- This topic is empty.
-
Posts
-
Here’s the short version (those w/more security knowledge might chime in here to recommend which boxes should be de-selected):
1) Refer to Symantec’s Document ID: 2004071911425704 Click Here
2) Follow Sections 1 thru 7
3) Do everything they say EXCEPT Section 6, step 9: I selected to ALLOW ALL FOUR ENTRIES… Local Launch, Remote Launch, Local Activation, Remote Activation (whereas Symantec said to only select Remote Activation).
BAM! It worked !!!
Ok… here’s the long version:
I did everything Symantec said and tried some of the other solutions recommended within this forum…. but no luck! Kept getting Access Denied errors when trying to set up the client.
I then looked at the Windows XP Event Viewer (system section) on the HOST, which stated:
The launch and activation security descriptor for the COM Server application with CLSID {17EAB2A0-70E2-11CE-A7FB-008029E0ABE9} is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.THAT descriptor refers to the WinFax.Attachment entry in the DCOM Config List.
Changed the properties in DCOM to enable ALL four entries and THAT DID THE TRICK.
Some variables & info worth noting:
1) The host is Windows XP sp2 w/TalkWorks Pro 3.0
2) The client is Windows XP sp1 w/TalkWorks Pro 3.0
3) Tested another client with Windows 98se w/TW Pro 3.0 and it worked fine
3) I did NOT need “matching user accounts” on both the host & client
4) I do NOT have “matching oleaut32.dll”Hello John, thanks for the informative posting.
Just curious, on the Host machine, if you go back to Section 6, item 9 and turn off Local Launch , Remote Launch, and Local Activation (and only have Remote Activation) enabled. Does it fail again with the Access Denied Message? and does Windows XP Event Viewer log the same error message?
on The WinFax Host Machine:
Section 6: To enable Anonymous Logon users to have remote activation access to the WinFax.Attachment DCOM component
1. From the Start menu, click Settings > Control Panel.
2. If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance, and then double-click Administrative Tools.
3. Double-click Component Services.
4. From the Console Root, open Component Services > Computers > My Computer > DCOM Config.
5. From the menu, click View > Detail.
6. From the DCOM Config list, right-click WinFax.Attachment, and click Properties.
7. On the Security tab, in the Launch and Activation Permissions group, select Customize, and click Edit.
8. Click Add, type ANONYMOUS LOGON and click OK.
9. Choose ANONYMOUS LOGON, and select Allow on the Remote Activation entry. All other boxes should be deselected.
10. Click OK, and then click OK again.
11. Close the Component Services window and the Administrative Tools window.
Edited By Moderator on 1176051731
I am going to try your suggestion at the office tomorrow, I will let you know. Man, this is like the search for the Holy Grail.
@Moderator wrote:
Hello John, thanks for the informative posting.
Just curious, on the Host machine, if you go back to Section 6, item 9 and turn off Local Launch , Remote Launch, and Local Activation (and only have Remote Activation) enabled. Does it fail again with the Access Denied Message? and does Windows XP Event Viewer log the same error message?
You’re welcome! I sure am hopeful that this works for others… and anxious to start hearing back their results.
Interesting… I went back to the host and turned those items off as you requested… then I did the following tests:
1) Just loaded the Controller at the client: It still worked at the client.
2) Unloaded the Controller at the client; Disabled the Sharing Client; Exited setup; Re-enabled Sharing Client: It still worked.
Does this behavior provide any further insight to a quicker/easier fix than that outlined by Symantec?
COM Server application with CLSID {17EAB2A0-70E2-11CE-A7FB-008029E0ABE9} is invalid. It contains Access Control Entries with permissions that are invalid.
the above error may have been the source of the problem, and simply recreating the Access Control entries by enabling “Allow All” for Local Launch, Remote Launch, Local Activation, Remote Activation corrected it…?
it would be interesting to see if others have the same type of error in the Event Viewer, and simply by enabling “Allow All” for Local Launch, Remote Launch, Local Activation, Remote Activation, then resetting , and then turning them back off except for Remote Activation (the Symantec recommended settings) might fix the Access Denied problem.
