I’m in the process of trying to containerize a Windows DCOM application that uses RPC to connect to a particular service. Normally I would grant the DCOM application server dcom remote permissions on the RPC endpoint server and everything works fine.
I loaded my application inside a container image running on Server 2016 and though I could grant the Server 2016 container host remote dcom permissions on the RPC endpoint, however, that does not appear to work.
On the RPC endpoint server, event viewer is showing the following DCOM permission errors..
The machine wide limit settings do not grant Remote Activation permission for COM Server application to the user NT AUTHORITY\ANONYMOUS LOGON SID (S-1-5-7)…
Is there anyway to change the Container SID to use an identity something other than anonymous? I would rather not want to grant anonymous logon permissions on the RPC end point server. Is there a way for the Windows container app to present a valid SID?
Thank you
Best Answer
Maybe try running your container using the identity of a Group Managed Service Account as described here:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts