Re: AzMan Access Check

Hi Jeffrey,

Thanks for you reply!

When I run the native version, it didn't report AV exception. However, the
managed version did report AV exceptions. I think it would be due to the
pointers used in managed code are not pinned properly and memory is
re-located during GC.

But when I run the native version for some thousands loop, it report error
like "server is not operational (0x8007203A)" or "the specified server
cannot perform the requested operation(0x3A)". We are still figuring out why
this would happen.

When I run it on a XP SP2 machine with 128MB RAM, it crashes randomly
sometimes the counter is near 800, while sometimes can make some thousands
calls. In order to make it to produce the error more quickly, you can try
running mutliple instances of the application concurrently. When I run 5
instances, all stopped at the same time while each made about 100 calls to
the dc. They either report 0x3A during the call to
AuthzInitializeContextFromSid, or 0x8007203A when calling ADsOpenObject.

Is it possible the "connection" (kind of system resources) on the DC are
used up and not released if we call too frequently? If so, how can I verify
it and solve it?

Domain Admin is not necessary, but for simplicity, Domain Admin carries all
right and definitely can perform access check =)

Best Regards,
Tony Cheung

""Jeffrey Tan[MSFT]"" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:6X8FAgxfGHA.5608@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Tony,

Thanks for your feedback!

Yes, I have got your Win32 version sample project. After modifying the 4
user settings in the application like below, I managed to get your
application running:

LPWSTR lpszPath = L"my user account LDAP string";
LPWSTR lpszPwd = L"my domain password";
LPWSTR lpszSID=NULL;
LPWSTR lpszUser = L"my account alias";

PSID psid=NULL;
DWORD dwsid, dwdomain;
LPWSTR lpszDomain=NULL;
SID_NAME_USE snu;

const DWORD INITIAL_SIZE = 32;
DWORD dwSidBufferSize = INITIAL_SIZE;
psid = (PSID) new BYTE[dwSidBufferSize];
if (psid == NULL)
{
return 0;
}
memset(psid, 0, dwSidBufferSize);
lpszDomain=(LPWSTR)malloc(sizeof(256));

BOOL fResult=LookupAccountNameW(NULL, lpszUser, psid, &dwsid, lpszDomain,
&dwdomain, &snu);
if(!fResult)
{
printf("LookupAccountNameW failed with error code %d", GetLastError());
return 0;
}
fResult=ConvertSidToStringSid(psid, &lpszSID);
if(!fResult)
{
printf("ConvertSidToStringSid failed with error code %d", GetLastError());
return 0;
}

Are you sure we need Domain Admin rights to run the code? My account does
not have Domain Admin rights in the company domain, but the code runs
without any problem.

Based on my test, your sample application runs very fast on my Win2003 SP1
machine, after several minutes, the count goes above 10000, but I still
did
not get any AV. Then I tried the application no another XP SP2 test
machine. I am not sure why, but the application runs very slow, almost
several seconds per loop. After running about 1 hour and getting more than
500 loops, I still did not get any AV in the application. Is there
anything
I missed?

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Quantcast