Microsoft KB Archive/250536

= How to configure RDS for Windows 2000 =

Article ID: 250536

Article Last Modified on 6/30/2005

-

APPLIES TO


 * Remote Data Service for ADO 2.5, when used with:
 * Microsoft Windows 2000 Standard Edition
 * Remote Data Service for ADO 2.6, when used with:
 * Microsoft Windows 2000 Standard Edition
 * Microsoft Remote Data Services 2.0, when used with:
 * Microsoft Windows 2000 Standard Edition

-



This article was previously published under Q250536



SUMMARY
After a clean install of Windows 2000, the MSADC virtual directory defaults to access denied for all IP addresses and domain names. This means that, on clean installs, no computers are able to connect to the MSADC virtual directory on these computers. Therefore, all Remote Data Services (RDS) applications do not work until the steps shown here are taken.

You may receive one of the following error messages:

-2146819841 Internet Information Server Unknown Error

0x800a20ff Internet Information Server: Access Denied

In Visual Basic, you may receive the following error message:

Run-time error '8447': Internet Server Error



MORE INFORMATION
There are two core configuration concerns with Remote Data Services: RDS Security and IIS security.

RDS security
RDS security is controlled through the registry and by RDS handlers. The RDS DataFactory is restricted by data handlers. Also, if you are invoking custom business objects, a registry must be added to enable the business object to be accessed. Add a registry key whose name matches ProgID of the business object in the following registry hive:

RDS relies on the following registry keys:

If these keys do not exist, add them.
 * 1) To determine whether these keys exist, use Regedit.exe or Regedt32.exe.
 * 2) To determine whether the key permissions are too restrictive, start Regedt32.exe, and select the registry key.
 * 3) On the Security menu, click Permissions to view the Access Control List for the key.
 * 4) Make sure the IUSR account has at least Read permission to the registry keys.
 * 5) At a command prompt, type iisreset to restart your Web server.

Run Handunsf.reg from the MSADC directory. This action makes handlers not required. Note that this last option does compromise security. However, because the application is behind a corporate firewall on a company intranet, security concerns are limited to those with physical access.

IIS security
For IIS security, follow these steps:
 * 1) Click Start on the computer that is running Windows 2000, click Programs, point to Administrative Tools, and then click Internet Services Manager.
 * 2) Expand the computer name in the left pane.
 * 3) Expand Default Web Site.
 * 4) Right-click the 'MSADC' virtual directory, and then click Properties.
 * 5) On the Directory Security tab, under IP Address and Domain Name Restrictions, click Edit. The IP Address and Domain Name Restrictions dialog box appears.

To enable RDS-based applications and pages on this server, choose one of the following:
 * If you want all clients to access RDS-based pages and applications, click Granted Access.
 * If you want to grant access only to selected clients, click Add to enter their IP addresses or domain names.

For more information about setting IP address and domain name restrictions, see the IIS documentation.

