Any ideas, the WMI example works perfectly on Win2K3 x86 however no luck on Win2K8.
Executing the WMI example locally on the Win2K8 machine itself also does not seem to work. Still getting access denied error even after logging into the box.
Any ideas? Is Win2K8 x64 supported? Has anyone else got it working?
Regards
Rohit
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Vista,2k8 server, and 7 are all slightly different than previous systems. You must ensure that the setup described in DCOM config (another thread on this forum) is proper. There is a group policy object that you can deploy on the 2k8 server called "Remote management" (I'm pretty sure). This will allow local subnet on a private network to request via RPC. Also, you need to ensure that the "Remote registry" service is started.
Also, if you are making requests from an IP that is not on the local subnet of the 2k8 server, you will have to add an additional parameter to the RPC (remote management) firewall rule to allow your IP.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the response. I'm glad that there is a solution out there.
Searched on the forum and went through several posts but couldnt figure it out. I have full access to a Win2K8 box with full admin rights. However, I dont think I have such extreme knowledge of group policies, registry keys, etc.
Would you/anyone be willing to dumb it down a bit to help me out :)
Thanks much
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Would this be Win2k8 R2 by any chance? If it is so, then read on……From my experience using WMI, I have never been able to make it work with Win2k8 R2. Win2k8 R2 has enhanced security to a great extent with the introduction of Windows Resource Protection (WRP) so that the registry keys that need to be updated to enable remote WMI access (WBEM Scripting Locator) are locked down and can only be accessed by a Trusted Installer.
"Permission for full access to modify WRP-protected resources on Windows Vista and Windows Server 2008 is restricted to TrustedInstaller with the Windows Modules Installer service using the following mechanisms:
* Windows Service Packs installed by TrustedInstaller.
* Hotfixes installed by TrustedInstaller.
* Operating system upgrades installed by TrustedInstaller.
* Windows Update installed by TrustedInstaller.
"
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes this is infact win2k8 R2. See the attached exception/error. Is there any work/around?
There are two snippets attached:
1. Executed locally on the Win2K8R2 Box
2. Executed remotely from a WinXP Box
**********
LOCAL EXECUTION:
C:\j-Interop\examples\MSWMI>hostname
WIN2K8R2SRVR
C:\j-Interop\examples\MSWMI>Execute.bat WIN2K8R2SRVR NORTHAMERICA rohit mypass
org.jinterop.dcom.common.JIException: Access is denied, please check whether the
are correct. Also, if not already done please check
the GETTING STARTED and FAQ sections in readme.htm. They provide information on
how to correctly configure the Windows machine for DCOM access, so as to avoid s
uch exceptions.
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:310)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:510)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:414)
at org.jinterop.dcom.test.MSWMI.<init>(MSWMI.java:38)
at org.jinterop.dcom.test.MSWMI.main(MSWMI.java:145)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied, please
check whether the are correct. Also, if not already
done please check the GETTING STARTED and FAQ sections in readme.htm. They provi
de information on how to correctly configure the Windows machine for DCOM access
, so as to avoid such exceptions.
at org.jinterop.winreg.IJIWinReg$createKey.read(IJIWinReg.java:459)
at ndr.NdrObject.decode(NdrObject.java:36)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:1
37)
at rpc.Stub.call(Stub.java:113)
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:304)
… 4 more
C:\j-Interop\examples\MSWMI>Execute.bat WIN2K8R2SRVR NORTHAMERICA rohit mypass
org.jinterop.dcom.common.JIException: Access is denied, please check whether the
are correct. Also, if not already done please check
the GETTING STARTED and FAQ sections in readme.htm. They provide information on
how to correctly configure the Windows machine for DCOM access, so as to avoid s
uch exceptions.
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:310)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:510)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:414)
at org.jinterop.dcom.test.MSWMI.<init>(MSWMI.java:38)
at org.jinterop.dcom.test.MSWMI.main(MSWMI.java:145)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied, please
check whether the are correct. Also, if not already
done please check the GETTING STARTED and FAQ sections in readme.htm. They provi
de information on how to correctly configure the Windows machine for DCOM access
, so as to avoid such exceptions.
at org.jinterop.winreg.IJIWinReg$createKey.read(IJIWinReg.java:459)
at ndr.NdrObject.decode(NdrObject.java:36)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:1
37)
at rpc.Stub.call(Stub.java:113)
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:304)
… 4 more
C:\j-Interop\examples\MSWMI>
Additional Notes:
- All firewalls have been turned off
- Already followed the Getting Started and FAQs section
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For the sake of experiment, try the suggested ways in FAQ (i think A(6)) and create the registry key yourself. Then use the CLSID instead of the ProgID. If it works then we can see how to tackle Windows Registry.
best regards,
Vikram
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I haven't found a work-around for R2 yet. Note that this is not a problem with *every* COM application you would want to get remot access to. It is just that Microsoft have decided to add additional security for WMI to disable remote intrusion and attacks.
