SourceForge has been redesigned. Learn more.
Close

J-Interop is not working from CentOS

jpraman
2012-12-04
2015-10-26
  • jpraman

    jpraman - 2012-12-04

    Hi All,

    I am new to j-interop.  want to do windows discovery through wmi,
    

    So as j-interop has been written in entirely pure java, we planned to take j-interop as the
    solution. But when I tried to execute j-interop from CentOs machine I have seen It was
    failed to connect , it produced an error as follows:

    org.jinterop.dcom.common.JIException: Message not found for errorCode: 0xC0000001
    at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKLM
    (JIWinRegStub.java:102)
    at org.jinterop.dcom.core.JIProgId.getIdFromWinReg(JIProgId.java:122)
    at org.jinterop.dcom.core.JIProgId.getCorrespondingCLSID(JIProgId.java:154)
    at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:395)
    at SimpleServiceManager.manageService(SimpleServiceManager.java:104)
    at SimpleServiceManager.stop(SimpleServiceManager.java:74)
    at SimpleServiceManager.main(SimpleServiceManager.java:48)
    Caused by: jcifs.smb.SmbException: Connection timeout
    jcifs.util.transport.TransportException: Connection timeout
    at jcifs.util.transport.Transport.connect(Transport.java:178)
    at jcifs.smb.SmbTransport.connect(SmbTransport.java:290)
    at jcifs.smb.SmbTree.treeConnect(SmbTree.java:139)
    at jcifs.smb.SmbFile.doConnect(SmbFile.java:847)
    at jcifs.smb.SmbFile.connect(SmbFile.java:890)
    at jcifs.smb.SmbFile.connect0(SmbFile.java:816)
    at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:73)
    at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:62)
    at jcifs.smb.SmbFile.getInputStream(SmbFile.java:2765)
    at rpc.ncacn_np.RpcTransport.attach(RpcTransport.java:90)
    at rpc.Stub.attach(Stub.java:105)
    at rpc.Stub.call(Stub.java:109)
    at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKLM
    (JIWinRegStub.java:100)
    at org.jinterop.dcom.core.JIProgId.getIdFromWinReg(JIProgId.java:122)
    at org.jinterop.dcom.core.JIProgId.getCorrespondingCLSID(JIProgId.java:154)
    at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:395)
    at SimpleServiceManager.manageService(SimpleServiceManager.java:104)
    at SimpleServiceManager.stop(SimpleServiceManager.java:74)
    at SimpleServiceManager.main(SimpleServiceManager.java:48)

        at jcifs.smb.SmbTransport.connect(SmbTransport.java:292)
         at jcifs.smb.SmbTree.treeConnect(SmbTree.java:139)
         at jcifs.smb.SmbFile.doConnect(SmbFile.java:847)
         at jcifs.smb.SmbFile.connect(SmbFile.java:890)
         at jcifs.smb.SmbFile.connect0(SmbFile.java:816)
         at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:73)
         at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:62)
         at jcifs.smb.SmbFile.getInputStream(SmbFile.java:2765)
         at rpc.ncacn_np.RpcTransport.attach(RpcTransport.java:90)
         at rpc.Stub.attach(Stub.java:105)
         at rpc.Stub.call(Stub.java:109)
         at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKLM
    

    (JIWinRegStub.java:100)
    ... 6 more

    The same code is executed from windows and it is working fine. Please suggest me to
    get solve this issue.
    Regards,
    Jayan

     
  • Vikram Roopchand

    Hi,

    Can you please provide a couple of wireshark captures

    1. From Windows machine to this target machine
    2. From Centos machine to target machine

    thanks,
    best regards,
    Vikram

     
  • jpraman

    jpraman - 2012-12-06

    Hi Vikram,
    sorry for the delay in giving update to you.
    I got the same error while running from one windows machine also as follows,

    org.jinterop.dcom.common.JIException: Message not found for errorCode: 0xC000000
    1
    at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKLM(JIWinRegStub.jav
    a:102)
    at org.jinterop.dcom.core.JIProgId.getIdFromWinReg(JIProgId.java:122)
    at org.jinterop.dcom.core.JIProgId.getCorrespondingCLSID(JIProgId.java:1
    54)
    at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:395)
    at test.wipro.cisco.wmi.EventLogListener.getWmiLocator(EventLogListener.
    java:41)
    at test.wipro.cisco.wmi.EventLogListener.main(EventLogListener.java:90)
    Caused by: jcifs.smb.SmbException: Connection timeout
    jcifs.util.transport.TransportException: Connection timeout
    at jcifs.util.transport.Transport.connect(Transport.java:178)
    at jcifs.smb.SmbTransport.connect(SmbTransport.java:290)
    at jcifs.smb.SmbTree.treeConnect(SmbTree.java:139)
    at jcifs.smb.SmbFile.doConnect(SmbFile.java:847)
    at jcifs.smb.SmbFile.connect(SmbFile.java:890)
    at jcifs.smb.SmbFile.connect0(SmbFile.java:816)
    at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:73)
    at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:62)
    at jcifs.smb.SmbFile.getInputStream(SmbFile.java:2765)
    at rpc.ncacn_np.RpcTransport.attach(RpcTransport.java:90)
    at rpc.Stub.attach(Stub.java:105)
    at rpc.Stub.call(Stub.java:109)
    at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKLM(JIWinRegStub.jav
    a:100)
    at org.jinterop.dcom.core.JIProgId.getIdFromWinReg(JIProgId.java:122)
    at org.jinterop.dcom.core.JIProgId.getCorrespondingCLSID(JIProgId.java:1
    54)
    at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:395)
    at test.wipro.cisco.wmi.EventLogListener.getWmiLocator(EventLogListener.
    java:41)
    at test.wipro.cisco.wmi.EventLogListener.main(EventLogListener.java:90)

        at jcifs.smb.SmbTransport.connect(SmbTransport.java:292)
        at jcifs.smb.SmbTree.treeConnect(SmbTree.java:139)
        at jcifs.smb.SmbFile.doConnect(SmbFile.java:847)
        at jcifs.smb.SmbFile.connect(SmbFile.java:890)
        at jcifs.smb.SmbFile.connect0(SmbFile.java:816)
        at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:73)
        at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:62)
        at jcifs.smb.SmbFile.getInputStream(SmbFile.java:2765)
        at rpc.ncacn_np.RpcTransport.attach(RpcTransport.java:90)
        at rpc.Stub.attach(Stub.java:105)
        at rpc.Stub.call(Stub.java:109)
        at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKLM(JIWinRegStub.jav
    

    a:100)
    ... 5 more

    I executes j-interop from virtual machines(both windows and Centos are virtual devices) and is from different domain.
    

    So is there any problem by running from virtual machine?
    I turned off the firewall as well for the target machine while running, even it produces the error
    As I got the same error from one windows machine , I conclude it is not related by platform difference.
    I hope it may be any config. issues

    configurations done on target windows system are as follows.
    a. remote registry started
    b. user credentials is having admin privilage with full controll

    I just want to know is anything extra to be configured on target system and anything to be configured for executing system.

    Regards,
    Jayan

     
  • jpraman

    jpraman - 2012-12-07

    Hi Vikram,

    I wrote a java program to execute wmi query through Runtime.getRuntime().exec and I passed an wmi query to access some info from remote device like "cmd /c wmic /node:" + host + " /user:"+ domain+"\"+user + " /password:" + pass + " process where "+"\"Name like '%"+appName+"%'\" get executablepath /format:list". It executed successfully and got the result.
    So I am thinking if any configuration issue or firewall issue or authentication issue this wmi execution should not work as I had given same user credentials, domain and hostname for both j-interop and wmi program(which executes through runtime).

