异常而ManagementEventWatcher(WMI),通知从远程计算机的事件 [英] Exception while ManagementEventWatcher(WMI) to notify events from remote machine
问题描述
我想从使用WMI和C#的远程计算机的事件查看器通知。我能够将系统连接,并使用 ManagementObjectSearcher 获取事件日志。但是,当我试图用 ManagementEventWatcher.Start 方法,我得到一个例外:
访问被拒绝。 (异常来自HRESULT:0X80070005
(E_ACCESSDENIED))
我已经给在WMI控制的permisions到
root\cimv2,也赋予管理员权限才能在DCOM配置用户的帐户。
我有正常的Windows应用程序,因此我。在我的情况不使用ASP.net(ASPNET用户)
我的代码是:
connectionOptions connectionOptions =新connectionOptions();
connectionOptions.Username = @Domain\UName; // txtUserName.Text;
connectionOptions.Password =通行证; // txtPassword.Text;
connectionOptions.Impersonation = ImpersonationLevel.Impersonate;
管理范围管理范围=新的管理范围(@\\server\root\cimv2,connectionOptions);
managementScope.Options.EnablePrivileges = TRUE;
managementScope.Connect(); //这一行正在执行的罚款。
eventWatcher =新ManagementEventWatcher(管理范围,新EventQuery(SELECT * FROM WHERE __InstanceCreationEvent ISA TargetInstanceWin32_NTLogEvent和TargetInstance.LogFile ='应用'));
eventWatcher.EventArrived + =新EventArrivedEventHandler(到达);
eventWatcher.Scope.Options.EnablePrivileges = TRUE;
eventWatcher.Start(); //发生错误这里
解决方案首先,请记住, 微软建议使用半同步操作(如布莱恩建议):
如果可以的话,我们建议您使用半同步操作
来代替。表现效果小,和一个半同步
操作允许相同的功能,但不要求反向
连接
另请参阅在VBScript中异步调用设置安全。
如果您仍想使用异步操作,请参考以下文章:
- 如何解决在Windows XP SP2 WMI相关的问题
- 的连接到远程WMI与Windows Vista开始
- 的保护远程WMI连接
- 的不同的操作系统
$ b之间连接$ b
因人而异,但对我来说(客户:Win7的X64 SP1服务器:Windows Server 2008企业版SP2 W / O型防火墙)为解决方案的
E_ACCESSDENIED例外是在第三篇文章中找到:
- 单击开始,单击运行,键入 DCOMCNFG ,然后单击确定。
- 在组件服务对话框中,展开的组件服务,展开计算机,然后用鼠标右键点击我的电脑并点击属性
- 在我的电脑属性对话框中,点击 COM安全标签。
- 在使用权限下,点击编辑限制。
- 在访问权限对话框,在组或用户名称选择匿名登录命名框。在允许下的为用户下,选择远程访问 权限列,然后点击确定
请注意,我没有上述在客户即可。而固定DCOM权限问题对我来说,我再遇到WMI拒绝访问错误(
0x80041003)。原来这是由于第二篇文章中提到的注册表项:
的CIMOM设置需要更新,如果远程连接$不具有信任关系的计算机之间b $ b:否则,
异步连接将失败。此设置不应该被修改
在同一个域或受信任域中的计算机。
下面的注册表项需要进行修改,以允许匿名
回调:HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\AllowAnonymousCallback
如果该AllowAnonymousCallback键被设置为0,WMI服务
防止匿名回调到客户端。如果该值被设置为1,
中的WMI服务允许匿名回调到客户端。
请注意,你需要设置在上面的服务器。一旦我这样做,异步回调的工作。其他的事情你可以尝试运行您的客户端作为管理员设置的 ConnectionOptions.EnablePrivileges 来实现。
有关的故障排除请参见:
最后,我建议你拿利用Microsoft的WMI测试仪(
%WINDIR%\system32\wbem\wbemtest.exe)I am trying to get notification from a remote machine 's event viewer using WMI and C#. I am able to connect the system and also get event log by using
ManagementObjectSearcher. But when I tried to useManagementEventWatcher.Startmethod I am getting a exception:Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I have given the permisions in WMI Control to
root\cimv2and also given the admin rights to the user's account in DCOM Config.I have normal windows application hence I am not using ASP.net(ASPNET user) in my case.
My code is:
ConnectionOptions connectionOptions = new ConnectionOptions(); connectionOptions.Username = @"Domain\UName";//txtUserName.Text; connectionOptions.Password = "pass";//txtPassword.Text; connectionOptions.Impersonation = ImpersonationLevel.Impersonate; ManagementScope managementScope = new ManagementScope(@"\\server\root\cimv2",connectionOptions); managementScope.Options.EnablePrivileges = true; managementScope.Connect(); // this line is executing fine. eventWatcher = new ManagementEventWatcher(managementScope, new EventQuery("Select * From __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance.LogFile = 'Application'")); eventWatcher.EventArrived += new EventArrivedEventHandler(Arrived); eventWatcher.Scope.Options.EnablePrivileges = true; eventWatcher.Start(); // Error occurs here
解决方案First, keep in mind that Microsoft recommends the use of semi-synchronous operations (as Brian suggested):
If you can, we recommend that you use a semi-synchronous operation instead. The performance effect is small, and a semi-synchronous operation allows the same functionality but does not require a reverse connection.
See also Setting Security on an Asynchronous Call in VBScript.
If you still want to use Async operations, refer to the following articles:
- How to troubleshoot WMI-related issues in Windows XP SP2
- Connecting to WMI Remotely Starting with Windows Vista
- Securing a Remote WMI Connection
- Connecting Between Different Operating Systems
YMMV, but for me (Client: Win7 x64 SP1 Server: Windows Server 2008 Enterprise SP2 w/o firewall) the solution for the
E_ACCESSDENIEDexception was found in the third article:
- Click Start, click Run, type DCOMCNFG, and then click OK.
- In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.
- In the My Computer Properties dialog box, click the COM Security tab.
- Under Access Permissions, click Edit Limits.
- In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click OK.
Note that I did the above in the client. While that fixed the DCOM permission problem for me, I then encountered WMI access denied errors (
0x80041003). Turns out it was due to a registry key mentioned in the second article:The CIMOM settings need to be updated if the remote connection is between computers that do not have a trust relationship; otherwise, an asynchronous connection will fail. This setting should not be modified for computers in the same domain or in trusted domains.
The following registry entry needs to be modified to allow anonymous callbacks: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\AllowAnonymousCallback
If the AllowAnonymousCallback key is set to 0, the WMI service prevents anonymous callbacks to the client. If the value is set to 1, the WMI service allows anonymous callbacks to the client.
Note that you need to set the above in the server. Once I did that, async callbacks worked. Other things you could try are running your client as an administrator and setting ConnectionOptions.EnablePrivileges to true.
For troubleshooting see:
Finally, I recommend you take advantage of Microsoft's WMI tester (
%windir%\system32\wbem\wbemtest.exe)这篇关于异常而ManagementEventWatcher(WMI),通知从远程计算机的事件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
