Results 1 to 7 of 7

Thread: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

  1. #1

    Thread Starter
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,732

    Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    Hi All

    I've got an application that needs to access the file system on a remote machine. The machine that's running the code is not on the same domain as the remote machine and therefore needs to pass credentials in order to carry this out. I found this post on Stack Overflow and have tried to copy it. Here's my resultant code:-
    VB Code:
    1. Dim token As IntPtr = IntPtr.Zero
    2.             LogonUser("funkyD", "hydro", "AsIfIdPublishAPassword", 9, 0, token)
    3.             errorMessage = "About to impersonate"
    4.             Using person As WindowsImpersonationContext = New WindowsIdentity(token).Impersonate()
    5.                 errorMessage = "Impersonated"
    6.                 Try
    7.  
    8.                     ' Check folder exists
    9.                     If System.IO.Directory.Exists(databasePath) Then
    10.                         errorMessage = "DirectoryFound"
    11.  
    12.                     ... carry out some other file operations but these aren't being reached...
    13.  
    14.                 Catch Problem As Exception
    15.  
    16.                     errorMessage = Problem.Message
    17.                     ' Handle and return error code
    18.                     ProblemHandler(moduleLevelAquatorProccessID, Problem)
    19.                 Finally
    20.                     person.Undo()
    21.                     CloseHandle(token)
    22.                 End Try
    23.             End Using

    This is resulting in an error message "Token Cannot be Zero". I've checked Marshal.GetLastWin32Error and it's return 1348 but I'm not sure where to find a reference to look this up.

    Can anyone suggest what I'm getting wrong here?



    Some more context that may be relevant: The actual setup here is that the above code is in a service. This service is being run on a virtual machine under the local system account. The remote machine it's reading from is actually the machine that's hosting the virtual machine but the virtual machine does not belong to the domain the host machine is on. This is a fairly unusual setup that's really just for me to do development to test this stuff out but, when we roll out the product, it won't be unusual for customers to spin up virtual machines of this nature and then want to call out to pick up files from their main company network and the VM is unlikely to be part of that domain.
    Last edited by FunkyDexter; Nov 26th, 2021 at 10:06 AM.
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

  2. #2
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,103

    Re: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    Firstly check that the service is running on the
    NetworkService account , or if I'm wrong find a more elevated account. I can't remember what is the one used for more access.

    Secondly, as per my answer here https://www.vbforums.com/showthread....(User-folders)

    Try this:
    Code:
      Dim tokenHandle As New IntPtr(0)
    
    ' GIVE YOUR CREDENTIALS
               If LogonUser("username", "domain", "password", 9, 0, tokenHandle) Then
                Dim newId As New WindowsIdentity(tokenHandle)
                Using impersonatedUser As WindowsImpersonationContext = newId.Impersonate()
    
    ...etc
    Looks the same but is it?
    Also try using 3 instead of 9 if it does not work.

    Finally there me have locked any remote acceptance on the server, I'm not an admin to tell you exactly what to check but if you can't figure it out I can ask a question on an admin on my job on Monday.
    .

  3. #3

    Thread Starter
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,732

    Re: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    check that the service is running on the NetworkService account
    It's running on the local system account rather than the Network Service Account. I found an interesting comparison here. I don't think that will make a difference as the network account will present itself using the local computers credentials which won't be recognised but I'm not sure on that point. I can try switching it to see what happens.

    Looks the same but is it?
    No, yours is subtly different. That's definitely worth a punt.

    Also try using 3 instead of 9 if it does not work.
    Will do.

    there me have locked any remote acceptance on the server
    This bit I can rule out as I'm able to browse to the server just fine (though I have to supply credentials).

    Have logged off now but I'll try all this on Monday. Thanks for the suggestions.
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

  4. #4
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,103

    Re: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    No problem.
    Hope you solve it.
    .

  5. #5

    Thread Starter
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,732

    Re: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    OK, have tried all the above except changing it to the Network Service Account (and having more of a read around that I think it could well be the problem). However, I can't seem to achieve that.

    I've amended the service to use the Network Service Account. To do that I opened the service properties page, selected the logon tab and browsed to the Network Service user. However, I cannot now start the service. I get a popup message saying "Window could not start the service on local computer. Error 1064: An exception occurred in the service when handling the control request".

    Checking the event view I can see the following: "Service cannot be started. System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:1006/AQTServer/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied"

    My first assumption from the above was that the Network Service user didn't have access to the folder containing the binaries for the service so I've explicitly given it full control. That hasn't worked though and I'm still getting the above error.

    Any suggestions?
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

  6. #6
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,103

    Re: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    I don't know what this error is but I see they are mentioning UAC settings. Asking an admin said that network service is probably enough . However checking a service I have created I've see that I have only give user permissions and it works fine. So what I would suggest is firstly have it run on the administrators account and see if it works.
    I would also suggest an add remove with InstallUtil so it won't have any "garbage" left.

    Edit: You should probably have seen this but just to be safe:
    https://social.msdn.microsoft.com/Fo...WindowsAzureAD
    Last edited by sapator; Nov 29th, 2021 at 05:51 AM.
    .

  7. #7

    Thread Starter
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,732

    Re: Directory.Exists failing on cross domain call. LogonUser returns Token Zero

    I tried switching the UAC off but it didn't help.

    I've got the IT department going through logs etc so hopefully they'll come back with something useful.
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width