Hopefully you can find something I have missed. If you do, please let us all know.
Good luck,
Satwik.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No luck so far. Though I am willing to pay a little bit for a solution. Especially since I only care about the WMI aspect (not the rest of the functionality). The commercial solutions out there cost way too much.
Anyone have any ideas?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, here is a workaround. It's not especially pretty, but it works. Verified on Server 2008 R2 Standard.
You have to change the permissions of HKEY_CLASSES_ROOT\CLSID\{YOUR-CLSID}
YOUR-CLSID needs to be replaced with the CLSID of your needed DCOM component. In my case, the WBEM Scripting Locator:
76a64158-cb41-11d1-8b02-00600806d9b6
Fire up regedit and navigate to the key, right-click and open Permissions dialog, go to Advanced, choose Owner tab, and change owner to Administrator. Now you can give Full Access permissions to the account you want to use to connect via DCOM/j-interop.
Works for me…
Cheers,
Stephan
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Any ideas, the WMI example works perfectly on Win2K3 x86 however no luck on Win2K8.
Executing the WMI example locally on the Win2K8 machine itself also does not seem to work. Still getting access denied error even after logging into the box.
Any ideas? Is Win2K8 x64 supported? Has anyone else got it working?
Regards
Rohit
Vista,2k8 server, and 7 are all slightly different than previous systems. You must ensure that the setup described in DCOM config (another thread on this forum) is proper. There is a group policy object that you can deploy on the 2k8 server called "Remote management" (I'm pretty sure). This will allow local subnet on a private network to request via RPC. Also, you need to ensure that the "Remote registry" service is started.
Also, if you are making requests from an IP that is not on the local subnet of the 2k8 server, you will have to add an additional parameter to the RPC (remote management) firewall rule to allow your IP.
Thanks for the response. I'm glad that there is a solution out there.
Searched on the forum and went through several posts but couldnt figure it out. I have full access to a Win2K8 box with full admin rights. However, I dont think I have such extreme knowledge of group policies, registry keys, etc.
Would you/anyone be willing to dumb it down a bit to help me out :)
Thanks much
Hi ,
What exception are you getting ? Please show us the stacktrace.
thanks,
best regards,
Vikram
Would this be Win2k8 R2 by any chance? If it is so, then read on……From my experience using WMI, I have never been able to make it work with Win2k8 R2. Win2k8 R2 has enhanced security to a great extent with the introduction of Windows Resource Protection (WRP) so that the registry keys that need to be updated to enable remote WMI access (WBEM Scripting Locator) are locked down and can only be accessed by a Trusted Installer.
See - http://msdn.microsoft.com/en-us/library/aa382540%28VS.85%29.aspx
"Permission for full access to modify WRP-protected resources on Windows Vista and Windows Server 2008 is restricted to TrustedInstaller with the Windows Modules Installer service using the following mechanisms:
* Windows Service Packs installed by TrustedInstaller.
* Hotfixes installed by TrustedInstaller.
* Operating system upgrades installed by TrustedInstaller.
* Windows Update installed by TrustedInstaller.
"
Yes this is infact win2k8 R2. See the attached exception/error. Is there any work/around?
There are two snippets attached:
1. Executed locally on the Win2K8R2 Box
2. Executed remotely from a WinXP Box
**********
LOCAL EXECUTION:
C:\j-Interop\examples\MSWMI>hostname
WIN2K8R2SRVR
C:\j-Interop\examples\MSWMI>Execute.bat WIN2K8R2SRVR NORTHAMERICA rohit mypass
org.jinterop.dcom.common.JIException: Access is denied, please check whether the
are correct. Also, if not already done please check
the GETTING STARTED and FAQ sections in readme.htm. They provide information on
how to correctly configure the Windows machine for DCOM access, so as to avoid s
uch exceptions.
