Windows 7 DCOM not seeing interactive user - windows-7

I'm troubleshooting an issue having to do with Think N Do and Windows 7. I set the DCOM settings up as the manufacturer said they need to be. However, computers aren't connecting to each other. I have the computers set to automatically log on to an account at boot. This account is never logged out of.
What I'm finding is when I open a RDP to the computers they suddenly start to communicate with each other. As if it's finally seeing an interactive user. From my understanding of things by having an account automatically log on at boot that account is then the interactive user. Leaving RDP open at all times is not an option. Sometimes the customer forgets and closes out of the RDP session by Xing out of it, they don't log off so the program is still running in the background.
Does anyone have any idea what this could be? It's an issue at a couple customer locations for me.

Related

Password does not work after sleep

I’m going to try to be as thorough as I can, but if you have questions or would like additional tests. I will provide more detail as I can. I have a small number of computers exhibiting intermittent issues when waking from sleep.
Some details:
Bound to Active Directory (although the bind is likely broken when the issue occurs)
OSX - 10.12.3
Machine is Encrypted
Symptoms:
When a user sleeps their machine which enables a locked screen saver, and then attempts to wake the machine, they are unable to log in using their credentials.
If they click on "Switch User" they are then able to log into their account, however, they are not recognized as an admin and can not run sudo commands or unlock system preferences.
It seems, at least with the computer I was able to get hands on with, that they can not authenticate in terminal or system prefs UNLESS they change their network connection to reflect the connection that allowed them to log in. So if they switch user, then connect to wifi, they can not authenticate in sysprefs, but if they turn off wifi, then they are able to authenticate.
When clicking "Switch User" the wi-fi appears to drop, and thus, lets them log in.
Restarting resolves the issue for some users but not others (unverified, going off user input, the machine I restarted did resolve the issue, at least temporarily.)
Generally when I see this issue, the computer seems to have become unbound from Active Directory. Re-binding it appears to resolve the issue temporarily (until AD drops the keychain item again).
The issue was present prior to upgrading to OSX 10.12.
It seems to me like the computer knows to check with AD if the internet is available, but if AD is unreachable or the credentials are not accepted, then it does not know to default to the local cache, unless the internet is turned off completely. I'm not sure what file or files may be involved in that, but I would like to change that file to default to the local cache when internet is connected but AD is unreachable as well as when no internet is present.
This is an issue with the opendirectoryd daemon which bugs when trying to bind with AD.
The raw solution is basically to kill the daemon which will restart and rebind somehow.
There are many ways to automate the kill, a cronjob would work but will require to have the killall command run every minute, which is very dirty.
I am using sleepwatcher (available with homebrew) and set it to launch the kill command everytime the laptop is going out of sleep, which works like a charm.
It's a workaround, but seems Apple doesn't really work on a fix for that issue which is ongoing for years.

Script to update domain computer LastLogonDate?

So I've poked around looking for something like this for a while now, but can't seem to find anything anywhere. In our environment we have a script that disables computers after the last seen AD property on a computer is beyond 15 days. Since we are a mostly laptop environment and people frequently are not connected to the network when they login, the computers once they lock/unlock when eventually do get connected to the domain gets a trust relationship issue because obviously the computer is disabled in AD.
Has anyone seen a script that can run on the local computer that updates the LastLogonDate property in AD of the computer while the user is logged in? I was thinking of just pushing out a scheduled task to all computers that does this every 15 minutes if its even possible. Thanks!

Why does enumerating sessions give an extra on Windows 7?

If I enumerate sessions using LsaEnumerateLogonSessions() to give me a list of session LUIDs then LsaGetLogonSessionData() to get details of each session (as described on MSDN) then on Windows XP it behaves exactly as I would expect, showing one logged-on session for me plus some logons for services.
Running the same program on Windows 7 shows two logon sessions for me, plus the service sessions. The two sessions for me show up as the same user and the same logon time.
I was running some elevated processes so I thought that might be it, but the second session is still there when I close those down and even after a reboot. So does anyone know why there is a second session for each real logged-on user? How can you tell which is the "real" one?
Thanks
Tim
Some quick googling seems to indicate that Windows 7 (and probably Vista before it) creates two logon sessions for administrative users when UAC is enabled - one elevated and one not.

