TD7.6, XP SP2平台上“Access is denied”的解决方案

crimson · 发表于 2006-11-13 16:31:25

TD server和host可以互相ping通，但是当我在test lab里面试图运行某个脚本在host机器上的时候，就会报“Access is denied”.在网上搜索了一下，没有什么解决方案（保证两台机器是通的）。请问有人有相似经验吗？该如何解决，谢谢了

updated:
又仔细google了一下，有官方的解决方案，我试过，虽然很复杂，但确实管用。贴上来与大家共享：）
http://kb-index.mercury.com/web/queries/ReadFile.asp?product=TD&Conceptid=33501&Print=friendly

Problem ID: 33501

--------------------------------------------------------------------------------
Product:
TestDirector 8.0
TestDirector for Quality Center 8.2
TestDirector for Quality Center 9.0
DB(s):
Not Relevant

Topics:
Integrating with Astra QuickTest / QuickTest Professional
Integrating with WinRunner
Error Messages
Integrating with QuickTest Professional
Integrating with VAPI-XP
Integrating with Business Process Testing
OS:
Windows XP

Creation Date:
14 Aug 2004  Last Modified Date:
18 Sep 2006

--------------------------------------------------------------------------------

Problem Description: Error: "RPC server is unavailable" or "Access is denied" during remote execution of automated scripts on Windows XP SP2

The user receives the following error message when executing a automated script remotely after installing Windows XP SP2:

"The RPC server is unavailable."

or

"Access is denied."

Executing the script locally works correctly.

Diagnosis: Security changes in Windows XP SP2 have blocked the remote agent of the testing tool from being launched. This caused the failure of the automated script execution.

Note: Windows XP SP2 is supported with TestDirector 8.0 SP2 and TestDirector for Quality Center 8.2 and above only. For more information on supported operating systems, please refer to the links below:
Problem ID 44879 - What are the system requirements for TestDirector for Quality Center 9.0
Problem ID 36167 - What are the system requirements for Quality Center 8.2
Problem ID 25963 - What are the system requirements for TestDirector 8.0

--------------------------------------------------------------------------------

Solution: Change the DCOM permissions on the Windows XP SP2 client to allow for remote execution

Notes:

The security changes suggested below should be applied by your System Administrator. Please contact Microsoft Support if you have questions regarding changes in DCOM securities caused by installing Windows XP SP2.

If you disable the firewall installed with Windows XP SP2, you do not need to apply the steps in Part II below. However, a utility (CPT33502C.zip) has been created to automate the steps for opening the ports outlined in Part II.

Part III - VI can be applied automatically by running the attached batch file included in CPT33502B.zip. You will need to extract the contents of this zip file to a temp directory and execute the SetWRandQTPIPDCOM.bat file. The batch file (CPT33502B.zip) will use the dcomperm.exe (CPT33502D.zip) provided by Microsoft to update the DCOM properties of the remote agents for WR, QTP, BPT, System Test, and VAPI-XP. Your system administrator should be able to run this batch file across the network to update each Windows XP SP2 machine. If you apply the batch file, you do not need to implement the steps in Part III - VI below.
The following is the manual process for openning the firewall ports and modifying the DCOM properties for WR, QTP, BPT, System Test, and VAPI-XP.

Part I:
Add both machines into the same domain. For the domain users logged into both machines, add these domain users to the Local Administrators group on the QTP/WR machine. This is required for Windows to authenticate the remote user executing the tests against the DCOM objects.

Part II:
On the Testing Tool client machine configure Windows Firewall to allow Port 135 for DCOM:
1. Select Start -> Control Panel -> Windows Firewall.
2. Navigate to the Exceptions tab.
3. Configure the Remote Agent to be allowed under "Programs and Services." Configuration should be done for each testing tools as given below:

WinRunner Remote Agent (path: <System Drive>:\Program Files\Common Files\Mercury Interactive\WR_Remoter\wrrmtsrv.exe)
QuickTest Professional Remote Agent (path: <System Drive>:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe)
Execution Agent for Business Process Testing (path: <System Drive>:\Program Files\Common Files\Mercury Interactive\TD2000_80\bp_exec_agent.exe)
4. Click on <Add Port> and add the DCOM TCP port 135 to the Exceptions list.
Note: The WR remote agent is a DCOM object and requires port 135 to work. The list of "Port Assignments for Commonly-Used Services" is provided in the URL below:
http://www.microsoft.com/resourc ... t/cnfc_por_SIMW.asp

