« Previous Next »

• 10-30-2009, 8:02 AM

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38

  Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact I'm banging my head against a wall, trying to get this to work. I have the following situation: Machine A should run a program which uses Microsoft.Web.Administration to connect to and manage IIS on Machine B. Machine A is in domain A. Machine B is not in a domain. User A exists in domain A. User A exists with the same username and password on Machine B. When I enable Remote Administration on Machine B, and connect through IIS Manager on Machine A, it asks for credentials. I enter them without a domain name, and everything works perfectly. The question is, how can I connect to and manage Machine B from Machine A programmatically? Doesn't the IIS Remote Management also use the Microsoft.Web.Administration? I can't impersonate (as far as I can tell), because Machine B isn't in the domain. I also can't find any way to send credentials when using ServerManager.OpenRemote(); Please help!

• 10-30-2009, 1:18 PM

  In reply to

  anilr Joined on 05-23-2006, 6:13 PM Redmond, WA Posts 2,343	Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact This should just work via the magic of NTLM - I know that I used this when both machineA and machineB are not domain joined and they have local users with identical username/password on them. Anil Ruia Senior Software Design Engineer IIS Core Server

• 11-02-2009, 5:15 AM

  In reply to

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38	Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact Sorry if I'm being dense, but can you please explain how to do this?  I've tried using LogonUser(), but it doesn't seem to work.  If that's the correct way, which domain name should I be passing to the function?  Anything special I should be doing?

• 11-02-2009, 11:05 AM

  In reply to

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38	Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact From the extensive searching I've done on the topic, it would seem that I need to additionally use CoInitializeSecurity, but I haven't gotten that to work either, yet. No matter what combination of parameters I seem to send to it, the calls to ServerManager always fail. Please help!

• 11-03-2009, 4:02 AM

  In reply to

  Leo Tang - MSFT Joined on 12-11-2008, 9:47 PM Posts 953

  Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact Hi, Base on the online document, we can only specify the server name when using ServerManager.OpenRemote() method. To connect to the remote server, you need to be logged in as/impersonating the local Administrator account with a synchronized password on the remote server.  And you also need to insure the DCOM connectivity because of MWA uses DCOM to connect to the remote configuration system. For the detailed information, please check the following article: Connecting to IIS 7.0 configuration remotely with Microsoft.Web.Administration http://mvolo.com/blogs/serverside/archive/2008/05/26/Accessing-IIS-7.0-configuration-remotely-and-on-server-core.aspx Leo Tang Microsoft Online Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• 11-03-2009, 4:11 AM

  In reply to

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38

  Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact The impersonation is exactly what I am struggling with. A simple impersonation doesn't work, as DCOM commands seem to take their identity from the original process, not the impersonation. Can anyone actually post some working code for this? I have not yet been able to find any. Either the code doesn't take into account the required Authentication level for IIS DCOM access, or it has some other problem.

• 11-03-2009, 4:14 AM

  In reply to

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38

  Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact BTW, here is the code I have tried, which is NOT working: bool returnValue = LogonUser(user, userDomain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref _userHandle);  if (!returnValue) throw new ApplicationException("Could not impersonate user"); WindowsIdentity newId = new WindowsIdentity(_userHandle);  _impersonatedUser = newId.Impersonate();  int retCode = CoInitializeSecurity(IntPtr.Zero, -1, IntPtr.Zero, IntPtr.Zero, RpcAuthnLevel.PktPrivacy, RpcImpLevel.Impersonate, IntPtr.Zero, EoAuthnCap.DynamicCloaking, IntPtr.Zero);  serverManager = ServerManager.OpenRemote(servername); Configuration config = serverManager.GetAdministrationConfiguration();

• 11-03-2009, 1:06 PM

  In reply to

  anilr Joined on 05-23-2006, 6:13 PM Redmond, WA Posts 2,343	Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact You will need to install this qfe - http://support.microsoft.com/kb/970691 Anil Ruia Senior Software Design Engineer IIS Core Server

• 11-04-2009, 5:46 AM

  In reply to

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38

  Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact anilr: You will need to install this qfe - http://support.microsoft.com/kb/970691 Sorry, that's not the error I'm getting. I'm also using IIS 7.5 on both sides, so that hotfix doesn't apply. The error I'm getting is: Retrieving the COM class factory for remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344} from machine (machinename) failed due to the following error: 80070005.

• 11-06-2009, 2:32 AM

  In reply to

  WenJun Zhang - MSFT Joined on 08-26-2008, 10:53 PM Posts 140

  Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact It's still an access denied error.  Make sure you run the code with a local account which exist on both machine with the exactly same username and password. In this case, the NTLM credential can be passed to the remote machine. Another approach you can choose is you can write the MWA code into a web service and deploy it to the remote IIS. Then use client code to call the web service to achieve your task. WenJun Zhang - MSFT Sincerely Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 11-06-2009, 3:16 AM

  In reply to

  lonevvolf Joined on 07-13-2006, 9:22 AM Posts 38

  Re: Using Microsoft.Web.Administration on a remote machine not in the domain Reply Contact Well, I've gotten around the problem, but it wasn't any of the solutions offered here. In order to run the impersonation for DCOM, you do indeed need to use the code as I posted above. The problem seemed to be with the one test call I was making to ServerManger. I was testing with a call to GetApplicationHostConfiguration(), which apparently has different requirements for security. Calling other methods/properties, such as ApplicationPools, worked fine. Another gotcha is to make sure to disable the host process when debugging, or the impersonation calls will fail. In any case, using the code posted earlier, you can access a remote machine with MWA, using a user account that doesn't necessarily exist on the local machine.