Edited By Moderator on 1176093944
John
I tried your suggestion and I worked!! I also went back and undid the changes like Moderator suggested and it continued to work.
While I was following the Symantec document until I got to Section 6 step 9 I noticed that I hade made a mistake before; in section 5 step 9, instead of having the check mark in Remote Activation, I had it in Remote Launch, I don’t know these settings well enough to be able to tell if that was my whole problem before.
But at least it works now.
Thanks,
BernieJohn
Another question: According to the Symantec document, it says; either update to version 10.04 or follow this document.
I actually have 10.04 and also followed the document. Do we just have to assume that 10.04 just never works the way it was intended to, because these changes should work with 10.03 or 10.02 right? If this is the case then the upgrade to 10.04 is always unnecessary, or is there a way to make 10.04 work without having to tweak these settings.
BernieHey Bernie,
This is GREAT news! Now we just need to hear back from some other users to see what’s happening with different versions.
If I had to speculate, my guess would be that this fix will work across all versions… How’s that for optimistic!
Remember, I’m using “TalkWorks Pro 3.0”.
Let’s
these steps are specific for pre-10.04 versions of WinFax PRO that use WinFax Fax Sharing, this includes TalkWorks PRO 3.0.
According to Symantec, these steps are NOT required if you are using 10.04. The main purpose of the 10.04 update was to fix this problem with Fax Sharing that was introduced with increased security settings in Windows XP SP2.
Also, you CAN’T update to 10.04 unless you already have 10.03 installed, 10.03 is not available via LiveUpdate, and it is a full install CD ROM to upgrade your version from 10.0x to 10.03. Symantec is no longer offering 10.03 upgrades that I am aware of, so you have to get your update by other means (purchase a copy of 10.03 CD ROM from many of the sites advertising on here) or elsewhere.
Any pre-10.04 version of WinFax PRO or TalkWorks PRO 3.0 using Windows XP SP2 will require these steps listed in the Symantec document above.
For Moderator:
I do have the CD version of 10.03 and it was installed on both computers the host and the client and then both upgraded to 10.04, but could not make them work before until I tried the fix suggested by JohnNadeau, but also noticed that I had one of the settings incorrect, (maybe this was the problem) as I mentioned in my previous posting.
Since they are working now, should I just leave them as they are or try to go back to default SP2 settings and see if 10.04 works there?
thanks
BernieBernie, if you’re using all Windows XP Sp2 or a mix a Windows 2000/NT/XP SP2 for hosts/clients (no Win9x or Me), and you updated from 10.03 to 10.04, you can try un-doing all the changes you made from the document and then see if it still works, according to Symantec, it should.
Edited By Moderator on 1176730106
I tried the short version and it didn’t work the long version I don’t understand at all what I am soposed to do. However I can’t get the program to work if anyone can help me out here please?
@ywcpa wrote:
I tried the short version and it didn’t work the long version I don’t understand at all what I am soposed to do. However I can’t get the program to work if anyone can help me out here please?
the steps you need to take depend on the version of WinFax you have installed. If it’s 10.03 or lower, you need to follow the steps outlined in the Symantec document (link at message #1 of this thread)
if you have 10.04, you should not have to do any of these changes below:Reconfiguring Windows XP security settings
To enable Fax Sharing, perform the following steps at the host computer, and then repeat sections 1-4 at the client computer. Do all of the sections in the order given.Section 1: To ensure that the Windows Firewall is enabled
At the host computer, log on as a user with Administrative privileges. If you already performed sections 1-7 at the host computer, logon at the client computer instead.
From the Start menu, click Settings > Control Panel.
If using the Classic View, double-click Windows Firewall. Otherwise, click Security Center and then, in the “Manage security settings for:” section, click Windows Firewall.
Select On (recommended).Section 2: To add the WinFax Controller program to the Windows Firewall Exceptions list.
On the Exceptions tab, click Add Program.
Select Controller. The “Path:” box displays a path that ends in Wfxctl32.exe.
If the host and client are on the same network (subnet), click Change scope and select My network (subnet) only.
Click OK, and then click OK again.
In the Programs and Services list, ensure that the box next to Controller is selected.
