Community
Participate
Working Groups
Steps To Reproduce: 1. Install AC 2. Add <ac>\bin to system path 3. Configure AC (by running SetConfig.bat) 4. Run ACServer.exe The AC fails to start saying: Error starting transport layers, Agent controller exiting. See servicelog.log for error report.
Created attachment 55584 [details] AC service log file Attached AC log file
Assigning to Igor and targetting 4.2.2. Igor turned on logging in TransportSupportSharedMem.c giving the following output: C:\Apps\ac\4.3.0\bin>acserver Create pipe(\\.\pipe\IBMAC\acmasterlog) option(0) Create pipe(\\.\pipe\IBMAC\acmaster) option(0) ipcMemCreate... Shared mem name(acbuffer) size(1048576) Shared mem error(-514) Error starting transport layers, Agent controller exiting. See servicelog.log for error report. The Error number -514 corresponds to OSS_ERR_IPC_CREATE_MAP_FAILED in osserror.h. Kevin suggests the problem may be in a difference in security setting requirements of Vista when creating the shared mem.
*** Bug 168287 has been marked as a duplicate of this bug. ***
Karla and Igor, I think this is a severe problem and should be raise to critical/blocker. Majority of TPTP function is not working without RAC and IAC support on this platform.
Given Vista support is a requirement of 4.2.2, I agree that this is a blocker.
Created attachment 55822 [details] The patch changes the name of shared memomory block The patch changes the name of shared memomory block under Windows from Global\OSSMEMacbuffer to Global/OSSMEMacbuffer. It seems that Vista doesn't like back slashes. With original name, Win API call CreateFileMapping() gives errcode=5 (access denied)
(In reply to comment #6) The patch affects Windows only. I've tested it on Vista and XP.
I have reviewed the changes but I have a concern. The Microsoft Platform SDK has never indicated that "/" is a valid namespace separator (please see http://msdn2.microsoft.com/en-us/library/aa366537.aspx). It says that "The remainder of the name can contain any character except the backslash character (\)". That may hint that "/" is being treated as a normal character - not a namespace separator. My guess that this fix seems to work because it does not use namespace at all. I do not have a machine running Windows Terminal Service to test my namespace theory but I guess we should follow the documented API specified by the Microsoft Platform SDK.
In my experience, the "\" is only required when separating the drive name from the directory pathname, such that "C:\tmp\foo" is equivalent to "C:\tmp/foo", and both are acceptable to Windows. Check out this article. In the section “General Guidelines for Supporting Long Filenames” it says you can use either backslash or forward slash as a separator and it is supported by all Windows OS's. http://msdn2.microsoft.com/en-us/library/ms810456.aspx
*** Bug 167747 has been marked as a duplicate of this bug. ***
Several people who have been doing preliminary testing with Vista have reported the need to "Run as administrator" when starting ACServer in order to have a functioning AC. Note that, as part of the User Account Control feature of Vista, logging in as a user in the Administrator group does *not* grant an elevated permission token to applications that you launch. There are several ways to go about getting elevated privileges, and I'll make a suggestion below. Lots of information about the User Account Control feature can be found at http://technet.microsoft.com/en-us/windowsvista/aa905108.aspx There are some tools provided by Microsoft to help determine why a program fails to run when not run as administrator on Vista. I ran ACServer.exe using the "Standard User Analyzer" tool ( http://www.microsoft.com/downloads/details.aspx?FamilyID=df59b474-c0b7-4422-8c70-b0d9d3d2f575&DisplayLang=en ) and am attaching the log files generated. Among the many transgressions identified, you can see the use of a restricted namespace ("Global") as one of the operations that requires elevated privileges. So I agree with Samson's suggestion that removing the use of the backslash is not a good solution. Given the things that have been identified by the Standard User Analyzer as privileged operations, I think it's fair to say the the agent controller routinely performs privileged operations, and at least in the short term, we should consider building it with a manifest that indicates that the process requires administrative privileges. I have seen some notes on how to do this properly, and the most detailed explanation appears in the windows vista developer story help file, which can be downloaded from microsoft here: http://download.microsoft.com/download/D/9/B/D9BEB875-BC1D-4338-A655-251F4F353B2E/Top10Wave.exe From the resulting help file, read the topic Fundamentals -> Secure Applications -> Developing Secure Applications -> User Account Control -> Desiging UAC Applications for Windows Vista -> Step 6: Create and Embed an Application Manifest. Note the special steps required to ensure that the resulting spplication will still run properly on Windows XP. In parallel to this, I think we should have a moderated discussion about the implications of requiring administrative privs for the agent controller. I have serious doubts that we could refactor the AC to remove the need for any privileged operations, but I still think it's important that we investigate this.
Created attachment 55930 [details] Archive of log files from Standard User Analyzer monitoring ACServer.exe on Vista
Testing AC on Vista shows the following: - Any ordinary user can launch AC if "Create global objects" option is set for this user or for his group or for "INTERACTIVE" (same as in XP) in Local Security Policy. - Built-in "Administrator" has no restrictions to launch AC (assuming that security setting "Admin Approval Mode for the Build-in Administrator account" has default (unchecked) value). - Other administrative logins (members of "Administrators" group) can launch AC if security setting "Run all administrators in Admin Approval Mode" is unchecked (this is the new Windows security feature introduced in Vista). - With default security settings AC can be launched as Local Service. So AC can be launched as Local Service or by adjustment of Local Security Policy settings without changing of source code.
Step by step more detailed instructions to set necessary security policy: 1. To open "Local Security Policy" component please click: Start > Control Panel > System and Maintanence > Administrative Tools > Local Security Policy 2. At left panel select "Local Policies" > "User Rights Assignment" 3. At right panel open "Create global object" by double click 4. Add required user or group or built-in security principles category (for example "INTERACTIVE" as done by default in Windows XP) 5. Save settings 6. Log off and log-in as required user
I was successful in running the RAC and IAC using the steps outlined in Comment #14. I was able to Profiling an external Application I was able to Import a remote/local log file I was able to Attach to a remote/local agent and profile an application All of the above scenario's were tested with security enabled where applicable using the TPTP-4.2.2-200701111735 Build.
Marking this bug as fixed for 4.2.2 since the options suggested by Igor are sufficent for Vista "tolerance" which is what has been agreed to for this release. (Note that the patch was not used, there is no code change for this 'fix', just a release note as called out in the depends on bug.) Opened bug 170572 to address the problem of trying to eliminate admin privileges.
As of TPTP 4.6.0, TPTP is in maintenance mode and focusing on improving quality by resolving relevant enhancements/defects and increasing test coverage through test creation, automation, Build Verification Tests (BVTs), and expanded run-time execution. As part of the TPTP Bugzilla housecleaning process (see http://wiki.eclipse.org/Bugzilla_Housecleaning_Processes), this enhancement/defect is verified/closed by the Project Lead since this enhancement/defect has been resolved and unverified for more than 1 year and considered to be fixed. If this enhancement/defect is still unresolved and reproducible in the latest TPTP release (http://www.eclipse.org/tptp/home/downloads/), please re-open.
