I am trying to use PrincipalContext to check if a local user group exists on a remote computer.
I am having problems with PrincipalContext:
PrincipalContext ctx = new PrincipalContext(ContextType.Machine, machine, null, ContextOptions.Negotiate)
It works in such scenarios:
local to local machine
local to virtual machine
domain machine to workgroup machine
However it doesn't work in opposite direction:
virtual machine to local host
workgroup machine to domain machine
I am getting these errors:
Unhandled Exception: System.IO.FileNotFoundException: The network path was not found.
Unhandled Exception: System.Runtime.InteropServices.COMException: The network path was not found.
The first exception is for virtual machine, second for workgroup machine.
All machines have user with the same name and password and the code was executed from that user.
How to solve this issue?
I found the answer. It looks that DirectoryServices doesn't work on remote Windows 7 or newer.
I guess when a computer is in a workgroup then it is local and we can connect and when it is in a domain then it is remote.
I followed steps described here:
System.IO.FileNotFoundException: The network path was not found. Exception while using DirectoryEntry object on windows 7
and here:
http://www.peppercrew.nl/index.php/2011/09/connect-to-remote-registry-fails-with-an-error-is-preventing-this-key-from-being-opened/
Enable File and Print sharing in the Firewall
Start the Remote Registry Service
Add remote user access to this registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
However I can't change services and registry settings on production servers. I found such way to get group:
var server = new DirectoryEntry(string.Format("WinNT://{0},Computer", machine));
DirectoryEntry group = server.Children.Cast<DirectoryEntry>().Where(
d => d.SchemaClassName.Equals("Group") && d.Name.Equals("Administrators")
).Single<DirectoryEntry>();
Related
I use this link to Enrol new Certificate.
When the Windows is lock or logged in everything works fine and create request and install it properly.
Running the code as Windows Service, so when I restart the machine, and service is starting cannot create request and get the error the following line:
objPrivateKey.Create();
And the error is:
System.IO.FileNotFoundException: CertEnroll::CX509PrivateKey::Create: The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
at CERTENROLLLib.IX509PrivateKey2.Create()
Any idea how can I fix this issue? Thanks
Running on Windows Server 2012 R2 Standard, with IIS 8.5.9600
In C#, after setting up a site, I'm retrieving the DefaultAppPool from the site.
Upon retrieval of the pool, the following properties have exceptions on them:
appPool.State:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
appPool.WorkerProcesses
at Microsoft.Web.Administration.Interop.IAppHostElement.get_Collection()
at Microsoft.Web.Administration.ConfigurationElement.GetCollection(String collectionName, Type collectionType)
at Microsoft.Web.Administration.ApplicationPool.get_WorkerProcesses()
So I cannot call
AppPool.Recycle()
It throws this exception:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at Microsoft.Web.Administration.Interop.IAppHostMethodInstance.Execute()
at Microsoft.Web.Administration.ConfigurationMethodInstance.Execute()
at Microsoft.Web.Administration.ConfigurationElement.ExecuteMethod(String methodName)
at Microsoft.Web.Administration.ApplicationPool.Stop()
at EBI.Core.Common.WebHelper.IISHelper.AddApplicationIis7(String serverName, String applicationPool, String siteName, String applicationPath, String virtualDirectoryPath, String physicalPath, String defaultPage, Int32 deploymentType, String siteUrl)
Online research says to add high privileges to this folder:
C:\Windows\System32\inetsrv\config
So I have increasingly added the following:
SYSTEM
Administrators
IIS_IUSRS
INTERACTIVE
NETWORK
SERVICE
DefaultAppPool
NETWORK SERVICE
CREATOR OWNER
IUSR
BUT STILL SAME ERRORS.
It's probably a bad idea to add all those rights to that folder, so perhaps there is something else I might be missing, but I cannot find what it is. Any ideas?
Thanks for any help!
Whether you are trying to access the app-pool from any console application or windows service? If so then the console application or windows service should be executed with a username which has admin rights on the server. The username should also be part of IIS_WPG group. May be I have got your question totally wrong.
If using c# code and deploying to IIS Server then running AppPool.Recycle() can generate 'Access is denied' error.
Visit the application pool you are running the c# code under, and go to advanced Settings -> Identity and change the Identity to 'Administrator' or some user with Admin rights.
I'm trying to create a new directory tree on a network path.
The share is located at \\192.168.5.193\FileContext and has Everyone full access permissions.
This piece of code:
DirectoryInfo directoryInfo = Directory.
CreateDirectory(#"\\192.168.5.193\FileContext\FileContext_Root\General\Test");
gives me:
An exception of type 'System.IO.IOException' occurred in mscorlib.dll
but was not handled in user code
Additional information: Logon failure: unknown user name or bad password.
If I try to open the same address with Windows Explorer, it opens up without password requirements.
The CreateDirectory() documentation states it should accept UNC paths:
You can create a directory on a remote computer, on a share that you have write access to. UNC paths are supported; for example, you can specify the following for path: \2009\Archives\December in Visual Basic, and \\2009\Archives\December in C#.
It also states that IOExceptions could came from:
The directory specified by path is a file .
-or-
The network name is not known.
https://msdn.microsoft.com/en-us/library/vstudio/54a0at6s(v=vs.100).aspx
How can I resolve?
Starting from #JamesThorpe comment:
Everyone isn't Everyone
I came to the solution, just by adding the remote computer to the company domain.
With this action, it's not even necessary to add local computer's NETWORK SERVICE to remote folder's permissions.
I am trying to add site binding programmatically. Here is my code:
using (ServerManager manager = ServerManager.OpenRemote("serverName"))
{
manager.Sites["siteName"].Bindings.Add(string.Format("*:{1}:{0}.localhost", clientCode, port), "http");
manager.CommitChanges();
}
I am getting the following Error. How do I get around this?
UnAuthorizedException: Retrieving the COM class factory for remote component with CLSID {} from machine failed due to the following error: 80070005
The account runs the code must be the administrator of the remote machine and also the DCOM related ports on the remote machine must be opened at firewall.
I have a windows service written in C# running on Windows Server 2012. The service is running as a domain user with permissions on the local machine and NTFS permissions to shared network resources
can access shared files and directories in Windows Explorer when logged on as this user
I reboot the server, the file system calls succeed at first. Then after some amount of time, or after accesses to the same file path from that computer, the programmatic calls will start to fail and will never spontaneously succeed again. Rebooting the server fixes the issue for a very short while.
I referred
Windows service cannot access UNC path
I am facing the same issue as in the above link. But the network share is between Windows server 2012 R2 and another server with same OS.
Exception stack trace :
MESSAGE:
An unexpected network error occurred.
STACK TRACE:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileSystemEnumerableIterator1.MoveNext()
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source)
Can anypne please help?