|
|
You're in the
dotnet component services
group:COM+ User must be an Administrator??
dotnet component services:
Development is running Windows 2000 Advanced Server, production is running Windows Server 2003. This is what I did to install it (on both Dev and Prod; the steps were identical): Moved COM objects to server Added COM objects to GAC Used regsvcs to register all objects from the GAC into COM+ (forty-something objects grouped into a half dozen or so applications) Created a local user account on the server Set each COM+ application to run with the Identity of that user (not "Interactive User") Copied the compiled web pages (including /bin folder) to the server Configured a new IIS web site, pointed to that folder On both machines, I can hit the web site and it brings up the login page fine (which is currently a very simple page that makes no object calls). When I log in, it makes a call to one of my COM objects (which then calls others). On Dev (the Win2k box), it runs fine, but on Prod (the Win2k3 box), I get the error included below (with a couple lines about "this was an unhandled exception" removed to make it a bit more brief). If I make the COM+ user a member of the machine's Administrators group, it runs fine, but that kind of defeats my intent of creating a new user. I'm registering the objects manually (using another, Administrators-group-member user) rather than using "automatic" or "lazy" registering, so that shouldn't be my issue. And it works as-is in Win2k. What do I need to do to get Win2k3 to allow it? Server Error in '/' Application. ---------------------------------------------------------------------------- Exception Details: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80131700. Stack Trace: [COMException (0x80131700): Exception from HRESULT: 0x80131700.] System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo) +0 System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, Boolean bQuerySCInfo, Boolean& bIsAnotherProcess, String& uri) +581 System.EnterpriseServices.ServicedComponentProxyAttribute.CreateInstance( Type serverType) +181 System.Runtime.Remoting.Activation.ActivationServices.IsCurrentContextOK( Type serverType, Object[] props, Boolean bNewObj) +74 MyWeb.LogOn.btSubmit_Click(Object sender, EventArgs e) in c:\inetpub\wwwroot\MyWeb\LogOn.aspx.vb:48 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler. RaisePostBackEvent(String eventArgument) +57 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain() +1277 ---------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
Does nobody have any suggestions for me? I've asked this question in this
and the FAQs newsgroups, and neither have received any responses. Is there more information that is needed? I am completely stuck on this and would appreciate any help. [quoted text, click to view] "DJ Miller" <qzvyyre@n-1erybpngvba.pbz.ROT13> wrote in message news:OvY5FPzlDHA.2528@TK2MSFTNGP10.phx.gbl... > I tried moving my web application from the development to production server. > Development is running Windows 2000 Advanced Server, production is running > Windows Server 2003. This is what I did to install it (on both Dev and > Prod; the steps were identical): > Moved COM objects to server > Added COM objects to GAC > Used regsvcs to register all objects from the GAC into COM+ > (forty-something objects grouped into a half dozen or so applications) > Created a local user account on the server > Set each COM+ application to run with the Identity of that user (not > "Interactive User") > Copied the compiled web pages (including /bin folder) to the server > Configured a new IIS web site, pointed to that folder > > On both machines, I can hit the web site and it brings up the login page > fine (which is currently a very simple page that makes no object calls). > When I log in, it makes a call to one of my COM objects (which then calls > others). On Dev (the Win2k box), it runs fine, but on Prod (the Win2k3 > box), I get the error included below (with a couple lines about "this was an > unhandled exception" removed to make it a bit more brief). If I make the > COM+ user a member of the machine's Administrators group, it runs fine, but > that kind of defeats my intent of creating a new user. I'm registering the > objects manually (using another, Administrators-group-member user) rather > than using "automatic" or "lazy" registering, so that shouldn't be my issue. > And it works as-is in Win2k. What do I need to do to get Win2k3 to allow > it? > > Server Error in '/' Application. > -------------------------------------------------------------------------- -- > > Exception Details: System.Runtime.InteropServices.COMException: Exception > from HRESULT: 0x80131700. > > Stack Trace: > > [COMException (0x80131700): Exception from HRESULT: 0x80131700.] > System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 > errorCode, IntPtr errorInfo) +0 > System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, > Boolean bQuerySCInfo, Boolean& bIsAnotherProcess, String& uri) +581 > > System.EnterpriseServices.ServicedComponentProxyAttribute.CreateInstance( > Type serverType) +181 > > System.Runtime.Remoting.Activation.ActivationServices.IsCurrentContextOK( > Type serverType, Object[] props, Boolean bNewObj) +74 > MyWeb.LogOn.btSubmit_Click(Object sender, EventArgs e) in > c:\inetpub\wwwroot\MyWeb\LogOn.aspx.vb:48 > System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 > > System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler. > RaisePostBackEvent(String eventArgument) +57 > System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler > sourceControl, String eventArgument) +18 > System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 > System.Web.UI.Page.ProcessRequestMain() +1277 > > -------------------------------------------------------------------------- -- > Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET > Version:1.1.4322.573 > > >
[quoted text, click to view]
DJ Miller wrote: </snip>> Does nobody have any suggestions for me? I've asked this question in this > and the FAQs newsgroups, and neither have received any responses. Is there > more information that is needed? I am completely stuck on this and would > appreciate any help. Since, you are seeing this issue only in win2k3 and not in win2k, it seems like the privileges for a regular "user" is less then what it used to be in win2k. One of the things to try is to find the different account privileges that are provided to that user.When a user is assigned to a package, you needed that user to have at least "Logon as a Batch" privilege. I dont think this has changes. May be, you r user does not have that privilege in Win2k3.. Also, make sure that the user has a "non-blank" password. One of the account policies blocks using the a blank passworded user on packages etc. It only allows them on console logon only. Can that be the problem? Some things to check.. -- Girish Bharadwaj
Thanks for the feedback. The user has "Logon as Batch" granted already, and
there is a password supplied. I don't know if this provides any clue, but if I try running a non-.Net application (same setup as the .Net application, with a series of COM objects that gets called to get to the database), I get a "SQL Server does not exist or access denied" or "no default provider specified" error. The last COM object to be called goes to the registry to get the connection string and then creates an ADO connection with that string. The error changes depending on how I play with permissions, whether I have the COM user in the Users group or take him out and grant the user permissions to read the registry key. It only completely works if the user is in the Administrators group. (SQL Server is set for mixed-mode security, and I am using a SQL username/password to connect rather than Windows authentication.) [quoted text, click to view] "Girish Bharadwaj" <girishb@nowhere> wrote in message news:ea9B4UamDHA.1072@TK2MSFTNGP09.phx.gbl... > DJ Miller wrote: > > Does nobody have any suggestions for me? I've asked this question in this > > and the FAQs newsgroups, and neither have received any responses. Is there > > more information that is needed? I am completely stuck on this and would > > appreciate any help. > </snip> > Since, you are seeing this issue only in win2k3 and not in win2k, it > seems like the privileges for a regular "user" is less then what it used > to be in win2k. One of the things to try is to find the different > account privileges that are provided to that user.When a user is > assigned to a package, you needed that user to have at least "Logon as a > Batch" privilege. I dont think this has changes. May be, you r user does > not have that privilege in Win2k3.. > Also, make sure that the user has a "non-blank" password. One of the > account policies blocks using the a blank passworded user on packages > etc. It only allows them on console logon only. > > > Can that be the problem? > Some things to check.. > > -- > Girish Bharadwaj >
One of the things to try might be to allow that NT user to have access to
SQL server.. Basically, as a valid login. Usually, on a default install of SQL server, BUILTIN/Administrators have "administrative" access to the SQL server as well. You might want to add the new user into the allowed logins. If that works, maybe you are seeing the same problem that is in non-NET application in a different manner. [quoted text, click to view] "DJ Miller" <qzvyyre@n-1erybpngvba.pbz.ROT13> wrote in message news:ec1UthnmDHA.708@TK2MSFTNGP10.phx.gbl... > Thanks for the feedback. The user has "Logon as Batch" granted already, and > there is a password supplied. > > I don't know if this provides any clue, but if I try running a non-.Net > application (same setup as the .Net application, with a series of COM > objects that gets called to get to the database), I get a "SQL Server does > not exist or access denied" or "no default provider specified" error. The > last COM object to be called goes to the registry to get the connection > string and then creates