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:310)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:510)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:414)
at org.jinterop.dcom.test.MSWMI.<init>(MSWMI.java:38)
at org.jinterop.dcom.test.MSWMI.main(MSWMI.java:145)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied, please
check whether the are correct. Also, if not already
done please check the GETTING STARTED and FAQ sections in readme.htm. They provi
de information on how to correctly configure the Windows machine for DCOM access
, so as to avoid such exceptions.
at org.jinterop.winreg.IJIWinReg$createKey.read(IJIWinReg.java:459)
at ndr.NdrObject.decode(NdrObject.java:36)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:1
37)
at rpc.Stub.call(Stub.java:113)
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:304)
… 4 more
C:\j-Interop\examples\MSWMI>
**********
REMOTE EXECUTION:
C:\j-Interop\examples\MSWMI>hostname
REMOTEWINXPHOST1
C:\j-Interop\examples\MSWMI>Execute.bat WIN2K8R2SRVR NORTHAMERICA rohit mypass
org.jinterop.dcom.common.JIException: Access is denied, please check whether the
are correct. Also, if not already done please check
the GETTING STARTED and FAQ sections in readme.htm. They provide information on
how to correctly configure the Windows machine for DCOM access, so as to avoid s
uch exceptions.
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:310)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:510)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:414)
at org.jinterop.dcom.test.MSWMI.<init>(MSWMI.java:38)
at org.jinterop.dcom.test.MSWMI.main(MSWMI.java:145)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied, please
check whether the are correct. Also, if not already
done please check the GETTING STARTED and FAQ sections in readme.htm. They provi
de information on how to correctly configure the Windows machine for DCOM access
, so as to avoid such exceptions.
at org.jinterop.winreg.IJIWinReg$createKey.read(IJIWinReg.java:459)
at ndr.NdrObject.decode(NdrObject.java:36)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:1
37)
at rpc.Stub.call(Stub.java:113)
at org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.ja
va:304)
… 4 more
C:\j-Interop\examples\MSWMI>
Additional Notes:
- All firewalls have been turned off
- Already followed the Getting Started and FAQs section
For the sake of experiment, try the suggested ways in FAQ (i think A(6)) and create the registry key yourself. Then use the CLSID instead of the ProgID. If it works then we can see how to tackle Windows Registry.
best regards,
Vikram
Rohit,
I haven't found a work-around for R2 yet. Note that this is not a problem with *every* COM application you would want to get remot access to. It is just that Microsoft have decided to add additional security for WMI to disable remote intrusion and attacks.
Hopefully you can find something I have missed. If you do, please let us all know.
Good luck,
Satwik.
Any luck finding a solution yet? I ran into the same problem here…
Regards,
Stephan
No luck so far. Though I am willing to pay a little bit for a solution. Especially since I only care about the WMI aspect (not the rest of the functionality). The commercial solutions out there cost way too much.
Anyone have any ideas?
Ok, here is a workaround. It's not especially pretty, but it works. Verified on Server 2008 R2 Standard.
You have to change the permissions of HKEY_CLASSES_ROOT\CLSID\{YOUR-CLSID}
YOUR-CLSID needs to be replaced with the CLSID of your needed DCOM component. In my case, the WBEM Scripting Locator:
76a64158-cb41-11d1-8b02-00600806d9b6
Fire up regedit and navigate to the key, right-click and open Permissions dialog, go to Advanced, choose Owner tab, and change owner to Administrator. Now you can give Full Access permissions to the account you want to use to connect via DCOM/j-interop.
Works for me…
Cheers,
Stephan
Hi,
Thanks to Stepjan ; great job !!
I'm not expert in CLSID ,, could you precise what means in "HKEY_CLASSES_ROOT\CLSID\{YOUR-CLSID}" the YOUR-CLSID field ?
How to get it on my system ?
Thanks for help.
Regards,
jribeauv
Hi,
Understood what you mean by "Your-CLSID" .
Is the CLSID "Wbem Scripting Locator" the one I've to modifiy to be able to acces remotely WMI dats by using j-interop code sample as PrintInstances ?
Thx
regards,
jribeauv
Hi,
PrintInstances ( other code samples included there) are got from :
http://www.vijaykandy.com/wp-content/uploads/2009/09/WMI.zip
regards,
jribeauv