FIX: CoRegisterClassObject Fails with CO_E_WRONG_SERVER_IDENTITY (170364)
The information in this article applies to:
- Microsoft OLE Libraries, when used with:
- Microsoft Platform Software Development Kit (SDK) 1.0
This article was previously published under Q170364 SYMPTOMS
The CoRegisterClassObject() API fails with the error
"CO_E_WRONG_SERVER_IDENTITY" under the following conditions: - If the COM server calling the API is set to run under the "Interactive
User" identity.
-and-
- The string for the following named value contains any value other than a
single valid executable name for the shell process.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell=
RESOLUTION
This bug can be avoided by making sure that the shell-named value has only
one string representing the valid process .exe name associated with it. The
shell-named value contains the string "Explorer.exe" by default. The
problem occurs if the shell-named value has been modified and is not a
string representing the valid .exe name for a single-shell process. In
particular, multiple .exe names (such as "Explorer.exe cmd.exe"), command
line switches for a single valid .exe (such as "Explorer.exe /s"), or no
valid .exe name (a bogus shell name or a NULL string) will result in this
error.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
This problem was corrected in Windows NT 4.0 Service Pack 4.
MORE INFORMATION
The implementation of CoRegisterClassObject() checks to see if the the
security identity of the process (COM server) that is calling it matches
the security identity that the class is registered to run under.When the
server is set to run under the "Interactive User" identity,
CoRegisterClassObject() must determine dynamically the identity of the
current interactive user in order to make the comparison. To do that, the
implementation of the API will compare the security identity of the calling
process with the security identity of the running process named in the
shell-named value to ensure that they match. At the present time, COM
assumes that the shell value is a single valid .exe name that has been
launched by Winlogon as the interactive user's primary process. When the
string for this value contains multiple substrings or no string exists for
this value, COM is unable to find a process running as the interactive user
and the security comparison will always fail. As a result, the API will
incorrectly return the error. (See the References section for a KB article
that describes the circumstances under which CoRegisterClassObject()
correctly returns the CO_E_WRONG_SERVER_IDENTITY error code.)
One of the reasons why this named value contains substrings is that you
need to start the shell process with a command line parameter. For example
"Explorer.exe cmd.exe" starts Explorer.exe as the shell and passes cmd.exe
as a command line parameter to Explorer.exe, which in turn causes Explorer
to spawn cmd.exe. You can work around this requirement by adding cmd.exe to
the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key in
the registry which is more appropriate for this purpose.
REFERENCES
For additional information, please see the following article(s) in the
Microsoft Knowledge Base:
169321 INFO: COM Servers Activation and NT Windows Stations
Modification Type: | Minor | Last Reviewed: | 7/11/2005 |
---|
Keywords: | kbAPI kbbug kbfix kbKernBase kbOSWinNT400sp4fix kbRegistry KB170364 |
---|
|