an ADO connection with that string. The error > changes depending on how I play with permissions, whether I have the COM > user in the Users group or take him out and grant the user permissions to > read the registry key. It only completely works if the user is in the > Administrators group. (SQL Server is set for mixed-mode security, and I am > using a SQL username/password to connect rather than Windows > authentication.) > > "Girish Bharadwaj" <girishb@nowhere> wrote in message > news:ea9B4UamDHA.1072@TK2MSFTNGP09.phx.gbl... > > DJ Miller wrote: > > > Does nobody have any suggestions for me? I've asked this question in > this > > > and the FAQs newsgroups, and neither have received any responses. Is > there > > > more information that is needed? I am completely stuck on this and > would > > > appreciate any help. > > </snip> > > Since, you are seeing this issue only in win2k3 and not in win2k, it > > seems like the privileges for a regular "user" is less then what it used > > to be in win2k. One of the things to try is to find the different > > account privileges that are provided to that user.When a user is > > assigned to a package, you needed that user to have at least "Logon as a > > Batch" privilege. I dont think this has changes. May be, you r user does > > not have that privilege in Win2k3.. > > Also, make sure that the user has a "non-blank" password. One of the > > account policies blocks using the a blank passworded user on packages > > etc. It only allows them on console logon only. > > > > > > Can that be the problem? > > Some things to check.. > > > > -- > > Girish Bharadwaj > > > >
[quoted text, click to view]
> (SQL Server is set for mixed-mode security, and I am >using a SQL username/password to connect rather than Windows >authentication.) In your scenario, SQL connection defaults to using Win32 Named Pipes and Windows authentication even if you provide SQL username/password pair in the connection string. You could do the following to change that: 1. Install SQL client tools, and use it to change the default ( per machine) 2. Change the registry manually to change the default ( per machine) 3. Add "Network Library=dbmssocn" to the connection string to override the default IMHO, the 3rd choice is superior. Try this out with the non-.NET client first. Here is a few links to read about this: PRB: Error "Client Unable to Establish Connection" When You Open ADO Connection from Within MTS/COM+ Component http://support.microsoft.com/default.aspx?scid=kb;en-us;300357 HOWTO: Change SQL Server Default Network Library Without Using Client Network Utility http://support.microsoft.com/default.aspx?scid=kb;en-us;250550 HOWTO: Set the SQL Server Network Library in an ADO Connection String http://support.microsoft.com/default.aspx?scid=kb;en-us;238949 Slava Gurevich On Fri, 24 Oct 2003 15:47:28 -0600, "DJ Miller" [quoted text, click to view] <qzvyyre@n-1erybpngvba.pbz.ROT13> wrote:
>Thanks for the feedback. The user has "Logon as Batch" granted already, and >there is a password supplied. > >I don't know if this provides any clue, but if I try running a non-.Net >application (same setup as the .Net application, with a series of COM >objects that gets called to get to the database), I get a "SQL Server does >not exist or access denied" or "no default provider specified" error. The >last COM object to be called goes to the registry to get the connection >string and then creates an ADO connection with that string. The error >changes depending on how I play with permissions, whether I have the COM >user in the Users group or take him out and grant the user permissions to >read the registry key. It only completely works if the user is in the >Administrators group. (SQL Server is set for mixed-mode security, and I am >using a SQL username/password to connect rather than Windows >authentication.) > >"Girish Bharadwaj" <girishb@nowhere> wrote in message >news:ea9B4UamDHA.1072@TK2MSFTNGP09.phx.gbl... >> DJ Miller wrote: >> > Does nobody have any suggestions for me? I've asked this question in >this >> > and the FAQs newsgroups, and neither have received any responses. Is >there >> > more information that is needed? I am completely stuck on this and >would >> > appreciate any help. >> </snip> >> Since, you are seeing this issue only in win2k3 and not in win2k, it >> seems like the privileges for a regular "user" is less then what it used >> to be in win2k. One of the things to try is to find the different >> account privileges that are provided to that user.When a user is >> assigned to a package, you needed that user to have at least "Logon as a >> Batch" privilege. I dont think this has changes. May be, you r user does >> not have that privilege in Win2k3.. >> Also, make sure that the user has a "non-blank" password. One of the >> account policies blocks using the a blank passworded user on packages >> etc. It only allows them on console logon only. >> >> >> Can that be the problem? >> Some things to check.. >> >> -- >> Girish Bharadwaj >> >
More weirdness.
