Bookshelf Home | Contents | Index | PDF     

Siebel Server Sync Guide > Configuring Siebel Server Sync for Microsoft Exchange Server >

Configuring DCOM Exchange Connector Application Security

You must configure security settings for the SSPICNEA and the SSPICNFM applications on each computer on which the DCOM Exchange Connector runs. You must also configure access to the PIMSI Engine component for the DCOM Exchange Connector application. These configuration tasks are described in this topic.

This task is a step in Process of Configuring the DCOM Exchange Connector.

Figure 5 illustrates the access settings that you must configure for the DCOM Exchange Connector application.

Figure 5. DCOM Exchange Connector Application Access Requirements
Click for full size image

NOTE:  The PIMSI Engine and the Exchange Connector can run using the same user account or using different user accounts.

About Security Settings for the SSPICNEA Application

The SSPICNEA application is the DCOM Exchange Connector application that synchronizes data in Microsoft Exchange user mailboxes.

Table 14 lists the DCOM settings you must specify for the SSPICNEA application.

Table 14. DCOM Configuration Settings for SSPICNEA (DCOM Exchange Connector Application)
Security Setting
Required by Users
Explanation

Allow Access

PIMSI Engine user and Exchange Connector user

Both PIMSI Engine processes and SSPICNFM processes make RPC calls to methods in SSPICNEA.

Allow Launch

Exchange Connector user account

SSPICNFM has the identity of the Exchange Connector user. SSPICNFM launches SSPICNEA.

Identity

Exchange Connector user account

The SSPICNEA application uses the Exchange Connector user account. This user account also has access rights for the Microsoft Exchange mailboxes.

NOTE:  The DCOM Exchange Connector application, SSPICNEA, makes RPC calls to the PIMSI Engine. Therefore, all PIMSI Engine computers must grant default DCOM security access to the Exchange Connector user account. Procedures for granting this access follow the procedure for configuring Exchange Connector DCOM settings, as described in Configuring the Exchange Connector DCOM Settings.

About Security Settings for the SSPICNFM Application

The SSPICNFM application is the file moniker application, which allows PIMSI Engine instances to work with DCOM Exchange Connector application instances.

Table 15 lists the DCOM settings you must specify for the SSPICNFM application.

Table 15. DCOM Configuration Settings for SSPICNFM (File Moniker Application)
Security Setting
Required by Users
Explanation

Allow Access

PIMSI Engine user account

PIMSI Engine processes run under the PIMSI Engine user account. PIMSI Engine makes RPC calls to methods in SSPICNFM.

Allow Launch

PIMSI Engine user account

PIMSI Engine launches SSPICNFM.

Identity

Exchange Connector user account

Connector components run under the Exchange Connector user account.

Configuring the Exchange Connector DCOM Settings

The following procedure provides detailed instructions for configuring the individual DCOM settings.

To configure Exchange Connector application DCOM security

  1. On each computer where you have installed DCOM Exchange Connector software and where you plan to run the DCOM Exchange Connector applications, from the Windows Start menu, choose Run, enter dcomcnfg.exe, and then click OK.

    Depending on the version of dcomcnfg.exe that you run, you might have to navigate within the dcomcnfg.exe application to a location such as Console Root, Component Services, Computers, My Computer, and then DCOM Config.

    If one or more DCOM Configuration Warnings are displayed, click No.

  2. In the Distributed COM Configuration Properties dialog box, on the Applications tab, select sspicnea, and then click Properties.

    If your version of dcomcnfg.exe does not display an Applications tab, select the sspicnea application in the right pane, and then right-click and choose Properties.

  3. On the General tab of the Properties dialog box, verify the following:
    • That Application type is set to local server
    • That the local path is set to the correct location for the sspicnea application

      If the path or application type is incorrect, you must close the dcomcnfg application, reregister all Siebel DCOM Exchange Connector components, and restart dcomcnfg. To reregister Siebel DCOM Exchange Connector components, perform the following substeps:

    1. Open a Command Prompt window and navigate to install_directory\siebsrvr\bin, where install_directory is the installation directory for the Siebel Server software.
    2. Enter the following commands:

    sspicnea.exe /RegServer
    regsvr32 sspicneaps.dll
    sspicnfm.exe /RegServer
    regsvr32 sspicnfmps.dll
    regsvr32 sspicnexps.dll

    These commands register, respectively, the connector application, the proxy-stub component for the connector application, the file moniker, the proxy-stub component for the file moniker, and the proxy-stub component of the connector plug-in.

