Registration-free COM not working on Windows Server 2003 - windows

I have created the necessary manifests for my COM server DLL and a client application to work registration-free in Windows XP. I've tested all kinds of combinations (with and without a registration) and in all cases the client application sees the side-by-side version of the library if the manifests are present, and the registered one if not (or a COM error if there is no registration at all). I've tested on my Windows XP development machine, and given the files (DLL, client EXE and one manifest for each) to co-workers, who've also run everything successfully on their own Windows XP machines. The manifests are external XML files, not embedded resources. So far, so good.
However, when I copy the files to a Windows Server 2003 machine, it doesn't work. I get a silent failure, but an application error in the Application Event Log (see below). If I unregister the DLL and remove the manifests, I get a similar error (silent at the command prompt, but an application error in the event log). Obviously there is some problem finding the registration. I have reproduced this on every Windows Server 2003 machine I can access at our company. According to the Microsoft documentation on side-by-side/registration-free COM, it's supposed to work on Windows XP and later, and Windows Server 2003 and later.
To be clear, the same client runs perfectly on those same Windows Server 2003 machines against a registered (i.e., using regsvr32) version of the same COM DLL, under the same login credentials I'm trying to use for registration-free COM. In other words, there are no intrinsic issues masquerading as registration-free COM problems - this client and server operate fine when the server is registered globally in the registry.
Anybody have any ideas of how to investigate further? I'm not an expert on Windows Server, but is there perhaps some policy setting that would need to be changed to enable this support? If I can locate the necessary change, our tech support/infrastructure people will probably have no probably doing it, but I can't rely on them to research the issue too as they are swamped.
In case it matters (I don't think it should, but you never know) the DLL is written in Delphi 2007, while the client is written in Visual C++.
Event Type: Information
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 5/2/2009
Time: 8:07:45 AM
User: N/A
Computer: ***server name****
Description:
Reporting queued error: faulting application ***program name***.exe, version 0.0.0.0, faulting module ***program name***.exe, version 0.0.0.0, fault address 0x0002ac9e.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

One thing to look for is that whether the exe has an internal manifest. In XP, the exe manifest search order is external then internal. In Server 2003 and later, the order is internal then external.

With a COM server created in Delphi 7, I have seen similar problems if the COM server was unregistered and the client application started under a restricted user account, because Delphi's COM implementation always tried to update the registration information, even when the DLL's RegisterServer function was not explicitly called.
To see whether this is a problem, attempt to run the client application on an account with unrestricted administrative privileges.
MSDN mentions, that under Windows 2003, problems with registration free COM servers should be detailed in a specific section of the system event log:
When troubleshooting registration-free
COM issues, the Event Viewer on
Windows Server 2003 is your friend.
When Windows XP or Windows Server 2003
detects a configuration error it will
typically show an error message box
titled for the application you have
launched and containing the message
"This application has failed to start
because the application configuration
is incorrect. Reinstalling the
application may fix this problem." I
advise that whenever you see this
message you reproduce the problem on
Windows Server 2003, consult the
System Event Log and look for events
from the SideBySide source. The reason
I don't suggest that you look at the
Windows XP Event Log in these cases is
that it will invariably contain a
message such as "Generate Activation
Context failed for [path][application
filename].Manifest. Reference error
message: The operation completed
successfully," which doesn't help
identify the problem.
http://msdn.microsoft.com/en-us/library/ms973913.aspx#rfacomwalk_topic6
Also, if possible, tell us the file names and contents of the manifest files you use.