If I add "Network Library=dbmssocn" (or just "Network=dbmssocn" as suggested by one of the MS links), it doesn't connect at all, even with the COM+ user in the Admin group. And if I check the protocols on the Server and Client Network Utilities, TCP/IP is the only one enabled. The connection string is: "Provider=SQLOLEDB.1;Persist Security Info=False; User ID=<userid>;pwd=<password>;Initial Catalog=<db name>;Data Source=." I've tried changing Data Source to 127.0.0.1, localhost, and the name of the machine, but nothing worked. It only works if Data Source is . and Network Library is not specified, and the COM+ user is an Administrator. MDAC 2.8 is installed. [quoted text, click to view] "Slava Gurevich" <vyach@hotmail.com> wrote in message news:3atopvovn0i1cevl6bmji31pihlc581crp@4ax.com... > > (SQL Server is set for mixed-mode security, and I am > >using a SQL username/password to connect rather than Windows > >authentication.) > > In your scenario, SQL connection defaults to using Win32 Named Pipes > and Windows authentication even if you provide SQL username/password > pair in the connection string. You could do the following to change > that: > > 1. Install SQL client tools, and use it to change the default ( per > machine) > 2. Change the registry manually to change the default ( per machine) > 3. Add "Network Library=dbmssocn" to the connection string to override > the default > > IMHO, the 3rd choice is superior. Try this out with the non-.NET > client first. Here is a few links to read about this: > > PRB: Error "Client Unable to Establish Connection" When You Open ADO > Connection from Within MTS/COM+ Component > http://support.microsoft.com/default.aspx?scid=kb;en-us;300357 > > HOWTO: Change SQL Server Default Network Library Without Using Client > Network Utility > http://support.microsoft.com/default.aspx?scid=kb;en-us;250550 > > HOWTO: Set the SQL Server Network Library in an ADO Connection String > http://support.microsoft.com/default.aspx?scid=kb;en-us;238949 > > > Slava Gurevich > > > On Fri, 24 Oct 2003 15:47:28 -0600, "DJ Miller" > <qzvyyre@n-1erybpngvba.pbz.ROT13> wrote: > > >Thanks for the feedback. The user has "Logon as Batch" granted already, and > >there is a password supplied. > > > >I don't know if this provides any clue, but if I try running a non-.Net > >application (same setup as the .Net application, with a series of COM > >objects that gets called to get to the database), I get a "SQL Server does > >not exist or access denied" or "no default provider specified" error. The > >last COM object to be called goes to the registry to get the connection > >string and then creates an ADO connection with that string. The error > >changes depending on how I play with permissions, whether I have the COM > >user in the Users group or take him out and grant the user permissions to > >read the registry key. It only completely works if the user is in the > >Administrators group. (SQL Server is set for mixed-mode security, and I am > >using a SQL username/password to connect rather than Windows > >authentication.) > > > >"Girish Bharadwaj" <girishb@nowhere> wrote in message > >news:ea9B4UamDHA.1072@TK2MSFTNGP09.phx.gbl... > >> DJ Miller wrote: > >> > Does nobody have any suggestions for me? I've asked this question in > >this > >> > and the FAQs newsgroups, and neither have received any responses. Is > >there > >> > more information that is needed? I am completely stuck on this and > >would > >> > appreciate any help. > >> </snip> > >> Since, you are seeing this issue only in win2k3 and not in win2k, it > >> seems like the privileges for a regular "user" is less then what it used > >> to be in win2k. One of the things to try is to find the different > >> account privileges that are provided to that user.When a user is > >> assigned to a package, you needed that user to have at least "Logon as a > >> Batch" privilege. I dont think this has changes. May be, you r user does > >> not have that privilege in Win2k3.. > >> Also, make sure that the user has a "non-blank" password. One of the > >> account policies blocks using the a blank passworded user on packages > >> etc. It only allows them on console logon only. > >> > >> > >> Can that be the problem? > >> Some things to check.. > >> > >> -- > >> Girish Bharadwaj > >> > > >
