Why do I get E_ACCESSDENIED calling a COM+ method from a proxy?

Question

Sorry if this is a bit long whinded... consider this:

I have a COM+ application in a namespace called Company that exposes an object called Server which has the following methods:

bool Server.Execute(IOptions options)

IOptions Server.CreateOptions()

IOptions simply has a couple of boolean read/write properties as follows:

IOptions.Option1 (bool)

IOptions.Option2 (bool)

I create a client application with the following code:

Company.Server s = new Company.Server();

Company.IOptions serverOptions = s.CreateOptions();

serverOptions.Option1 = false;
serverOptions.Option2 = true;

s.Execute(serverOptions);

I install the COM+ application on machine A and then execute the client on machine A and all is well.

I then modify the client application so that it creates its own implementation of IOptions as follows:

public class ClientOptions : Company.IOptions
{
    public bool Option1 { get; set; }
    public bool Option2 { get; set; }
}

Company.Server s = new Company.Server();

ClientOptions clientOptions = new ClientOptions();

clientOptions.Option1 = false;
clientOptions.Option2 = true;

s.Execute(clientOptions);

Again, I execute the client application on machine A and all is well.

If I install the COM+ application on machine B as a proxy to machine A and then execute the client, I get an E_ACCESSDENIED error on the call to:

s.Execute(clientOptions);

Here's a summary of the code executing on machine B accessing machine A

Company.Server s = new Company.Server();

Company.Options serverOptions = s.CreateOptions()

serverOptions.Option1 = false;
serverOptions.Option2 = true;

s.Execute(serverOptions); // this is fine

ClientOptions clientOptions = new ClientOptions();

clientOptions.Option1 = false;
clientOptions.Option2 = true;

s.Execute(clientOptions); // this causes the error

To summarise, why can I implement my own IOptions and use it in the COM+ application when the client is on the same machine as the COM+ application but not when the client is accessing the COM+ application via a proxy on another machine?

It seems that if the IOptions was created by the server then it's fine, but if it's created by the client then it's not.

Any help would be greatly appreciated.

Thanks,

Carl.

Answer 1

Try looking at the COM server's remote activation permissions on the remote machine via dcomcnfg.exe (should open up MMC snapin).

-Oisin

Answer 2

I going to extrapolate some older experience with DCOM which may or may not be helpful. When you get access denied, you have to look at the DCOM configuration parameters on machine B.

On older OS's (Windows 2000) you would run dcomcnfg. But in XP, you run Component Services from the Control Panel -- Administrative Tools. Under Vista, apparently, you have to run windows\System32\comexp.msc.

When you are in the Component Services administration, highlight My Computer and choose properties. The first thing you have to do is on the Defaults Properties Tab, click Enable Distributed COM on this Computer. Additionally, you may need to specify Launch and Activate and Access permissions in the COM Security tab. When doing so you may have to deal with both Edit Limits and Edit Defaults?

Please note, that I believe that these are DEFAULT permissions and that you may want to find your registered COM+ application in the application list and set application-specific access rights rather than machine-wide defaults. But I know you have to check that Enable Distributed COM on this Computer checkbox.

I hope this helps.