Open devaskim opened 1 year ago
Hi @devaskim , sorry to hear you are having problems. I don't know what to suggest to be honest. My experience with j-interop
is pretty limited - to the changes that I made recently. I don't have any experience with Matricon.
The error code 0x800706BA
suggests that the RPC
server is unavailable/not started? Is the Remote Registry service started - can't be that simple!?
Phil
Thanks @pgharron for your attention. RPC is up. Remote Registry was disabled, but starting it didn't help. Just to remind it is localhost connection.
C:\WINDOWS\system32>Portqry.exe -n 192.168.0.5 -e 135
Querying target system called:
192.168.0.5
Attempting to resolve IP address to a name...
IP address resolved to host.docker.internal
querying...
TCP port 135 (epmap service): LISTENING
Definitely there is a misconfiguration of RPC, but could not find the root cause.
192.168.0.5
- is IP of my WiFi connection. Just to remind, my app and DCOM server is on the same machine
C:\Users\Admin\code\impacket\examples>rpcmap.py ncacn_ip_tcp:192.168.0.5[135]
Impacket v0.10.1.dev1+20230413.195351.6328a9b7 - Copyright 2022 Fortra
[-] Protocol failed: rpc_s_access_denied
[-] This usually means the credentials on the MSRPC level are invalid!
C:\Users\Admin\code\impacket\examples>rpcdump.py 192.168.0.5
Impacket v0.10.1.dev1+20230413.195351.6328a9b7 - Copyright 2022 Fortra
[*] Retrieving endpoint list from 192.168.0.5
....
....
[*] Received 354 endpoints.
@pgharron Sorry for interrupting you, maybe you could point me out where to search for the RPC root cause?
Thanks in advance
No problem, sorry I can't be of more help.
As I mentioned my experience with the j-interop
library is very limited.
I have tried the same tools rpcdump
and rpcmap
and they work for me - albeit not on the same server but over our network to a windows 2019 server in azure, from my linux workstation.
Are you running a Windows 2022 server? I couldn't make a connection the last time I tried, and decided to use Windows 2019 instead.
Phil
I am on Windows 10 Pro 22H2 and Windows 7
Could you try another machine?
Do you mean Windows Server instead of desktop version? Because customer wants to use only Windows and only run both our application and OPC DA server on the same machine
Well, just as a sanity check to see if it's that particular version of Windows/desktop combination.
Hi @devaskim , did you have any success?
@pgharron No, still no success. But got a lot of useful information from skilled guy on SO.
In a nutshell, java process should call in some way native CoInitializeSecurity
API. Alternatively, there is possibility to do the same via Windows Registry.
So now am reading a lot of Windows manual and experimenting....
Good luck! I wonder is there any way to spoof your machine/wiFi as localhost/127.0.0.1? Might be way off track here...
Based on this link, j-interop doesn't have a fix corresponding to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. MS changes authentication level to it underneath even if you don't specify it in your code.
You mentioned Marticon Simulation Server, so I assume you are using classic OPC server. For that reason, there is a solution to let you use your preferred language to connect to a classic OPC server. So, you can use Java to retrieve OPC data back without worrying about any DCOM and its vulnerability issue anymore. Good luck!
and in application logs
Hi team,
First of all, I know a whole history of Microsoft's DCOM hardening and the reason why PR #17 was applied. But even with all these fixes/improvement from @pgharron my application cannot make ASYNC read from Matricon Simulation Server working on the same machine. SYNC read (device mode) works like a charm thanks to @pgharron
Maybe you guys, @skyghis or @pgharron, could point me out that is going wrong ?
I spent several weeks on this issue and no results yet ((((
All Windows RPC services are up. I disabled Windows Defender and Firewall, no antivirus, grant full remote and local DCOM permissions (activation, access and configuration) for all types of Windows user. Done all steps from official Matricon DCOM guides. In other words, my PC is security hole.
I initialized session with highest authentication level:
Debugger shows the protection level of NTLM connection is 6, i.e. PROTECTION_LEVEL_PRIVACY, i,e, the highest.
Please, note that the error description of Windows Event Viewer includes the IP of my WiFi adapter (192.168.0.5). But I need only localhost connection. Maybe this is the reason?
My connection parameters are the following: