Installation - Configuring DCOM

What is DCOM?

COM is the protocol to let applications communicate with each other. Distributed COM or DCOM allows applications that are not on the same PC to communicate over the network.

DCOM is ented on the network protocol that is available on your computer. Most commonly it runs on top of TCP/IP. However, in case your network is connected to the internet by means of using PRODBX, it might be a good idea to use a different protocol to secure your network of possible hacking.

DCOM is standard available starting from Windows NT4 and Windows 98/2. For earlier versions you must install additional software. PRODBX is never tested on these earlier platforms.

How to configure DCOM?

You can find the DCOM configurator in your system32 directory of windows. Run the program dcomcnfg.exe by typing it on a command prompt or using the run options in windows.

For Windows NT4, 2000, 98 and Me you'll get:

For Windows XP the configuration is slightly different. On startup you'll get the Component Services services screen:

General DCOM settings under XP can be set by right-clicking 'My Computer' en selecting 'Properties'. The application dependent settings are done in the 'DCOM Config' section under My Computer.

On other operating systems you will get similar screens. As an example we give the procedure on openVMS (DCOM v1.2). On openVMS the DCOM configurator is installed in SYS$STARTUP. Run the command file by typing @dcom$setup at the command prompt. You'll get the following screen:

By selecting option 1 you get very similar settings as under Windows. PROMES has on-hand experience configuring DCOM on openVMS. There are a lot of security issues you need to understand before setting up a reliable DCOM connection with this operating system. The choice of using NT-domain credentials through Advanced Server against using VMS-security is not so obvious. Please contact us at info@promes.com if you need more information.

Tips and hints using DCOM

First: make sure DCOM is switched on. Go to the default properties tab and make sure 'Enable Distributed COM on this computer' is checked.

Authentication level. This is the section where most of the problems happen. So read the following tips:

• It is always the highest authentication level the protocol uses. And don't forget, there are 4 places you must check to find out what the highest level is: application level pc1, default level pc1, default level pc2 and application level pc2. If you want to run in unauthenticated mode, you need to set the authentication level to 'None' on both pc's.
• If you changed a DCOM setting and you have the impression your change didn't have any effect, rebooting your machine may help.
• Windows 95, 98 and Me do not have the same security structure as NT oriented machines. These operating systems do not have facilities to check the credentials of incoming calls. If you want to have authentication on W95> you need to hook up your pc to a domain server in order to have the credentials checked by it. If you don't have a domain server, you will have to run in unauthenticated mode.
• Check your system's event log through the eventviewer. It may give you valuable hints.

As PRODBX is installed it configures its own applications to a recommended DCOM setting which is:

• Application starts using the interactive user.
• Access security is set to the default security + interactive and network user.
• Launch permissions are set to the default security + interactive and network user.
• PRODBX does not change the general DCOM settings.

If all of the workstations in your PRODBX network are hooked up to one domain server, or different domain servers with a trusted link, we recommend to remove the network user from the list.

The kernel process of PRODBX is dispatcherserver.exe. This executable is always started on request of another application through DCOM. This makes the dispatcherserver to run under the interactive account. If you want the dispatcherserver to be started on your request, and therefore created a shortcut to the executable, the process will use the account you logged in the system. All external clients will not be able to use this process, and actually will startup a new process under the interactive user, as soon as they request a service from dispatcherserver.

It may be that you want to shutdown the dispatcherserver process, and keep it down during a maintenance procedure. However, when an external request for the dispatcherserver is received, it will start the process again. To avoid this, remove the launching permissions for the dispatcher. You will still be able to start the process by starting a client on the same machine as the dispatcherserver, but the external requests will be ignored.

DCOM only works for registered applications. The installation program is taking care of this registration. However, this registration is done on the drive and directory you specified during the installation. If later you want to move the registered PRODBX executables to different drives or directories, you might have the problem the installation program is not able to overwrite your 'old' registration with the new one. Or if you simply want to unregister and register manually, follow this procedure:

• Use the command prompt and go to the old directory.
• Type the name of the executable to unregister followed by /UNREGSERVER
• Ex: C:\Program files\Prodbx\Server> Dispatcherserver.exe /UNREGSERVER
• Go to the new directory.
• Type the name of the executable to register followed by /REGSERVER