Delphi – Legacy DCOM server on Windows Server 2008 R2

I have a legacy DCOM server and client application both written in Delphi v6. The DCOM server is currently configured to run once and service all clients. The main reason for it running once is that the server provides an interface to an accounts application and must logon and can only do this once for a given user name.

Our customer now wants to upgrade their server to Windows Server 2008 R2 leaving the clients on Windows XP but I have been unable to replicate the current set-up.

The current set up that I can get to work on a test rig is slightly odd!

I have to configure DCOM settings to allow remote launch or I get access denied on the client
If the DCOM server is not already running, when the client tries to connect to it I get server execution failed.
If the server is running and the launch permission is set to allow remote launch, the client starts a new instance of the DCOM server rather than using the instance already started. This then causes problems in the accounts application as the same user tries to logon which is not allowed.
If I close the DCOM server running on the server, the client happily works away with its own instance. I cannot see the DCOM servers main form though as its running in the background (can see it in task manager)

I've found various articles to do with this problem but nothing so far has worked. These include running the DCOM server as administrator, not running the DCOM server as administrator, allowing COM+ in the firewall, adding the DCOM server to the firewall, the DCOM server located in SysWOW64, using the 32 bit version of DCOMCNFG, etc.

Now not sure where to go…

Thanks for any help

Simon

Best Answer

DCOM default permissions has changed in XP SP2 and 2003 SP1. You'll need to configure the properly to make your service running properly. Usually, unless you implement the DCOM server in a service (something Delphi doesn't allow due to limited DCOM support), the DCOM server is started when a user connects, and that's why you may need the "remote launch" permissions. Moreover a DCOM server may be started in the context of a given user, the interactive user (must be avoided for remote clients!), or the launching user. What mode are you using? - if it is set to "launching user" it will always create a new instance. How was your server instanced before the new OS? How is its class factory implemented? See here for some interesting information about DCOM and Delphi implementations.

BTW:

Never run your DCOM server with Administrators privileges unless it really needs it. Otherwise you can create a security hole.
If a firewall is present, both the RPC endpoint port and the ports configured for DCOM must be opened to the calling clients.
Don't mess system directories with your application. There's no need, if your app works only there you have a privileges misconfiguration, and you won't solve it properly putting files where they don't belong to.

Best Answer

Related Solutions

DCOM: CoCreateInstanceEx returns E_ACCESSDENIED

How to register a 32-bit .DLL COM+ application on Windows 2008 R2

Related Topic