Click OK, and close the Windows Control Panel.Section 3: To enable Remote Administration traffic through the Firewall by enabling RPC and DCOM
From the Start menu, select All Programs > Accessories > Command Prompt.
Type netsh
Type firewall
If the host and client are on the same subnet, type:
set service REMOTEADMIN ENABLE SUBNETotherwise, type:
set service REMOTEADMIN ENABLE ALLType show service and verify that Remote Administration is enabled.
Type exit and then type exit again.Section 4: To enable machine wide, remote access to COM for Anonymous Logon users
From the Start menu, click Settings > Control Panel.
If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance, and then double-click Administrative Tools.
Double-click Component Services.
From the Console Root, open Component Services > Computers > My Computer.
If you see a Security Alert dialog box, click Unblock.
Right-click My Computer, and click Properties.
In the My Computer Properties dialog box, on the COM Security tab, in the Access Permissions group, click Edit Limits.
In the Access Permission dialog box, choose ANONYMOUS LOGON, and select Allow on the Remote Access entry.
Click OK, and then click OK again.
Close the Component Services window and the Administrative Tools window.
If you are performing these steps at the host computer, continue with section 5. Otherwise, go to section 7.Section 5: To enable Anonymous Logon users to have machine wide, remote activation access to COM
From the Start menu, click Settings > Control Panel.
If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance and then double-click Administrative Tools.
Double-click Component Services.
From the Console Root, open Component Services > Computers > My Computer.
Right-click My Computer, and click Properties. This step opens the My Computer Properties dialog box.
Click the COM Security tab.
In the Launch and Activation Permissions group, select Edit Limits.
In the Launch Permission dialog box, click Add, type ANONYMOUS LOGON and click OK.
Select ANONYMOUS LOGON, and select Allow on the “Remote Activation” entry. All other boxes should be deselected.
Click OK, and then click OK again.
Close the Component Services window and the Administrative Tools window.
Restart the computer.
Section 6: To enable Anonymous Logon users to have remote activation access to the WinFax.Attachment DCOM component
From the Start menu, click Settings > Control Panel.
If using the Classic View, double-click Administrative Tools. Otherwise, click Performance and Maintenance, and then double-click Administrative Tools.
Double-click Component Services.
From the Console Root, open Component Services > Computers > My Computer > DCOM Config.
From the menu, click View > Detail.
From the DCOM Config list, right-click WinFax.Attachment, and click Properties.
On the Security tab, in the Launch and Activation Permissions group, select Customize, and click Edit.
Click Add, type ANONYMOUS LOGON and click OK.
Choose ANONYMOUS LOGON, and select Allow on the Remote Activation entry. All other boxes should be deselected.
Click OK, and then click OK again.
Close the Component Services window and the Administrative Tools window.Section 7: Apply the changes
Restart the computer.If you are performing these steps at the host computer, repeat sections 1-4 at the client computer. Otherwise, stop here. You have completed all the steps. Fax Sharing should now work between the client and host.
If you’ve followed those steps and it still doesn’t work, I would suggest posting a new topic with the specific details of the problems you are experiencing.
Edited By Moderator on 1177156578
MODERATOR:
As soon as I reversed the settings back to the default SP2 security settings, following Symantec’s “Part 1: Ensuring that the computer is using the dafualt security settings” on the host machine, the client machine can no longer connect. Now the message says:
Winfax PRO is unable to connect to the Host station called … . Make sure that an account has been created for you on the host station (using the same name/password used to login on your client station)
On the host station it is not setup so that it requires a password.
Since nothing changed in Winfax from the time when it could connect with the relaxed SP2 security settings, to when it can no longer connect and the only change is the XP firewall settings, the message that I am getting really doesn’t accurately point to the problem, it just knows that it can’t connect but it doesn’t know why. I have not reversed the changes in the client, but I don’t think it will matter, I think the firewall security settings of the host continue to be the problem, so there is probably no reason to.
My question continues to be: does anyone have a XP SP2 network running 10.04 with the default security firewall settings in which Winfax works without a glitch?
Can you add see any reason why it would do this? Should I just go back to the settings that John Nadeau proposed.
Bernie
- You must be logged in to reply to this topic.