Related

System Error &H80004015 (-2147467243). The class is configured to run as a security id different from the caller

When try to debug the VB dll Using Visual Studio 6.0 , I am getting the the following error. Can you any one tell me what needs to be done for this?
System Error &H80004015 (-2147467243).
The class is configured to run as a
security id different from the caller
I have had the same problem.
Created a few ActiveX DLLs and put the binaries into a COM+ Application, which runs under a specific account (not mine). Then I use these components inside ASP script pages using Server.CreateObject().
If I load the source code into VB for debugging and try to run it ("Start with Full Compile") I get this error message.
The cause of this is that the account registered in the COM+ Application differs from my own account from which I try to run.
Solution for this particular case is to Shutdown the COM+ Application and remove the components. When finished debugging, compile the set of DLLs and put them back to the COM+ application.
Hope someone is helped by this :-)
My solution was to unreference the dll in the Visual Basic project (Project Menu -> References), close the dialog box and reference it once again. I ran the project and everything is working again. I did not have to edit the windows registry.
There's a knowledge base article that seems to apply to your situation:
PRB: System Error Message "&H80004015" When You Run ActiveX DLL in Visual Basic IDE
Cause: When Visual Basic runs an ActiveX DLL from the IDE, it calls the CoRegisterClassObject application programming interface (API) to temporarily register the server. This creates the AppId and specifies it to run in the Interactive User context.
This problem occurs because of a bug in the Microsoft OLE Libraries 4.0, which are included with the Microsoft Platform Software Development Kit (SDK). CoRegisterClassObject fails with the error message that is listed in the "Symptoms" section of this article under the following conditions:
If the ActiveX server that calls the API is set to run by using the Interactive User identity.
-and-
The string that is associated with the following registry key contains any value other than a single valid executable name for the shell process:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell=
Under Microsoft Windows 2000, this error occurs when the Certification Authority service does not start.
Resolution: Make sure that the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell= registry key contains a single valid executable name for the shell process.
To resolve this problem under Windows 2000, you can install the "Client for Microsoft Network" component and then reboot.

"No printers are installed." problem when using excel 2003 interop sheet.PageSetup through a WCF service

We have a WCF service that generates an Excel file off of a template and feeds it back to the client in a byte array. For some reason, we are getting an error when we try to do this:
sheet.PageSetup.CenterHeader = sheet.PageSetup.CenterHeader.Replace("[customerName]", customerName).Replace("[dateTime]", date.ToShortDateString());
When it hits this line, we get this error message:
No printers are installed. To install a printer:
In Microsoft Windows 2000, click Start, point to Settings, and then click Printers. Double-click Add Printer.
In Microsoft Windows XP, click Start, and then click Printers and Faxes. Under Printer Tasks, click Add a printer.
Follow the instructions in the wizard.
The service runs under the LocalSystem account. When we first deployed this service, it was to an x64 machine and had the same issue. Our dev environment is x86 so we moved the service to another server that was x86 and it worked fine for a while. It recently stopped working and is now giving us this error message again. I am pretty sure it was becuase of a mass windows update that was done on the app server recently.
Funny thing is, I tried changing the service to "allow interaction with the desktop" and it didn't work, but when our sysadmin did that same thing, it worked for one file generation but is not working now.
There are printers installed on the machine, both on domain accounts and local accounts. I've also tried running the service under a different account, but then I wasn't able to connect to the service due to some SSPI error. We tried using the Network Service account but then the app couldn't see the service at all. We've restarted the service after each change also to no avail.
What I do know about the "PageSetup" part of the sheet object is that it needs to have a printer installed to access it at all, even if you aren't printing. I was unable to figure out a way to trick the machine into thinking the LocalSystem account has a printer installed.
We figured out the problem, I had my config file still pointed at the x64 server :(
As to why it won't work on x64 (to my knowledge) - since office 2003 is x86, it needs an x86 print spooler in order to work correctly. I don't know of any way to get an x86 print spooler on an x64 OS so we just stuck it on the x86 server.

