C# WMI Multi hop
I wrote a C# code to synchronize some Analysis Services cubes.
One of the phases of this synchronization is copying a folder from an AS server's to another.
The requirement is that the synchronization can be run from a third host, so we have a double hop.
To copy the folder I connect from an host A to the AS source, on the server B, using the WMI protocol, then I remotely run, on the server B, robocopy to copy the folder from the Source B to the destination server C.
The problem is that when the robocopy is performed the connection has not the original credentials and it has not the rights to write on the destination server. I think that ANONYMOUS LOGON user is used to perform the action, so, just for testing purposes, I assigned it the writing rights on the share C, but also in this way robocopy fails with ERROR 5 (0x00000005) Accessing Destination Directory.
There's a way to perform this double hop or I have to leave the idea of use the host A?
@Liam is correct. This is only partially a programming issue. The major problem is that your 2nd hop (the connection from B to C from A) requires delegation to be enabled in AD. Once you've gotten your delegation settings correct, THEN it becomes a programming issue because you must specify a username and password in your SWbemLocater.ConnectServer call, but that's the really easy part.
PS - As an after thought...what if you set up the robocopy as a scheduled task, then executed the scheduled task remotely from A? I think that could be a work around since the scheduled task would be running with the authority that gets set in the task, so technically, there is no second hop.
PPS - I can verify that this will work. Create a scheduled task on B that copies to C. Make sure to use credentials that have rights on both machines. Then from A you can run the scheduled task on B which will copy your data to C. This avoids the delegation issue.