MusMuris

I'm using the System.Management namespace to try to use WMI peformance counters and I have an authentication issue that I cannot work out.

I have 2 domains - let's call them RED and BLUE. I'm told that a trust is set up such that BLUE trusts everything from RED. I'm trying to connect from computer R in RED domain to computer B in BLUE domain.

Firstly, I can connect ok using B's local admin account:

ConnectionOptions opts = new ConnectionOptions();
opts.Username = "B\\Administrator";
opts.Password = "adminpassword";
ManagementScope scope = new ManagementScope("\\\\B.BLUE\\root\\cimv2", opts);
scope.Connect();

and this works fine - I then go on to reading performance counters - so there appears to be no blocking firewall or anything wrong here.

I then added my account RED\MusMuris to B's local administrator group. I can now log-on to windows directly on B as myself, however when I try using RED\MusMuris with my password via WMI I get an access denied.

However what I really don't get is that if I run the same program on a 2nd computer in the BLUE domain (call it B2) then it connects fine and runs using the RED\MusMuris account - so again it appears there is nothing on B stopping me from doing this and RED\MusMuris must have permissions to do this.

To add more confusion it appears that sometimes I can connect providing I'm logged into RED\R as myself and do not suppy my password. Then it's ok - adding the password back in fails again.

In all cases the fail is with an "Access Denied" error. Any ideas on where I could get help with this


Re: Visual C# General WMI cross domain authentication issue

Karthikeya Pavan Kumar .B

There are several types of errors for "Access Denied" can you elobrate on the error you receive....

Check this link

http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx






Re: Visual C# General WMI cross domain authentication issue

MusMuris

Sorry - it just looked like a general "denied" to me. What I actually get a System.UnauthorizedAccessException with the text:

{"Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"}

and the stack trace is:

at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)\r\n

at System.Management.ManagementScope.InitializeGuts(Object o)"





Re: Visual C# General WMI cross domain authentication issue

Karthikeya Pavan Kumar .B

Try looking at the various work arounds

The first has for sure been mentionned here and relates to the windows firewall. See the following KB article:
http://support.microsoft.com/ kbid=875605



The second change that has to be made is changing the Force Guest setting on the remote machine. If the remote machine is part of a Domain, then no worries. If the remote machine is part of a workgroup, you must change a setting according to this:
http://groups.google.com/groups selm=3E822EB9.C5D31E11%40hydro.com


(you cannot change the setting on WinXP Home)

http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=352850&SiteID=1






Re: Visual C# General WMI cross domain authentication issue

MusMuris

Thanks for your help - but i've already tried both of those and they are set up correctly.

As I say both PCs are in a Domain, and it's only when trying from the RED domain to the BLUE domain using the RED account with its password that it fails. BLUE to BLUE works ok, as does RED to RED all using the RED account.

RED to BLUE works ok when using the BLUE pc's local admin account. (Not tried with a BLUE domain account as I'm waiting for that to be created so I can test it)