    As you mentioned I have attached wireshark capture got from source machine and destination while executing j-interop(ip addresses are imaginary it is not real but maintained order(in source wireshark capture you can notice in green color in that actual case other ipaddress(not source or destination) came as source and actual source came like destination).

    Regards,

    Jayan

     
    Last edit: jpraman 2012-12-07
  • Vikram Roopchand

    Dear Jayan,

    Can you please execute WbemTest from a different Windows machine and target this COM Server ? Please make sure to keep Wireshark running over the target machine and post that capture here.

    thanks,
    best regards,
    Vikram

     
    • jpraman

      jpraman - 2012-12-10

      Hi Vikram,

      As you mentioned, I have attached wireshark capture here.

      ip addresses are not actual.
      source -111.11.111.11(target device)
      destination - 22.22.2.222(destination machine, where Wbem Test done)

      Regards,
      Jayan

       
  • jpraman

    jpraman - 2012-12-10

    Hi Vikram,

    Also I am adding the program that we have referenced to test j-interop, Please let me know if any thing mistake in that code as well.

    public class EventLogListener {

    private static final String WMI_DEFAULT_NAMESPACE = "ROOT\\CIMV2";
    
    private static JISession configAndConnectDCom(String domain, String user,
            String pass) throws Exception {
        JISystem.getLogger().setLevel(Level.OFF);
    
        try {
            JISystem.setInBuiltLogHandler(false);
        } catch (IOException ignored) {
            ;
        }
    
        JISystem.setAutoRegisteration(true);
    
        JISession dcomSession = JISession.createSession(domain, user, pass);
        dcomSession.useSessionSecurity(true);
        return dcomSession;
    }
    
    private static IJIDispatch getWmiLocator(String host, JISession dcomSession)
            throws Exception {
        JIComServer wbemLocatorComObj = new JIComServer(
                JIProgId.valueOf("WbemScripting.SWbemLocator"), host,
                dcomSession);
        return (IJIDispatch) JIObjectFactory.narrowObject(wbemLocatorComObj
                .createInstance().queryInterface(IJIDispatch.IID));
    }
    
    private static IJIDispatch toIDispatch(JIVariant comObjectAsVariant)
            throws JIException {
        return (IJIDispatch) JIObjectFactory.narrowObject(comObjectAsVariant
                .getObjectAsComObject());
    }
    
    public static void main(String[] args) {
        String domain = null;
        String host = null;
        String user = null;
        String pass = null;
        Properties properties = new Properties();
    
        try {
            URL propertiesURL = PerformanceMonitor.class
                    .getResource("/credentials.properties");
            if (propertiesURL != null) {
                properties.load(propertiesURL.openStream());
    
                domain = properties.getProperty("domain").trim();
                host = properties.getProperty("ipaddress").trim();
                user = properties.getProperty("username").trim();
                pass = properties.getProperty("password").trim();
    
            }
        } catch (IOException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }
    
        JISession dcomSession = null;
    
        try {
            // Connect to DCOM on the remote system, and create an instance of
            // the WbemScripting.SWbemLocator object to talk to WMI.
            dcomSession = configAndConnectDCom(domain, user, pass);
            IJIDispatch wbemLocator = getWmiLocator(host, dcomSession);
    
            // Invoke the "ConnectServer" method on the SWbemLocator object via
            // it's IDispatch COM pointer. We will connect to
            // the default ROOT\CIMV2 namespace. This will result in us having a
            // reference to a "SWbemServices" object.
            JIVariant results[] = wbemLocator.callMethodA(
                    "ConnectServer",
                    new Object[] { new JIString(host),
                            new JIString(WMI_DEFAULT_NAMESPACE),
                            JIVariant.OPTIONAL_PARAM(),
                            JIVariant.OPTIONAL_PARAM(),
                            JIVariant.OPTIONAL_PARAM(),
                            JIVariant.OPTIONAL_PARAM(), new Integer(0),
                            JIVariant.OPTIONAL_PARAM() });
    
