Article ID: 250536
Article Last Modified on 6/30/2005
APPLIES TO
- Remote Data Service for ADO 2.5, when used with:
- Microsoft Windows 2000 Standard Edition
- Remote Data Service for ADO 2.6, when used with:
- Microsoft Windows 2000 Standard Edition
- Microsoft Remote Data Services 2.0, when used with:
- Microsoft Windows 2000 Standard Edition
This article was previously published under Q250536
SUMMARY
After a clean install of Windows 2000, the MSADC virtual directory defaults to access denied for all IP addresses and domain names. This means that, on clean installs, no computers are able to connect to the MSADC virtual directory on these computers. Therefore, all Remote Data Services (RDS) applications do not work until the steps shown here are taken.
You may receive one of the following error messages:
In Visual Basic, you may receive the following error message:
MORE INFORMATION
There are two core configuration concerns with Remote Data Services: RDS Security and IIS security.
RDS security
RDS security is controlled through the registry and by RDS handlers. The RDS DataFactory is restricted by data handlers. Also, if you are invoking custom business objects, a registry must be added to enable the business object to be accessed. Add a registry key whose name matches ProgID of the business object in the following registry hive: \HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch
RDS relies on the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory
If these keys do not exist, add them.
- To determine whether these keys exist, use Regedit.exe or Regedt32.exe.
- To determine whether the key permissions are too restrictive, start Regedt32.exe, and select the registry key.
- On the Security menu, click Permissions to view the Access Control List for the key.
- Make sure the IUSR account has at least Read permission to the registry keys.
- At a command prompt, type iisreset to restart your Web server.
Run Handunsf.reg from the MSADC directory. This action makes handlers not required. Note that this last option does compromise security. However, because the application is behind a corporate firewall on a company intranet, security concerns are limited to those with physical access.
IIS security
For IIS security, follow these steps:
- Click Start on the computer that is running Windows 2000, click Programs, point to Administrative Tools, and then click Internet Services Manager.
- Expand the computer name in the left pane.
- Expand Default Web Site.
- Right-click the 'MSADC' virtual directory, and then click Properties.
- On the Directory Security tab, under IP Address and Domain Name Restrictions, click Edit. The IP Address and Domain Name Restrictions dialog box appears.
To enable RDS-based applications and pages on this server, choose one of the following:
- If you want all clients to access RDS-based pages and applications, click Granted Access.
- If you want to grant access only to selected clients, click Add to enter their IP addresses or domain names.
For more information about setting IP address and domain name restrictions, see the IIS documentation.
REFERENCES
For more information about handler security, click the following article number to view the article in the Microsoft Knowledge Base:
243245 PRB: RDS handler error messages due to security settings
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
230680 Working with RDS handlers
Additional query words: 2K
Keywords: kbhowto KB250536