Since there is an issue of "access is denied…" for connecting to windows 2008 R2, I have been thinking if it's related to using the VB scripting API: SWbemScripting.SWbemLocator. I have looked at the MSDN and found a link which talks about different APIs for WMI access. One of them is COM API in C++. Here is the link,
I heard from my friend that there is HP software product: WMIMapper, which uses the COM API to have access to the WMI through DCOM. And they claimed that there is no "access is denied…" for Windows 2008 server R2. However, they built a middle layer in C++ between a client and WMI (local or remote).
I was wondering if I can use the COM API and create JICOMServer? I have tried something like,
session.useSessionSecurity(true);
session.setGlobalSocketTimeout(5000);
JIComserver comStub = new JIComServer(JIClsid.valueOf("4590F811-1D3A-11D0-891F-00AA004B2E24"), address, session); //WbemLocator
IJIComObject unknown = comStub.createInstance();
…
but creation of JIComServer failed with exception,
org.jinterop.dcom.common.JIException: Access is denied, please check whether the are correct. Also, if not already done please check the GETTING STARTED and FAQ sections in readme.htm. They provide information on how to correctly configure the Windows machine for DCOM access, so as to avoid such exceptions.
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.java:310)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:568)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:476)
I am not familiar with the C++ code, and don't know if it's the correct invocation.
Can any body help on this?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
if (FAILED(hr))
{
cout << "Failed to create IWbemLocator object. Err code = 0x"
<< hex << hr << endl;
CoUninitialize();
return hr; // Program has failed.
}
so in java it would be,
//coCreateInstance:
JIComserver comStub = new JIComServer(JIClsid.valueOf("4590F811-1D3A-11D0-891F-00AA004B2E24"), address, session); //WbemLocator
but the exception, "access is denied…" happened. The exception was thrown for any machine, including Vista, Win 2003, which worked for using SWbemLocator. Got totally confused.
By the way, I also used the wbemtest util tool and successfully made a connection to a windows 2008 R2 (64 bits). And the tool uses IWbemLocator. somebody said,
"When WMI connectivity thru the wbemtest utility fails, the connectivity from the product would always fail. I am yet to see an instance when wbemtest succeeds and our application fails to connect. It would be safe to ignore this scenario."
Vikramrc,
I was wondering if you can kindly give us an advice on this: in theory, can we use the COM API of WMI (C++) for j-interop to access the WMI?
Thanks in advance.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
The example code in c++ uses an Inproc server (basically a DLL). When a code goes inproc it essentially uses the security context of its parent process and hence is accorded the same level of trust. We on the other hand are OutProc (out of process) just like all DCOM examples. Whenever a process boundary is crossed you can assume DCOM to come into play. We get access denied as we have t prove that level of trust to the target computer or the process in question needs to be given sufficient permissions to be launched as a COM server or the account under which the process (Java) is running must have enough privileges to launch the target OM server.
As for your other question , yes it is possible to use W\MI Apis (access them via j-Interop) but as you have pointed out yourself this is a permission issue. If you can get a Native Out of Proc application to work and j-Interop fails then we can take it as a bug and research further. Please send us the wireshark packet capture of such a native application (wbemtest should be good against a non-local computer).
thanks,
best regards,
Vikram
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Vikram,
Thank you very much for the reply.
Sure I can send you the packet capture from wireshark. What's the email address I can send to?
Yes, wbemtest can make a connection to a windows 2008 R2 (64 bits) with no extra config. But it uses iWbemLocator rather than SWbemLocator. I cannot set wbemtest to use SWbemLocator. Like what you said, the COM API is an in-proc server, so it might not be comparable for j-interop.
I also tested com4j from java.net. com4j is a java app and is windows specific( that is, it can be deployed on the windows OS only). It uses the generated java stub classes for the WMI and invokes the dynamically created native lib (.dll) to connect to the remote WMI.
Like wbemtest, com4j can make the connection to the windows 2008 R2 (64 bits) without manual configurations. And I found that com4j uses the same VB scripting API (SwbemLocator). Thus it is comparable to what j-interop does. I can catch the traffic packets for both and send them to you.
I personally think that although com4j makes a RPC call from the native lib while j-interop makes a driect call from its java code (DefaultConnection.java?), they should send the exactly same request packets in byte to the WMI deep at the DCOM protcol layer, right? If there is a difference, then that's why one is successful while another fails. I really like j-interop's idea and hope I can make a successful call to the 2008 R2 with no settings on the remote WMI.
Thanks,
mikej1688
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Mike,
Please send the COM4J packets to "v i k r a m. r o o p c h a n d AT j-interop.org" . If the DLL of COM4J is not invoking WMI inproc then we should be able to figure it out.
thanks,
best regards,
Vikram
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Vikram,
I have sent both j-interop and com4j packets to you via email. the COM4j creates the java counterparts for the WMI VBscripting API. I think they use WbemScripting.SWbemLocator.
please let me know if you need more.