Permissions issue when publishing to WMI under network service account

I'm adding WMI publishing to a .net framework 3.5 based windows service that is running under the 'network service' account.
According to a document I came across on MSDN, the 'network service' account should by default have WMI publishing permissions. ("By default, the following users and groups are allowed to publish data and events: ... Network Service, ...")
However, when the service calls Instrumentation.Publish(myStatusClassInstance), it throws a DirectoryNotFoundException;
System.IO.DirectoryNotFoundException was unhandled
Message: Could not find a part of the path 'C:\Windows\system32\WBEM\Framework\root\MyWMINamespace\MyService_SN__Version_1.0.3686.26280.cs'.
..so it looks like System.Management.Instrumentation tries to generate code on the fly, and when running under network service it targets a directory where network service has no permissions.
What is the best fix/workaround for this? Can I override the code-gen target dir in app.config or in code? I don't want to have to fiddle around with file system permissions when deploying the service...
Update: I think this is a 'feature' where older FX code clashes with newer security settings in Win7. Internally the WMI managed classes retrieves the WMI installation directory from registry, and uses that as the output path for generated code. Unfortunately a lot of users are not allowed to (or supposed to) write stuff under %SystemRoot%... ...I filed a connect bug (#530392) to see if MSFT can bring any clarity and/or provide a fix or workaround.
Update 2: I'm guessing that for normal user accounts this is not an issue, because UAC virtualization will kick in and store the files elsewhere. However, apparently the 'network service' account is not covered by UAC virtualization..(?)
Update 3: Added 550pt bounty. Simple constraints: .net framework 3.5 based windows service, running as network service, need to be able to publish data through WMI using System.Management.Instrumentation on Win7 and Win2008[RTM & R2] with default permissions/security settings and without resorting to modifying framework internal/private members using reflection. 'Out-of-the-box' but clean solutions welcome. Will open a second related bounty-Q as a placeholder for another 550pt if SO allows.
Bounty update: I intend to double the bounty for this Q through a second hand-in-hand question that will serve as a bounty placeholder:
https://stackoverflow.com/questions/2208341/bounty-placeholder ( <-- Apparently this was not allowed, so the bounty placeholder question got closed by the SO etiquette police.)
Update 4: This gets better and better. I noticed that installutil was writing the missing files to c:\windows\syswow64...etc..., so I realized that I was using the 32-bit version of installutil to install the service, but the service was running as a 64-bit process. The obvious side effect was that code generated when installutil was running ended up under syswow64 (the 32-bit system directory), while the service was looking for it under the 64-bit system directory (system32). (<-- off topic, but I really like how MSFT managed to switch around the names there... :) ).
So I tried installing the service with the 64-bit version of installutil. That failed miserably with permission errors in the %sysroot%\wbem\framework...etc... path. Next I recompiled the service as x86 and registered it again using the 32-bit version of installutil. That resulted in an entirely new exception:
System.Exception: The code generated for the instrumented assembly failed to compile.
at System.Management.Instrumentation.InstrumentedAssembly..ctor(Assembly assembly, SchemaNaming naming)
at System.Management.Instrumentation.Instrumentation.Initialize(Assembly assembly)
at System.Management.Instrumentation.Instrumentation.GetInstrumentedAssembly(Assembly assembly)
at System.Management.Instrumentation.Instrumentation.GetPublishFunction(Type type)
at System.Management.Instrumentation.Instrumentation.Publish(Object instanceData)
at SomeService.InstanceClass.PublishApp(String name) in e:\work\clientname\SomeService\SomeService\WMIProvider.cs:line 44
at SomeService.SomeServiceService..ctor() in e:\work\clientname\SomeService\SomeService\SomeServiceService.cs:line 26
at SomeService.Program.Main() in e:\work\clientname\SomeService\SomeService\Program.cs:line 17
...getting closer...
I believe the problem is not with publishing data, but with registering that type in WMI for the first time.
If you examine the System.Management.Instrumentation code in reflector, or some other disassembler, you'll see that wen the assembly that is about to publish hasn't been registered, then the code will try to register the assembly and save the assembly info in a specially named sub directory under the WBEM installation folder.
I suspect that if you run code to publish the WMI data as an administrator first, it would register the assembly and then the Network Service account would have the permissions to do the normal publishing.
Have you inspected your assembly with the installutil? That should give you a log of the installation issues. (But since you can't run it as the Network Service account, it might not show the problem you're having.)
Also, are you sure this service must be run under the Network Service account?
Because of the vulnerability risk in running Windows services in privileged accounts, Microsoft has made these special service accounts with some limitations, which were strengthened in Vista and Win7. Since Vista, Microsoft has limited the number of services running under this account in favor of less-privileged ones (see this article). The Network Service account (aka "NT AUTHORITY\NETWORK SERVICE") can access the network (acting as the local machine account PCNAME$), but it has reduced rights on the local machine (unlike the Local System account).
Have you checked the WMI security permissions for the branch your assembly is using? Run wmimgmt.msc and dig in... When I did a quick check of some random branches, I could see that the Network Service account did not have write rights.
Lastly, I would suggest using Sysinternals' ProcMon, which would allow you to filter to just that process and see if there are any Access Denied errors in file or registry settings. This tool has solved many problems for me over the years.
Not sure if you raised it or someone else but please have a look:
http://connect.microsoft.com/VisualStudio/feedback/details/530392/wmi-publishing-fails-on-permission-error-please-provide-a-way-to-override-codepath-in-system-management-instrumentation-schemanaming-in-app-config-web-config
This may help you to understand the root cause of the issue better

