?
Solved

Call to LogonUser Lib "advapi32.dll" works on one server but not another

Posted on 2007-07-25
5
Medium Priority
?
1,238 Views
Last Modified: 2008-01-09
I'm deploying a windows service that watches for files.  I need to impersonate an account that has access to a network share and this is working on my local machine and a development server but not the prod server.  I can map drives on both servers using the account in question. Myself, the impersonation account, Admins, and SERVICE are all part of the "Impersonate a client.." security setting.  It looks like the call to advapi32.api is failing with a False return on the prod server (I can't attach to a process on the servers to see why but I've added logging that narrows it to that call).
Differences between dev and prod server:
   Prod:Windows Server 2003 R2 Standard EditionSP2  
   dev: Windows Server 2003 Standard Edition SP1  
   Different domains but both my id and the impersonation id can be located and given privileges on both servers using "domain\id" where domain is the same for both.

Any ideas why it's failing?
0
Comment
Question by:bozworthy
  • 3
  • 2
5 Comments
 
LVL 38

Accepted Solution

by:
PaulHews earned 1000 total points
ID: 19569006
If you are using the LOGON32_LOGON_INTERACTIVE then I believe you also need the "Log on locally" privilege set.

If there is still no love, try the "Act as part of the operating system" privilege.  It's not supposed to be a restriction for LogonUser in 2003, but SP2 might have changed something.

Also what error is retrieve with GetLastDLLError when it fails?
0
 
LVL 1

Author Comment

by:bozworthy
ID: 19569047
thanks for the quick response.
still no love with either of those two security settings.  do I need to uninstall, reinstall, and restart the service to pick up those changes (I would think not) ?

I don't have GetLastDLLError  implemented in the code at this time but I'll get to work on that.
0
 
LVL 38

Expert Comment

by:PaulHews
ID: 19569110
You will have to restart the service at least I think.
0
 
LVL 1

Author Comment

by:bozworthy
ID: 19569200
Ok I went back and removed all the security entries and restarted the service after adding each one at a time.  It's the Allow log on locally that does the trick.  Thanks a million.  I think that was quickest solution I've had yet.
0
 
LVL 38

Expert Comment

by:PaulHews
ID: 19569359
Glad you got it working.  Thanks.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question