Microsoft KB Archive/250536

From BetaArchive Wiki

Article ID: 250536

Article Last Modified on 6/30/2005



APPLIES TO

  • Remote Data Service for ADO 2.5, when used with:
    • Microsoft Windows 2000 Standard Edition
  • Remote Data Service for ADO 2.6, when used with:
    • Microsoft Windows 2000 Standard Edition
  • Microsoft Remote Data Services 2.0, when used with:
    • Microsoft Windows 2000 Standard Edition



This article was previously published under Q250536

SUMMARY

After a clean install of Windows 2000, the MSADC virtual directory defaults to access denied for all IP addresses and domain names. This means that, on clean installs, no computers are able to connect to the MSADC virtual directory on these computers. Therefore, all Remote Data Services (RDS) applications do not work until the steps shown here are taken.

You may receive one of the following error messages:

-2146819841 Internet Information Server Unknown Error
0x800a20ff Internet Information Server: Access Denied

In Visual Basic, you may receive the following error message:

Run-time error '8447': Internet Server Error

MORE INFORMATION

There are two core configuration concerns with Remote Data Services: RDS Security and IIS security.

RDS security

RDS security is controlled through the registry and by RDS handlers. The RDS DataFactory is restricted by data handlers. Also, if you are invoking custom business objects, a registry must be added to enable the business object to be accessed. Add a registry key whose name matches ProgID of the business object in the following registry hive: \HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch

RDS relies on the following registry keys:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory

If these keys do not exist, add them.

  1. To determine whether these keys exist, use Regedit.exe or Regedt32.exe.
  2. To determine whether the key permissions are too restrictive, start Regedt32.exe, and select the registry key.
  3. On the Security menu, click Permissions to view the Access Control List for the key.
  4. Make sure the IUSR account has at least Read permission to the registry keys.
  5. At a command prompt, type iisreset to restart your Web server.

Run Handunsf.reg from the MSADC directory. This action makes handlers not required. Note that this last option does compromise security. However, because the application is behind a corporate firewall on a company intranet, security concerns are limited to those with physical access.

IIS security

For IIS security, follow these steps:

  1. Click Start on the computer that is running Windows 2000, click Programs, point to Administrative Tools, and then click Internet Services Manager.
  2. Expand the computer name in the left pane.
  3. Expand Default Web Site.
  4. Right-click the 'MSADC' virtual directory, and then click Properties.
  5. On the Directory Security tab, under IP Address and Domain Name Restrictions, click Edit. The IP Address and Domain Name Restrictions dialog box appears.

To enable RDS-based applications and pages on this server, choose one of the following:

  • If you want all clients to access RDS-based pages and applications, click Granted Access.
  • If you want to grant access only to selected clients, click Add to enter their IP addresses or domain names.

For more information about setting IP address and domain name restrictions, see the IIS documentation.

REFERENCES

For more information about handler security, click the following article number to view the article in the Microsoft Knowledge Base:

243245 PRB: RDS handler error messages due to security settings


For more information, click the following article number to view the article in the Microsoft Knowledge Base:

230680 Working with RDS handlers



Additional query words: 2K

Keywords: kbhowto KB250536