Thanks,
Mike
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since there is an issue of "access is denied…" for connecting to windows 2008 R2, I have been thinking if it's related to using the VB scripting API: SWbemScripting.SWbemLocator. I have looked at the MSDN and found a link which talks about different APIs for WMI access. One of them is COM API in C++. Here is the link,
http://msdn.microsoft.com/en-us/library/aa389276(v=VS.85).aspx
I heard from my friend that there is HP software product: WMIMapper, which uses the COM API to have access to the WMI through DCOM. And they claimed that there is no "access is denied…" for Windows 2008 server R2. However, they built a middle layer in C++ between a client and WMI (local or remote).
I was wondering if I can use the COM API and create JICOMServer? I have tried something like,
JISession session = JISession.createSession(args, args, args);
session.useSessionSecurity(true);
session.setGlobalSocketTimeout(5000);
JIComserver comStub = new JIComServer(JIClsid.valueOf("4590F811-1D3A-11D0-891F-00AA004B2E24"), address, session); //WbemLocator
IJIComObject unknown = comStub.createInstance();
…
but creation of JIComServer failed with exception,
org.jinterop.dcom.common.JIException: Access is denied, please check whether the are correct. Also, if not already done please check the GETTING STARTED and FAQ sections in readme.htm. They provide information on how to correctly configure the Windows machine for DCOM access, so as to avoid such exceptions.
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.java:310)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:568)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:476)
I am not familiar with the C++ code, and don't know if it's the correct invocation.
Can any body help on this?
Can any body answer my question? Here is the invocation of the IWbemLocator in C++,
IWbemLocator *pLoc = 0;
HRESULT hr;
hr = CoCreateInstance(CLSID_WbemLocator, 0,
CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &pLoc);
if (FAILED(hr))
{
cout << "Failed to create IWbemLocator object. Err code = 0x"
<< hex << hr << endl;
CoUninitialize();
return hr; // Program has failed.
}
so in java it would be,
//coCreateInstance:
JIComserver comStub = new JIComServer(JIClsid.valueOf("4590F811-1D3A-11D0-891F-00AA004B2E24"), address, session); //WbemLocator
but the exception, "access is denied…" happened. The exception was thrown for any machine, including Vista, Win 2003, which worked for using SWbemLocator. Got totally confused.
By the way, I also used the wbemtest util tool and successfully made a connection to a windows 2008 R2 (64 bits). And the tool uses IWbemLocator. somebody said,
"When WMI connectivity thru the wbemtest utility fails, the connectivity from the product would always fail. I am yet to see an instance when wbemtest succeeds and our application fails to connect. It would be safe to ignore this scenario."
Vikramrc,
I was wondering if you can kindly give us an advice on this: in theory, can we use the COM API of WMI (C++) for j-interop to access the WMI?
Thanks in advance.
Hi,
The example code in c++ uses an Inproc server (basically a DLL). When a code goes inproc it essentially uses the security context of its parent process and hence is accorded the same level of trust. We on the other hand are OutProc (out of process) just like all DCOM examples. Whenever a process boundary is crossed you can assume DCOM to come into play. We get access denied as we have t prove that level of trust to the target computer or the process in question needs to be given sufficient permissions to be launched as a COM server or the account under which the process (Java) is running must have enough privileges to launch the target OM server.
As for your other question , yes it is possible to use W\MI Apis (access them via j-Interop) but as you have pointed out yourself this is a permission issue. If you can get a Native Out of Proc application to work and j-Interop fails then we can take it as a bug and research further. Please send us the wireshark packet capture of such a native application (wbemtest should be good against a non-local computer).
thanks,
best regards,
Vikram
Vikram,
Thank you very much for the reply.
Sure I can send you the packet capture from wireshark. What's the email address I can send to?
Yes, wbemtest can make a connection to a windows 2008 R2 (64 bits) with no extra config. But it uses iWbemLocator rather than SWbemLocator. I cannot set wbemtest to use SWbemLocator. Like what you said, the COM API is an in-proc server, so it might not be comparable for j-interop.
I also tested com4j from java.net. com4j is a java app and is windows specific( that is, it can be deployed on the windows OS only). It uses the generated java stub classes for the WMI and invokes the dynamically created native lib (.dll) to connect to the remote WMI.
Like wbemtest, com4j can make the connection to the windows 2008 R2 (64 bits) without manual configurations. And I found that com4j uses the same VB scripting API (SwbemLocator). Thus it is comparable to what j-interop does. I can catch the traffic packets for both and send them to you.
I personally think that although com4j makes a RPC call from the native lib while j-interop makes a driect call from its java code (DefaultConnection.java?), they should send the exactly same request packets in byte to the WMI deep at the DCOM protcol layer, right? If there is a difference, then that's why one is successful while another fails. I really like j-interop's idea and hope I can make a successful call to the 2008 R2 with no settings on the remote WMI.
Thanks,
mikej1688
Hi Mike,
Please send the COM4J packets to "v i k r a m. r o o p c h a n d AT j-interop.org" . If the DLL of COM4J is not invoking WMI inproc then we should be able to figure it out.
thanks,
best regards,
Vikram
Vikram,
I have sent both j-interop and com4j packets to you via email. the COM4j creates the java counterparts for the WMI VBscripting API. I think they use WbemScripting.SWbemLocator.
please let me know if you need more.
Thanks,
Mike
Hi Mike,
Got it. Please give me a couple of days, just got back from vacations and have a lot to clear out.
thanks,
best regards,
Vikram