none
Can I run DCOM Server inside Docker container? RRS feed

  • Question

  • Is it possible to run DCOM server application in docker container?

    I want to call a DCOM server from a client application on the host machine. My host is Windows 10 and I am using windowsservercore base image. I am using default networking mode (NAT) for my container. My client application gets Access Denied error when it tries to CoCreate the DCOM server.

    I created same local user account on both my host machine and the container and impersonated that user before calling CoCreate instance, but it didn’t help. Any suggestions on how to make this scenario work will be greatly appreciated.

    Wednesday, January 2, 2019 11:32 PM

All replies

  • Greetings,

    I wish following github repo can help you a little.

    https://github.com/c-owens/DcomContainerSample


    Sic Parvis Magna


    Thursday, January 3, 2019 1:16 AM
  • Hi there.

    I'm trying to move my opc server to windows container. In this case, i have made the DCOM configuration with Carbon and install all of the sevices from executable files in slient mode. And i have defined a local user. All of configuration scripts can be found below.

    I'm working on swarm mode and i have created and overlay network. Then i started a service with docker service --network <overlay>.

    When everything is alright, i tried to connect to OPC Server through overlay network with its service name. Finally i got an error: "Access is denied. [0x80070005]". Although all of the configurations were correct when i checked.

    Whereas, i have made test with virtual machine which is windows server 2019 and run same scripts and then i could connect directly.

    What should i do next? I guess there might be a user definition problem or i have to make additional configuration in order to connect OPC Server within windows container.

    Thanks in advance.

    DCOM Settings Script

    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Ole\' -Name 'EnableDCOM' -Value 'Y';
    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Ole\' -Name 'LegacyImpersonationLevel' -Value 2;
    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Ole\' -Name 'LegacyAuthenticationLevel' -Value 2;
    Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Lsa\' -Name 'forceguest' -Value 0;
    
    Copy-Item -Recurse $PSScriptRoot\Carbon\ "C:\Windows\system32\WindowsPowerShell\v1.0\Modules";
    Import-Module 'Carbon';
    Grant-ComPermission -Access -Identity 'Anonymous Logon' -Allow -Default -Local -Remote;
    Grant-ComPermission -Access -Identity 'Everyone' -Allow -Default -Local -Remote;
    Grant-ComPermission -Access -Identity 'Interactive' -Allow -Default -Local -Remote;
    Grant-ComPermission -Access -Identity 'Network' -Allow -Default -Local -Remote;
    Grant-ComPermission -Access -Identity 'System' -Allow -Default -Local -Remote;
    Grant-ComPermission -Access -Identity 'Anonymous Logon' -Allow -Limits -Local -Remote;
    Grant-ComPermission -Access -Identity 'Everyone' -Allow -Limits -Local -Remote;
    Grant-ComPermission -Access -Identity 'Interactive' -Allow -Limits -Local -Remote;
    Grant-ComPermission -Access -Identity 'Network' -Allow -Limits -Local -Remote;
    Grant-ComPermission -Access -Identity 'System' -Allow -Limits -Local -Remote;
    Grant-ComPermission -LaunchAndActivation -Identity 'Anonymous Logon' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Everyone' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Interactive' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Network' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'System' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Anonymous Logon' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Everyone' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Interactive' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'Network' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Grant-ComPermission -LaunchAndActivation -Identity 'System' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'everyoneincludesanonymous' -Value 1;

    Installlation Script

    Start-Process "$PSScriptRoot\bin\2005_sp1_x64.exe" -ArgumentList "/q:a" -PassThru -Wait;
    Start-Process "$PSScriptRoot\bin\2010_sp1_x64.exe" -ArgumentList "/q" -PassThru -Wait;
    Start-Process "$PSScriptRoot\bin\2010_sp1_x86.exe" -ArgumentList "/q" -PassThru -Wait;
    Start-Process "$PSScriptRoot\bin\opc_core_components.msi" -ArgumentList "/q" -PassThru -Wait;
    Set-Service OpcEnum -StartupType Automatic -PassThru;
    Start-Process "$PSScriptRoot\bin\opc-server.exe" -ArgumentList "/s", "/f1""$PSScriptRoot\bin\setup.iss.install""" -PassThru ;
    $nid=(Get-Process codesys_server).id ;
    Wait-Process -Id $nid;

    Dockerfile

    FROM mcr.microsoft.com/windows/servercore:1809-amd64
    SHELL ["powershell","-command"]
    
    RUN mkdir C:\\install
    COPY .\\install C:\\install
    RUN	NET USER "user" "password" /ADD;\
    	NET USER "user" /logonpasswordchg:no;\
    	NET LOCALGROUP "Administrators" /ADD "codesys";\
    	WMIC useraccount WHERE Name=`'user`' SET Disabled=false;\
    	WMIC useraccount WHERE Name=`'user`' SET PasswordExpires=false;
    
    RUN C:\install\opc-server\<installation-script>.ps1;\
        C:\install\dcom_config\<config-script>.ps1;
    	
    RUN Remove-Item -Recurse -Force C:\install
    
    ENTRYPOINT $nid = (Get-Process opcserver-service).id;\
               Wait-Process -Id $nid;
    
    EXPOSE 135




    Friday, February 28, 2020 9:08 AM