locked
IIS 7 cannot access 32-bit COM dll through COM+ service RRS feed

  • Question

  • User2084463843 posted

    We are facing a problem on Windows Vista Beta 2,5384 (64-bit).

    We have a 32-bit COM dll developed using VC++ 6.0. We have a COM+ server to redirect the calls on 64-bit machine. The ASP pages access the 32-bit COM dlls through the COM+ server.

    It works well from the built-in "Administrator" account but from any other domain account I get the following error.

    "The call to Server.CreateObject failed while checking permissions.Access is denied to this object."

    I have tried a workaround i.e. setting W3SVC/1/ROOT/<virtual_directory>/AspExecuteInMta to 1 but it does not work. This workaround was posted in another thread

    http://forums.iis.net/thread/1360645.aspx

    The Webpage works only from the built-in "Administrator" account. From all the other domain account it works only when the browser "Protected Mode" is truned "Off".

    Can I get any help on this?

    Regards,

    Dipeka

    Tuesday, August 22, 2006 11:54 PM

All replies

  • User-848894299 posted

    Hi Dipeka,

    I just replied to you in private. Please provide the information that I asked in that email if all possible, so that I can try to repro your issue on our side.

    Also unless you see the 500 status code reutrn with error message like "Calling on the wrong thread...", otherwise the work around that I mentioned (setting the AspExecuteInMta property to 1) won't help your case.

    One quick thing you may want to try is adding the following accounts to the default launch permission in COM security (just for testing) in 'dcomcnfg' UI

    "IIS_IUSRS", the request user for the ASP page that instatiate your COM object (if it is anonymous, use "IUSRS")

    Here are the steps:

    1) "Start"->"Run" -> type in 'dcomcnfg'

    2) right click on "My Computer" under "Component Services" -> "Properties"

    3) Select "COM Security"

    4) click on the "Edit Default..." button for the "Launch and Activation Permissions"

    5) add the above 2 users to the list

    If this does not help, please provide the infomation that I asked on the private email that I sent to you, so that I can try to repro it on my side.

    Thanks,

    Ray

     

    Thursday, August 24, 2006 4:43 PM
  • User-848894299 posted

    I highly recommand to read the links in the following post regarding security changes in IIS7

    http://forums.iis.net/thread/1310392.aspx

    Ray

    Monday, September 11, 2006 3:50 PM