            IJIDispatch wbemServices = toIDispatch(results[0]);
    
            // Now that we have a SWbemServices DCOM object reference, we
            // prepare a WMI Query Language (WQL) request to be informed
            // whenever a
            // new instance of the "Win32_NTLogEvent" WMI class is created on
            // the remote host. This is submitted to the remote host via the
            // "ExecNotificationQuery" method on SWbemServices. This gives us
            // all events as they come in. Refer to WQL documentation to
            // learn how to restrict the query if you want a narrower focus.
            final String QUERY_FOR_ALL_LOG_EVENTS = "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'";
            final int RETURN_IMMEDIATE = 16;
            final int FORWARD_ONLY = 32;
    
            JIVariant[] eventSourceSet = wbemServices.callMethodA(
                    "ExecNotificationQuery", new Object[] {
                            new JIString(QUERY_FOR_ALL_LOG_EVENTS),
                            new JIString("WQL"),
                            new JIVariant(new Integer(RETURN_IMMEDIATE
                                    + FORWARD_ONLY)) });
            IJIDispatch wbemEventSource = (IJIDispatch) JIObjectFactory
                    .narrowObject((eventSourceSet[0]).getObjectAsComObject());
    
            // The result of the query is a SWbemEventSource object. This object
            // exposes a method that we can call in a loop to retrieve the
            // next Windows Event Log entry whenever it is created. This
            // "NextEvent" operation will block until we are given an event.
            // Note that you can specify timeouts, see the Microsoft
            // documentation for more details.
            while (true) {
                // this blocks until an event log entry appears.
                JIVariant eventAsVariant = (JIVariant) (wbemEventSource
                        .callMethodA("NextEvent",
                                new Object[] { JIVariant.OPTIONAL_PARAM() }))[0];
                IJIDispatch wbemEvent = toIDispatch(eventAsVariant);
    
                // WMI gives us events as SWbemObject instances (a base class of
                // any WMI object). We know in our case we asked for a specific
                // object
                // type, so we will go ahead and invoke methods supported by
                // that Win32_NTLogEvent class via the wbemEvent IDispatch
                // pointer.
                // In this case, we simply call the "GetObjectText_" method that
                // returns us the entire object as a CIM formatted string. We
                // could,
                // however, ask the object for its property values via
                // wbemEvent.get("PropertyName"). See the j-interop
                // documentation and examples
                // for how to query COM properties.
                JIVariant objTextAsVariant = (JIVariant) (wbemEvent
                        .callMethodA("GetObjectText_",
                                new Object[] { new Integer(1) }))[0];
                String asText = objTextAsVariant.getObjectAsString()
                        .getString();
                System.out.println(asText);
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (null != dcomSession) {
                try {
                    JISession.destroySession(dcomSession);
                } catch (Exception ex) {
                    ex.printStackTrace();
                }
            }
        }
    }
    

    }

    Regards,
    Jayan

     
    Last edit: jpraman 2012-12-10
  • Vikram Roopchand

    Hi,

    I can't find any capture. Please send it to professional support address (v i k r a m.r o o p c h a n d @ j - i n t e r o p. o r g) but please keep using this forum for all follow ups.

    thanks,
    best regards,
    Vikram

     
  • jpraman

    jpraman - 2012-12-11

    Hi Vikram,

    I had sent to your professional support address. Ok I will keep for all follow upds.

    Regards,
    Jayan

     
  • Ankit Garg

    Ankit Garg - 2015-10-26

    Hi Vikram,

    I executed the same program. I am able to fetch the event logs from remote machine but it is very very slow. On my remote machine I have 2Lacs logs and when I am running the java code it is fetching 30-40 records per hour. Could you please let me know how can I fetch the records fast.

    Regards,
    Ankit

     

Log in to post a comment.