..Net problem is different, because it's not even loading the component that
queries the database. As to the other, that would really be interesting. It would leave me wondering, as whom am I really logging in? As the NT account who created the ADO connection, or as the SQL account I specified in the connection string? In the older application, it's the SQL account that has permissions to do what it needs to do. I'd have to go through and grant permissions to the NT account as well, which seems like an unnecessary pain. [quoted text, click to view] "girish bharadwaj" <girishb@nowhere> wrote in message news:%23S1c2Y%23mDHA.1708@TK2MSFTNGP12.phx.gbl... > One of the things to try might be to allow that NT user to have access to > SQL server.. Basically, as a valid login. Usually, on a default install of > SQL server, BUILTIN/Administrators have "administrative" access to the SQL > server as well. You might want to add the new user into the allowed logins. > If that works, maybe you are seeing the same problem that is in non-NET > application in a different manner. > > > "DJ Miller" <qzvyyre@n-1erybpngvba.pbz.ROT13> wrote in message > news:ec1UthnmDHA.708@TK2MSFTNGP10.phx.gbl... > > Thanks for the feedback. The user has "Logon as Batch" granted already, > and > > there is a password supplied. > > > > I don't know if this provides any clue, but if I try running a non-.Net > > application (same setup as the .Net application, with a series of COM > > objects that gets called to get to the database), I get a "SQL Server does > > not exist or access denied" or "no default provider specified" error. The > > last COM object to be called goes to the registry to get the connection > > string and then creates an ADO connection with that string. The error > > changes depending on how I play with permissions, whether I have the COM > > user in the Users group or take him out and grant the user permissions to > > read the registry key. It only completely works if the user is in the > > Administrators group. (SQL Server is set for mixed-mode security, and I > am > > using a SQL username/password to connect rather than Windows > > authentication.) > > > > "Girish Bharadwaj" <girishb@nowhere> wrote in message > > news:ea9B4UamDHA.1072@TK2MSFTNGP09.phx.gbl... > > > DJ Miller wrote: > > > > Does nobody have any suggestions for me? I've asked this question in > > this > > > > and the FAQs newsgroups, and neither have received any responses. Is > > there > > > > more information that is needed? I am completely stuck on this and > > would > > > > appreciate any help. > > > </snip> > > > Since, you are seeing this issue only in win2k3 and not in win2k, it > > > seems like the privileges for a regular "user" is less then what it used > > > to be in win2k. One of the things to try is to find the different > > > account privileges that are provided to that user.When a user is > > > assigned to a package, you needed that user to have at least "Logon as a > > > Batch" privilege. I dont think this has changes. May be, you r user does > > > not have that privilege in Win2k3.. > > > Also, make sure that the user has a "non-blank" password. One of the > > > account policies blocks using the a blank passworded user on packages > > > etc. It only allows them on console logon only. > > > > > > > > > Can that be the problem? > > > Some things to check.. > > > > > > -- > > > Girish Bharadwaj > > > > > > > > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
April 2008
May 2008
| home · blog · groups | Questions? Comments? Contact the dn |