Service/DCOM can't access file share on different domain

[jballum]

I am having an issue. I have some services/dcoms that when they are attempting to start they first access a file share to gather some info.

The problem is that when the services are located on a server that is on a domain that is different from the server holding the file share the service does not have access to the file share.

I mapped a drive using a domain account of the file share domain and the service still does not have access to the file share. This is the same issue with a DCOM of mine.

The file share is open to EVERYONE so I don't think it is a rights issue.

Is there some setting that enables services to access file shares on a different domain? Or is there something else I am missing?

 

[TechyMcSe2k]

On your service, do you have it running under the account you are trying to access the share with?

 

[jballum]

No, the service is being started by a local user. It cannot be started by a user on the other domain (where the file share exists).

Let me give an example:

Server_A : file share opened to everyone is on this server and this server is on DOMAIN_A

Server_B : service is on this server and this server is on DOMAIN_B

On Server_B I have a mapped drive to the share on Server_A (using a userid that exists on DOMAIN_A). When I try to start up the service it says it cannot access the file share (the app behind the service accesses the file share) even though the file share is opened via mapped drive.

I am just wondering why the service does not recognize the authenticated rights to the mapped drive. It is like it is trying to reauthenticate using the user that is starting the service.

Thanks for any help.

John

 

[TechyMcSe2k]

Do you have any kind of Trust between these domains? If you do, you can give the Domain A account, logon as a service on the Server B. The service should then be configured to log on with the Server_A account.

the service is not able to access that network share, beause it is using the Server_B Local User account. This account would never be able to access a file share/mapped drive as it would never authenticate in the other network. You will have to use a domain service account that you create to run this service. But you still need a Trust.

 

[jballum]

Thanks for the input but that isn't possible.

I found a workaround on the web which shows a BIG hole in windows.

I created a local userid on the Server_A and another local user on Server_B (with same identifier and password). I granted the local userid on Server_A access to the file share. I then started the service with the local userid and it starts fine (access share fine).

No idea why this works and how on earth this could work but it works.

In any case thanks for your feedback.

 

[Davetoo]

If you created two local users with the same account details, then by default they will have access to a share setup to allow that user to access it. A local account on system 1 and a local account on system 2 with the same username and password appear the same to both systems.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[TechyMcSe2k]

Cool find!