ServerObject aspImage in Win 2008 64-bit

Does anybody have any experience/ knowledge in installing the aspImage.dll on a 64-bit Windows 2008 platform?
I have a Classic ASP site that uses this component and would badly need to get the dll running. I have tried checking support documents for these to no avail.
Would really do appreciate your response.
Thank you!
Exactly the same problem migrating from server 2003 iis6 to server 2008 iis7 64 bit. Creating a new com+ application solved the problem.
I created the application I named aspimage using the com+ wizard as a server app, used local service for permissions, left default creator owner role alone, added users everyone and authenticated. After the folders were created, I added a component using the wizard. Already registered component, (assumes regsvr32 %systemroot%\syswow64\aspimage.dll ) and selected the check boxes 32 bit registry and details to ensure selection of the correct dll. Finish and the process worked. I hope this helps someone.
In general if you want to use a 32-bit COM object on a 64-bit machine you'll want to register the COM object use the regsvr32 executable located in the Windows\SysWOW64 folder. In IIS you'll want to go to the application pool advanced settings and select true for the Enable 32-bit Applications setting.
I know this is old, but I had similar problems this week:
To answer the question about registering, yes, you still have to run their registration tool and enter your license key. If using UAC, remember that both the regsvr32 and the aspimage's registration app must be run "as administrator".
I have managed to have the ServerObject aspImage.dll component run in a Windows 2008 64-bit platform server by creating a COM+ Application and using the aspImage.dll as a COM+ component.
I've also learned that any 32-bit components used in IIS that will be run in a 64-bt server needs to go through this process too.
For more details on delving on COM+ components and apps, please refer to this link: http://technet.microsoft.com/en-us/library/cc725986.aspx
Hope this helps!

Mysterious verifier.dll

While debugging the crash on customer's machine we noticed that our application runs under verifier.dll. e.g each thread stack starts with verifier.dll and every system function is intercepted with verifier.dll stub.
Common sense and running Google search for "verifier.dll" clearly indicates that this dll belongs to Application Verifier tool provided by Microsoft. However the stunning fact is that Application Verifier not even installed on customer's machine (appverif.exe not found on client's machine neither c:\Program Files\Application Verifier directory),.
What else could cause the program to run in such mode.
Application Verifier is a debugging feature of the operating system, so it is always there. It can be configured by modifying the registry even if you haven't got the Application Verifier tool installed on the system.
This article on MSDN gives details of the registry settings that control the debugging features of the operating system. It might be that someone or something has enabled application verifier on the system that you are seeing the exception on. If it isn't specifically enabled for your process it might have been enabled system wide.
Sounds like a virus scanner type thingy. However I suggest you use process explorer to look at the dll and where it's loaded from and and other such info.

Resources