NULL,
        CLSCTX_REMOTE_SERVER,
        &sin,
        1,
        &res);

    enumerator = (IOPCServerList2*) res.pItf;

    CLSID serverCLSID;

    GUID specification = CATID_OPCDAServer30;
    
    IOPCEnumGUID* availableServers = NULL;

    hr = enumerator->EnumClassesOfCategories(
        1,
        &specification,
        0,
        NULL,
        &availableServers);

Many thanks again.

Regards

Thursday, January 5, 2017 2:25 AM

Hi,

I am not sure whether the user account privilege cause the issue. Did you use administrator account to run you application.

Best Regards,

Hart

Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].

Friday, January 6, 2017 12:48 PM

I was not using them , but I tried it with no luck :(

Monday, January 9, 2017 6:04 AM

Hi,

Could you please provide a reproducing demo for us to test the issue on windows 10?

I am not sure whether this is bug. Maybe some settings we cannot find. You can upload the demo on one driver .

Best Regards,

Hart

Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].

Monday, January 9, 2017 4:40 PM

Good Afternoon Hart,

I will first check whether it works having the COM server and the client in the same machine and I will came back to here. By the mean time I will prepare the virtual machine and the code.

Again, many thanks.

Wednesday, January 11, 2017 2:21 AM

Hi daiiniel,

Why you delete your reply that has been marked as answer. If you encounter some issue, please feel free to contact us.

Best Regards,

Hart

if your issue has been resolved, please remember to close your thread by marking useful posts as answer that can be helpful for other person with same issue.

Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].

Wednesday, February 1, 2017 9:30 AM | 1 vote

Hello Hart,

Sorry for not have replied during all this time.

Finally I discovered the problem. After instantatiating the COM object in the remote server it seems it is needed to set some security settings to the instantiated object so that he can impersonate the user on the remote server. So I had to use CoSetProxyBlanket before using the object.

COAUTHIDENTITY id;

    id.User = (USHORT*)user;
    id.UserLength = (DWORD)strlen(user);

    id.Domain = (USHORT*)domain;
    id.DomainLength = (DWORD)strlen(domain);

    id.Password = (USHORT*)password;
    id.PasswordLength = (DWORD)strlen(password);

    id.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

    return CoSetProxyBlanket(
        instance,
        RPC_C_AUTHN_WINNT,
        RPC_C_AUTHZ_NONE,
        NULL,
        RPC_C_AUTHN_LEVEL_CALL,
        RPC_C_IMP_LEVEL_IMPERSONATE,
        &id,
        EOAC_NONE);
  • Last updated on