| Dart Home | PowerTCP SSL for ActiveX | Custom Development | Reply | PowerTCP SSL for ActiveX Topics | Forums |
| Author | Forum: PowerTCP SSL for ActiveX Topic: Problem running secure FTP client as a service |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 7, 2003 11:24 AM It never rains but it pours :-) Having fixed my problem of earlier, I can now call my dll from a test exe and it can connect, download and upload successfully. However, when I try to call the dll from the service under which it will be running when live, I get the error, "10057 - Receive or Send method failed. The socket is not connected." Both the user that I logged in as and the user that the service is running as have the same permissions assigned. Can you help. |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 7, 2003 11:32 AM What method causes that error? |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 7, 2003 11:37 AM Login |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 7, 2003 11:42 AM One way that could occur would be if the connection was established, greeting was received, then connection was closed before we sent "USER username". Another might be that the security negotiation failed for some reason. Try using the trace event to create a log so you can see exactly what was sent and received prior to the error. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 7, 2003 11:44 AM The log contains the following lines: Recv: 220 gb02qds030iefx7 IE-FTP server (v4r2mY.e) ready on system EUR. Send: AUTH SSL Recv: 234 AUTH command accepted - proceed with Negotiation. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 7, 2003 11:51 AM There's something wrong with the authentication process. Put code in the Authentication event to check the values of all the booleans passed in. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 7, 2003 12:04 PM When I call the component from the exe, all four booleans are true. When I call it from the service, the authenticate event doesn't even get raised. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 7, 2003 1:06 PM For some reason the server is closing the connection. Is there someone responsible for your FTP server that can help you with this? Maybe check logs to see if something is different about the session as an exe as opposed to a servr? Otherwise, the only way I can think to troubleshoot this is if you write a very simple sample app that shows the problem. In which case we would need access to the FTP server. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 8, 2003 4:23 AM I've changed the service to be running as the administrator (rather than just a user in the same groups as the administrator) and it works fine. I'd rather not have the main service running as the administrator because of security issues, so can you think of what special permissions the administrator might have that would allow it to work where another user would fail? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 8, 2003 9:02 AM It must be the Certificate store. The admin can open the Certificate but the user can't. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 9, 2003 5:54 AM Is it possible to alter the permissions on the certificate store or the specific certificate to allow other users to access it? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 9, 2003 8:46 AM Sorry for not asking this earlier, but is the certificate in the local machine store or the current user? It should be in local machine. In fact this forum uses a certificate from the machine store and it works fine. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 9, 2003 9:37 AM The certificate is in the local machine root store. I've tried it in the current user root store as well, but that doesn't work either. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 9, 2003 9:40 AM That could be the problem. I think ROOT is for CA certs, not the actual server cert. Try using the MY store. I always use certs in the store that has the name "MY" and location of LocalMachine. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 9, 2003 9:52 AM It can't find the certificate at all now. I'm putting it into the Certificates (Local Machine > Personal > Certificates store in MMC - is this the "MY" local machine store. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 9, 2003 10:11 AM Yes, that's the place. How exactly are you "putting it into" the store? |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 9, 2003 10:19 AM I just copied and pasted the one from the root store into the personal store in MMC. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 9, 2003 10:31 AM I'm not sure if that works. You may have to export it and then import it. If that doesn't work, try making a new certificate. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 9, 2003 10:50 AM When I try to import the certificate, I don't get a personal local machine option - only a registry option. A can however, import it directly into the root local machine store. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 9, 2003 10:58 AM Sorry, but I don't know of a way to change that behavior. I would suggest getting another certificate and generating the request so that it can be installed into proper store. |
| Shep_ From: Witney, United Kingdom Posts: 17 Member Since: 09/24/03 |
posted October 10, 2003 11:51 AM Just so you know (in case someone else asks you), it seems that the certificate in the root store can only be used by the user that imports it. When I import the certificate as the user that the service runs as, it all works fine. Thanks for all your help. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 10, 2003 12:11 PM Thanks for the followup! |
| Reply | PowerTCP SSL for ActiveX Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|