Microsoft KB Archive/170364

= FIX: CoRegisterClassObject Fails with CO_E_WRONG_SERVER_IDENTITY =

Article ID: 170364

Article Last Modified on 7/11/2005

-

APPLIES TO


 * Microsoft OLE 4.0, when used with:
 * Microsoft Platform Software Development Kit-January 2000 Edition

-



This article was previously published under Q170364



SYMPTOMS
The CoRegisterClassObject API fails with the error "CO_E_WRONG_SERVER_IDENTITY" under the following conditions:

 If the COM server calling the API is set to run under the "Interactive User" identity. -and-

  The string for the following named value contains any value other than a single valid executable name for the shell process.   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell= 



RESOLUTION
This bug can be avoided by making sure that the shell-named value has only one string representing the valid process .exe name associated with it. The shell-named value contains the string "Explorer.exe" by default. The problem occurs if the shell-named value has been modified and is not a string representing the valid .exe name for a single-shell process. In particular, multiple .exe names (such as "Explorer.exe cmd.exe"), command line switches for a single valid .exe (such as "Explorer.exe /s"), or no valid .exe name (a bogus shell name or a NULL string) will result in this error.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was corrected in Windows NT 4.0 Service Pack 4.



MORE INFORMATION
The implementation of CoRegisterClassObject checks to see if the the security identity of the process (COM server) that is calling it matches the security identity that the class is registered to run under.When the server is set to run under the "Interactive User" identity, CoRegisterClassObject must determine dynamically the identity of the current interactive user in order to make the comparison. To do that, the implementation of the API will compare the security identity of the calling process with the security identity of the running process named in the shell-named value to ensure that they match. At the present time, COM assumes that the shell value is a single valid .exe name that has been launched by Winlogon as the interactive user's primary process. When the string for this value contains multiple substrings or no string exists for this value, COM is unable to find a process running as the interactive user and the security comparison will always fail. As a result, the API will incorrectly return the error. (See the References section for a KB article that describes the circumstances under which CoRegisterClassObject correctly returns the CO_E_WRONG_SERVER_IDENTITY error code.)

One of the reasons why this named value contains substrings is that you need to start the shell process with a command line parameter. For example "Explorer.exe cmd.exe" starts Explorer.exe as the shell and passes cmd.exe as a command line parameter to Explorer.exe, which in turn causes Explorer to spawn cmd.exe. You can work around this requirement by adding cmd.exe to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key in the registry which is more appropriate for this purpose.

