Jason
Guest
|
 Posted:
Thu Oct 20, 2005 8:30 pm Post subject:
Sourcing from remote storage and the Anonymous plug-in |
|
|
This is a post for discussion and/or reference for other users having
the same issue. This all came about trying to serve files stored on a
cifs share of a NetApp (network appliance file server). Since netapps
just emulate ntfs acls and such, it can be a real pain at times. I
stumbled across the sourcing remote content article and i was up and
running within minutes. I had issues since I left the NTFS ACL
autherization plugin enabled on the top level. Aparently, the account
running WMS (network service) doesn't play well with other machines.
Once I got passed all that, i ran into anonymous user errors. I
believe they all stemmed from the same issue. Read below...
I tried to source content from remote storage using the steps/guides
listed in the article:
http://www.microsoft.com/windows/windowsmedia/howto/articles/SourcingRemoteContent.aspx
I've run into an issue with step 6 on "Server, remote device or both in
workgroups."
The guide says to:
Give the common user appropriate permissions on folders, services,
registry keys, and processes that Windows Media Services logs on to,
including the following:
* Read permission on the following registry key, in order for
anonymous username, distribution, and proxy credentials to be read:
HKLM\Software\Microsoft\Windows Media\Server\Namespace\Storage
I gave the account running WMS read permissions on the
namespace\storage key but, if I ever added/modified a publishing point,
the WMS Anonymous User Authentication plug-in would fail and give the
following errors:
The plug-in has reported an error. See the Troubleshooting tab or the
NT Application Event Log for details. Error Code: 0xc00d157d
The troubleshooting tab listed: 'WMS Anonymous User Authentication'
Access is denied and the Application Event Log reported: Server failed
with the following information: Error code = 0x80070005, Error text =
''WMS Anonymous User Authentication' Access is denied. '.
All of the goes away if you grant the account running WMS full control
over the registry key:
HKLM\Software\Microsoft\Windows Media\Server\Namespace\Storage
Not sure if it represents a security risk, but consider that Network
Service has full rights to that key and that's the account WMS normally
runs under.
All you WMS experts out there (Ravi..) - please speak up and let me
know if this is a bug/mistake on the article's part. Drove me crazy
till I found this solution...
|
|
Ravi Raman
Guest
|
| Posted:
Thu Oct 27, 2005 8:30 am Post subject:
RE: Sourcing from remote storage and the Anonymous plug-in |
|
|
Jason,
I haven't read that article (and I probably won't be able to for the next
few weeks). But the simple fact that I know is that that registry key is
where the Windows Media Services "writes" the anonymous username/password
(encrypted of course) - so if the account under which WMS runs does not have
write access to the key, it will fail to change the Anonymous user account
successfully (which is probably what you are seeing).
I will track this when I have the time and see if the article needs to be
changed...
Ravi
"Jason" wrote:
| Quote: | This is a post for discussion and/or reference for other users having
the same issue. This all came about trying to serve files stored on a
cifs share of a NetApp (network appliance file server). Since netapps
just emulate ntfs acls and such, it can be a real pain at times. I
stumbled across the sourcing remote content article and i was up and
running within minutes. I had issues since I left the NTFS ACL
autherization plugin enabled on the top level. Aparently, the account
running WMS (network service) doesn't play well with other machines.
Once I got passed all that, i ran into anonymous user errors. I
believe they all stemmed from the same issue. Read below...
I tried to source content from remote storage using the steps/guides
listed in the article:
http://www.microsoft.com/windows/windowsmedia/howto/articles/SourcingRemoteContent.aspx
I've run into an issue with step 6 on "Server, remote device or both in
workgroups."
The guide says to:
Give the common user appropriate permissions on folders, services,
registry keys, and processes that Windows Media Services logs on to,
including the following:
* Read permission on the following registry key, in order for
anonymous username, distribution, and proxy credentials to be read:
HKLM\Software\Microsoft\Windows Media\Server\Namespace\Storage
I gave the account running WMS read permissions on the
namespace\storage key but, if I ever added/modified a publishing point,
the WMS Anonymous User Authentication plug-in would fail and give the
following errors:
The plug-in has reported an error. See the Troubleshooting tab or the
NT Application Event Log for details. Error Code: 0xc00d157d
The troubleshooting tab listed: 'WMS Anonymous User Authentication'
Access is denied and the Application Event Log reported: Server failed
with the following information: Error code = 0x80070005, Error text =
''WMS Anonymous User Authentication' Access is denied. '.
All of the goes away if you grant the account running WMS full control
over the registry key:
HKLM\Software\Microsoft\Windows Media\Server\Namespace\Storage
Not sure if it represents a security risk, but consider that Network
Service has full rights to that key and that's the account WMS normally
runs under.
All you WMS experts out there (Ravi..) - please speak up and let me
know if this is a bug/mistake on the article's part. Drove me crazy
till I found this solution...
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in