.net – 使用Microsoft.Web.Administration远程管理IIS时的身份
场景:
我需要远程管理与请求更改的服务器位于同一域的IIS服务器(创建和销毁应用程序).我有一个应用程序池设置为在授权帐户下运行.我已经使用IIS管理器和Web池成功运行的帐户测试了远程配置,因此我知道权限是正确的. 通过代码执行此操作时出现的错误是这样的. Type=System.Runtime.InteropServices.COMException Source=mscorlib Message=Retrieving the COM class factory for remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344} from machine <SERVERNAME> failed due to the following error: 800706ba <SERVERNAME>. 如果我查看我尝试进行身份验证的远程IIS计算机上的事件日志,我会看到以下错误. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 7/13/2011 5:20:22 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: FQDN.local Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: UserName Account Domain: DOMAIN Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc00002ee Sub Status: 0x0 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service,or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>4625</EventID> <Version>0</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2011-07-13T21:20:22.234292500Z" /> <EventRecordID>12046</EventRecordID> <Correlation /> <Execution ProcessID="556" ThreadID="8984" /> <Channel>Security</Channel> <Computer>FQDN.local</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-0-0</Data> <Data Name="SubjectUserName">-</Data> <Data Name="SubjectDomainName">-</Data> <Data Name="SubjectLogonId">0x0</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">UserName</Data> <Data Name="TargetDomainName">DOMAIN</Data> <Data Name="Status">0xc00002ee</Data> <Data Name="FailureReason">%%2304</Data> <Data Name="SubStatus">0x0</Data> <Data Name="LogonType">3</Data> <Data Name="LogonProcessName">Kerberos</Data> <Data Name="AuthenticationPackageName">Kerberos</Data> <Data Name="WorkstationName">-</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x0</Data> <Data Name="ProcessName">-</Data> <Data Name="IpAddress">-</Data> <Data Name="IpPort">-</Data> </EventData> </Event> 我已经做了很多搜索,并没有找到任何似乎指向正确方向的东西.我确实找到了一些谈论森林信任的事情,这可能是问题,但我不是一个AD的头衔,而且这一切都超出了我的想象.我觉得适当的权限已经到位,因为我可以使用IIS管理器正常工作,它只在使用Microsoft.Web.Administration和ServerManager.OpenRemote()时失败 UPDATE 我在两台计算机上都禁用了UAC,并将证书从目标IIS计算机添加到请求计算机上的证书存储区.仍然得到同样的错误.
这听起来很蠢 – 只是一些想法:
更新:检查用户是否具有“作为操作系统的一部分”的用户权限,请参阅标题为“Windows Server 2003注意事项”下的this page的底部. >对我来说最有可能听起来像Kerberos约束委员会的问题.它是从Windows Server 2003引入的,目的是限制Web服务器通过Kerberos访问远程资源(因为,如果Web服务器被泄露,它会变得有点丑陋).请查看此配置服务器以获得委托信任:http://technet.microsoft.com/en-us/library/ee675779.aspx. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
- Win10下使用默认的照片查看器
- WP7 - Runing App under the Locked Screen详述
- Win10中智能客户端打开后,出现验证后无响应,并且在任务管
- pycharm安装及配置
- windows-server-2012-r2 – Office 365 MFA ActiveSync免除
- Windows – 集中管理WSUS,但更新来自Internet
- 如何在不使用ping.exe的情况下在Windows上使用Java一次发送
- windows-server-2016 – 启用存储空间Direct Server 2016时
- windows – Linux spin_lock与NT KeAcquireSpinLock
- 变量 – 如何将substring命令应用于XP cmd脚本中的双倍变量
- windows-7 – 防止工作站访问特定的IP
- 什么是Windows Home Server备份技术的可扩展替代
- windows-server-2008 – Server 2008 R2到Server
- Windows是否有可以从C调用的JSON API?
- windows – mathematica中便携式笔记本电脑的相对
- 如何使用NetCat for Windows将二进制文件发送到T
- 我应该在Windows上使用哪个版本的Ruby与Vim 7.4?
- .net – DataTemplate中的TemplateBinding不起作
- winapi – 获取运行OpenGL的子窗口的截图(Window
- Windows内存分配问题