Solved

ASP error 0178 (0x80070005) - COM permission problem

Posted on 2001-08-23
10
1,387 Views
Last Modified: 2013-11-25
I have COM object that my client need to use from ASP pages.  The situation I have is:

1. The COM object runs fine under user account (e.g. from VB and Wsh)
2. The COM object runs fine from ASP if IIS anon account is a user account, such as local 'Administrator'.
3. The COM object runs fine from ASP on my developer environment, where IIS anon account is 'IUSR_machinename'.
4. The COM object fails to launch from ASP on my client's production (where IIS anon account is 'IUSR_machinename'), with ASP error 0178 (Server.CreateObject failed, permission denied).  The COM dll resides on his server locally, i.e. no DCOM.

Basically I want to know what exactly I'm supposed to do to make the COM object work on that production machine.  Here are the steps I've already taken:

1. I've set the security permission for the folder where the asp resides to 'readable' by 'everyone'.
2. I've set the security permission for the folder where the COM dll resides to 'readable' by 'everyone'.
3. I've set the IIS directory security to readable and selected 'scripts and executables'.
3. In dcomcfg, I've added IUSR_.. and IWAM_.. to default access (allowed).
4. In dcomcfg, I've added IUSR_.. and IWAM_.. to default launch permissions (allow launch).

.. But I couldn't make it work on his IIS.  Even worse, even when I tried to 'reverse' the procedure on my develop machine to reproduce the problem, I couldn't make it *not* work. (The dconcnfg stuff should be irrelevant anyway since it's COM and not DCOM.) After researching on the web, it seems like there's a way to set 'execute' permission or something for COM objects on IIS, but I can't find where/how to do it.  Any suggestions?
0
Comment
Question by:ttsuchi
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 7

Expert Comment

by:John844
ID: 6418414
try setting the permissions for the iusr_machineName on the production machine component.  I don't think that the IUSR account is part of the everyone group.
0
 
LVL 7

Expert Comment

by:John844
ID: 6418418
better yet, create a package in MTS or Com component manager.  You can then assign any user account to be used when running the component.
0
 
LVL 10

Expert Comment

by:eyal_mt
ID: 6418757
Maybe your COM object is trying to load a DLL that reside in another directory to which you do not have permission, such as MFC42.Dll etc.

In order to change the directory permission to exectute
open the internet service manager, select your directory, open its properties window, and the choose execute.(I don't think it will help you though)
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6418929
as sain include tha dll in a com+/mts package and assign an admin account to run the package..
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6418943
as sain= as said
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:ttsuchi
ID: 6420040
Thanks for the comments everyone. After I was looking at the configuration for the developer instance of IIS, I noticed that I was using 'Integrated Windows Authentication'..  Since I was testing everything from the IE browser on the same computer, I suspect that's why it still worked even after I denied read & exec priv on the dll for the IUSR_machine acct.  After I turned off Windows Auth, the ASP on the develop machine failed as expected. It still doesn't explain why it doesn't work on the production tho.  Since my clients use Windows Auth mode, maybe I have to make the dll readable by the domain users as well as IUSR_machine account?
I do use "advapi32.dll" in the COM object for reading registry values, but I think it should have 'everyone' readable (and IUSR_machine acct belongs to 'everyone' too, doesn't it?) That will be one more thing I can check in the production machine though.
Also, pardon my ignorance but what is COM+/MTS packager?  Is it part of .NET sdk or Visual Studio 6, and if so, where can I find it?

Thanks
0
 
LVL 20

Accepted Solution

by:
Silvers5 earned 200 total points
ID: 6420787
look how to fix this:
MTS is Microsoft Transaction Server.. it's on IIS4, COM+ is MTS but on IIS5... read how to set your package in MTS/COM+

Start the Component services..in the tree select computers.. mycomputer..com+ applications...right click on it--> new -> application.. now in the wizard click next and select an empty application -> name your package  leave it in server process and click next -> Select the user and enter an account with enough rights to fufill your com jobs (admin account for ex) -> Finish..

now in the tree expand the new package untill you see the component directory-> right click it -> select new component-> in the wizard click next.. you can either install a new component if it's not registred or install a registred one if you already registred your dll (you select the 2nd choice) -> Select your component from the list (internal name displayed) -> Finish..

and voila..


In MTS (IIS4)

Start MMC (Microsoft management console.. from IIS or MTS) -> Select in the tree Microsoft Transaction.. -> My computer ->right click packages installed -> new package -> click on create an empty package and name the package, next -> select this user and give an admin user for the package -> finish  , now we'll need to include your registered component in the package(dll).. Expand the newly created package in the tree and right click on components folder-> new component -> select import components that are already registered -> you'll get a list of registered components on that machine.. select your component to include by it's class name -> Finish  note that your activex dll should be set to run unattended while compiling..


this should resolve your problems..

cheers
0
 
LVL 3

Expert Comment

by:krispols
ID: 6421717
Unregister your component, copy it to system32 dir and register it again.
0
 

Author Comment

by:ttsuchi
ID: 6423698
I went to my client's site today and added my COM objects in the MTS Packager so that it runs under local Administrator account. And it finally started working! I still don't know why I have to do it over there and not on my develop environment, but at least everything is working the way it should be.  I learned a lot about how to deal with COM objects permissions along the way too.  Thanks everyone for your input!
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6424535
Because MTS is for such issues.. it acts as a tier for components..
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now