VB6 app not executing as scheduled task unless user is logged on

I would greatly appreciate some help on this one! It may be a tricky one. :)
Problem
I have an VB6 application which is set up as scheduled task. It starts every time, but when executing CreateObject() it fails if a user is not logged on to computer.
I am looking for information on what could cause this. My primary suspicion is that some Windows API fails.
Key points
Behaviour confirmed on Windows 2000, 2003, 2008 and Vista.
The application executes as user X at scheduled time, executed by Windows Task Scheduler.
It executes every time. Application does start!
If user X is logged on via RDP it runs perfectly. (Note that user doesn't need to be connected, only logged on)
If user X is not logged on to computer the application fails.
Failure point
Application fails when using CreateObject() to instantiate a DCOM object which is also part of the application.
The DCOM objects declare .dll-references at startup (globally/on top of .bas-file) and run a small startup function. Failure must be during startup, possibly in one of the .dll-declarations.
Thoughts
After some Googling my initial suspicion was directed at MAPI. From what I could see MAPI required user to be logged on. The application has MAPI references. But even with all MAPI references removed it still does not work.
What is the difference if an user is logged on? Registry mapping? Environment? Explorer.exe is running.
Isn't the user logged on when application executes as the user?
What info would help?
A definitive answer would be truly great.
Any information regarding any VB6 feature/Windows API that could act differently depending on whether user is logged on or not would definitively help.
Similar experiences may lead me in the right direction.
Tips on debugging this.
The VB application possibly needs to get hold on to running services that are only running when a user is logged on.
What is the "Identity" setting of the DCOM component.
C:\WINDOWS\system32\Com\comexp.msc
C:\WINDOWS\system32\Com\comexp.msc
Component Services
My Computer
DCOM Config
The DCOM Object, right click properties
Identity tab
Set it to "This User" and set a user with the required permissions, and then run the app as your self to see if the DCOM component can still work, then try again from the scheduler.
We never found out what caused this.
Instead I made a RDP client which I put in Scheduled Tasks. It logged on a user which had the required app in startup. After some time the RDP client forcefully logged out the user (to prevent runaway apps hanging the system).
Not the perfect solution, but a solution nevertheless.
has your VB6 forms?
because when you run scheduled, it run "as a service", so it can't have forms, or if it have forms an enviroment where to show them.
I don't remember what I have used, but exists generic "run as a service" converter exe to run windowed VB6 projects.
Also perhaps you can easy convert your code to run as a VBScript, and schedule it.

Vista Business Login and RDP Problems

At work, I running Vista Business on a lavishly new PC, which runs great excepting two issues. In order of annoyance, but not importance:
When I reboot the machine, the Windows Splash is presented asking me to Press Ctrl + ALT + DELETE so I can logon. It takes three to five minutes and seceral key presses for me to be prompted to select my user account. After which, everything works like a charm.
As part of my duties with the firm, I am responsible for emergency work on a rotating basis and deploying patches during off-business hours. I have been given an older laptop with XPSP2 (downloading 3 for kicks right now) which I use for browsing with the intention of RDP to my desktop in the offices. If I am connected at the domain through conventional means, I am able to RDP. However, if I am using an existing broadbad connection with VPN, I am not able to get access. I am able to access other servers, desktops running a variety of OS'es including Vista.
So umm any ideas guys?
as for 2 - this happens with some proprietary VPN software (i.e. Cisco). My solution was to perform my work duties in a Virtual PC (which doesn't need its normal LAN abilities) and do my other network/internet tasks in the physical machine.
I have a Vista at work and uses my home PC to rdc in for support work. I do not experience your problem 1 so I cannot offer any advice. For your second problem have you tried the IP address instead of the machine name? We have situations where sometimes the dns resolution in the office network is not accurate.
Do you have remote access enabled, either on the machine, via group policy?
If not, you might have to go into the Control Panel\System and Maintenance\System and choose Remote Settings (from the menu on the left).
That will show you the options for Remote Deskop, including Don't allow connections, Allow connections from any version of Remote Desktop, and Allow connections from computers running Remote Desktop with Network Level Authentication (which might be the hang up you are experiencing over the VPN).
Good Luck.
I have to chalk this up to "something wierd with my laptop" as I was able to download RoyalTS and connect to the machine just fine. I had Remote connections permitted, firewall disabled, McAffee gone and others could access the machine.
The advice garnered above is excellent and useful for your typical rdp connections

Resources