    NOTE:  Register the DCOM Exchange Connector components in the system registry of all computers that run the DCOM Exchange Connector applications.

  4. In the sspicnea Properties dialog box, click the Location tab, select Run application on this computer, and clear all other check boxes.
  5. Click the Security tab, select one of the following settings (the wording depends on your software version), and then click Edit:
    • Use custom access permissions.
    • Customize in the Access Permissions area.
  6. Inspect the Registry Value Permissions dialog box to see if the user accounts under which the PIMSI Engine and Exchange Connector run have access to the sspicnea application.

    If necessary, add these user accounts and specify Allow Access. Then click OK to return to the Properties dialog box.

  7. On the Security tab, select one of the following settings (the wording depends on your software version), and then click Edit:
    • Use custom launch permissions.
    • Select Customize in the Launch Permissions area.
  8. Inspect the Registry Value Permissions dialog box to see if the user account under which the Exchange Connector runs has permission to launch the sspicnea application.

    If necessary, add this user account and specify Allow Launch. Then click OK to return to the Properties dialog box.

  9. Click the Identity tab, click This User, specify the user name and password for the user account under which the Exchange Connector application runs, and then click Apply and OK.

    NOTE:  Specifying this user account allows the connector application to be authenticated in the Windows domain. You must specify the domain as part of the user name, using the format domain_name\user_name. The credential that is used must be a user account that has local administrator privileges on the computer where the DCOM Exchange Connector application runs, and that has the correct privileges for reading Microsoft Exchange mailboxes.

  10. Repeat Step 2 through Step 9, substituting sspicnfm for sspicnea in all steps, and making the following additional changes:
    1. In Step 6, only the PIMSI Engine user account requires access to the sspicnfm application.
    2. In Step 8, only the PIMSI Engine user account requires permission to launch the sspicnfm application, instead of the Exchange Connector user.

Table 16 lists the Windows 2003 Registry path settings you have to verify.

Table 16. DCOM Exchange Connector Information to Verify in the Windows Registry
Exchange Connector File
Windows Registry Path to Verify

sspicneaps.dll

HKEY_CLASSES_ROOT\CLSID\{9DFC7C99-727C-11D7-BF98-CDAEB956EB35}\InProcServer32

sspicnexps.dll

HKEY_CLASSES_ROOT\CLSID\{2056A863-A523-4247-9347-F884E53D9974}\InProcServer32

sspicnfm.exe

HKEY_CLASSES_ROOT\CLSID\{D9E08991-7245-11D7-BF98-CDAEB956EB35}\LocalServer32

sspicnfmps.dll

HKEY_CLASSES_ROOT\CLSID\{D9E08990-7245-11D7-BF98-CDAEB956EB35}\InProcServer32

Configuring Access to the PIMSI Engine for the DCOM Exchange Connector

You must complete an additional task to configure access to the PIMSI Engine component for the DCOM Exchange Connector application. The following procedure provides instructions for this configuration task for a Windows 2003 environment.

To configure access to the PIMSI Engine for the DCOM Exchange Connector

  1. On each computer that runs the PIMSI Engine component, from the Windows Start menu, choose Run, enter dcomcnfg.exe, and then click OK.
  2. Within the dcomcnfg application, navigate to Console Root, Component Services, Computers, and then My Computer.

    If one or more DCOM Configuration Warnings are displayed, click No.

  3. Right-click My Computer and select Properties.
  4. Click the Default COM Security tab.
  5. In the Access Permissions area of the dialog box, click Edit Default.
  6. Add the user account that the Connector application will run under.
  7. Click OK twice.
    
Siebel Server Sync Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.