Part III:
Modify DCOM Security Properties:
1. Select Start -> Run and enter dcomcnfg.
2. Navigate to Console Root -> Component Services -> Computers -> My Computer.
Note: If Windows Security Alert dialog window appears, click on <Ask me later> or <Unblock>.
3. Right-click on My Computers and select "Properties."
4. Navigate to the Default Properties tab.
5. Make sure the Default Impersonation Level is "Identify."
6. Click <Apply>.
7. Navigate to the Defualt COM Security tab.
8. Under Access Permissions, click on <Edit Limits>. The Access Permission dialog window appears.
9. Click on <Add>. The Select Users or Groups dialog windows appear.
10. Click on <Advanced>.
11. Click on <Find Now>.
12. Add the following groups and users from the local machine (below is an example screenshot):

Administrator
Administrators
Authenticated User
Anonymous Logon
Everyone
Interactive
Network
System

13. Click <OK>.
14. Add the following groups and users from the domain:

<tdomain user logged into the QTP/WR box>
<domain user logged into the TD client box executing the remote execution>

15. Click <OK>.
16. Give "Local Access" and "Remote Access" permissions to the groups and users.
17. Click <OK>.
18. Under Access Permissions, repeat steps 9-17 for <Edit Default>.
19. Under Launch and Activation Permissions, click on <Edit Limits>. The Launch Permission dialog window appears.
20. Repeat steps 9-15.
21. Enable "Local Launch," "Remote Launch," "Local Activation," and "Remote Activation" permissions to the groups and users.
22. Click <OK>.
23. Repeat steps 20-22 for <Edit Default>.
Part IV: (for QTP only)
1. While still in the Component Services window, navigate to Console Root -> Component Services -> Computers -> My Computer -> DCOM Config.
2. Look for the following.

AQTRmtAgent
QuickTest Professional Automation
TlpRmtServer

3. For each of these DCOM applications, right click and select <Properties>.
4. Under the Identity tab, select <The Interactive User>. This will allow the DCOM application to authenticate the process against the logged in Windows user and run the process in that security context.
5. Next, go to the Security tab.
6. For both the <Launch and Activation Permissions> and <Access Permissions>, select <Use Default>. This will use the Default security settings as we did in Part III.
7. Click Apply, then OK to commit the changes.
8. Now, you are ready to run a remote execution test with QTP.
Example Screenshot of the Security Configuration (see word attachment)
Part V: (for WR only)
1. While still in the Component Services window, navigate to Console Root -> Component Services -> Computers -> My Computer -> DCOM Config.
2. Look for the following:

{0B171F02-F204-11D0-9398-0080C837F11F}
Wrun Document

3. For each of these DCOM applications, right click and select <Properties>.
4. Under the Identity tab, select <The Interactive User>. This will allow the DCOM application to authenticate the process against the logged in Windows user and run the process in that security context.
5. Next, go to the Security tab.
6. For both the <Launch and Activation Permissions> and <Access Permissions>, select <Use Default>. This will use the Default security settings as we did in Part III.
7. Click Apply, then OK to commit the changes.
8. Now, you are ready to run a remote execution test with WR.
Part VI: (For System Test, BPT, and VAPI-XP)
Repeat the procedure outlined in Part V above but replace the WR Application ID in step 2 with the appropriate one for each of the remote agent listed below:

Vapi-XP object
{CD70EDCE-7777-11D2-9509-0080C82DD192}

Business Process Testing object
{6A03829E-EC39-4802-A631-3841484EFBE3}

System Test Remote Agent
{1B78CAE4-A6A8-11D5-9D7A-000102E1A2A2}

Notes:

If you have not configured the Remote Agent to be allowed under "Programs and Services," a Windows Security Alert message will appear while running a test remotely. Click <Unblock> to resolve this problem. The next time you execute an automated script, the warning will not appear.
If after performing all the described steps and you still receive "The RPC server is unavailable" message, create some shared folder anywhere on the Testing Tool machine.
Below is a list of supported Mercury's Testing Tools on Windows XP SP2:

TestDirector Version Testing Tool Testing tool versions
TestDirector for Quality Center 8.2 QuickTest Professional 8.2
  WinRunner 8.0, 8.2
  Business Process Testing 8.2
TestDirector 8.0 SP2 QuickTest Professional 8.2
  WinRunner 8.0, 8.2

[ 本帖最后由 crimson 于 2006-11-13 17:30 编辑 ]