The error is:
ActiveX component can't create object for aBRR.Generator
The code on that line is:
set taMaker = createObject("aBRR.Generator")
Classic-asp in the app pool has Enable 32 bit to true.
What am I missing? Thanks in advance.
If your site is using Anonymous authentication:
Open IIS Manager
Navigate to your site
Open Authentication
Open the properties for Anonymous
Change it to use Application Pool Identity
Note that if your site runs under a special user you created for that purpose, this may break other things. But for all of my standard sites with Anonymous auth, this fixed it.
In my case, I found that there was both a 32-bit and a 64-bit version of regasm.exe. As in:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
vs.
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe
I also had the AppPool set for 32 bit applications, so it was important that I use the 32bit regasm.exe to register the .dll in order to avoid the ActiveX error.
Related
On Windows Server 2012 R2, after installing update KB4340558 (update history) / KB4338424 (installed updates) we can no longer instantiate .NET .DLLs (interop) in classic ASP in 32-bit mode using server.createobject. We receive the error 0x800A01AD "ActiveX component can't create object"
When we uninstall the update, the error disappears. Despite my best efforts, I was unable to find an alternate solution to uninstalling. We would prefer to reinstall the update and make whatever changes were necessary to Windows Server and/or the DLL's to allow the COM objects to be instantiated properly. There are no clues in the system logs, no clues in the CVE database, and no clues in the errors ASP is generating. Please help!
We were affected with multiple customers too.
I ruled out invalid strong-name signing of our assemblies, since the .NET Assemblies from the Framework itself were affected by that access-denied error too.
Finally I managed to solve the issue by configuration.
Apparently the authenticating identity of the website has now to match the identity of the app-pool. Or IUSR has no longer enough permissions.
EDIT: 19.07.2018
Warning! This change also has a side-effect:
The asp-classic event "Session_OnEnd" was no longer called and therefore resources eventually could no longer be freed.
But there is a fix for that, too!
The ASP-Config-Property "system.webServer/asp/runOnEndAnonymously" has to be "false", then the event fires again.
EDIT 2: 23.07.2018
As Dijkgraaf pointed out, Microsoft now considers this "new behaviour" a bug. So i guess my "solution" should now be considered a workaround until a new patch comes to rescue.
We run our application pool under a specific identity, to enable a network share and database access. I too thought we were stuck after reading #keydon's answer above.
However, there are three places that we must configure the identity:
The Application Pool - should use the specific identity
The Website "Connect As" - should use the "Application pool identity"
The Anonymous Authentication option, under the Authentication feature - should use "Application pool identity"
That last one was the thing that we were missing - years of considering only the first two meant that we mis-read the great advice above.
Microsoft is aware of the issue and the relevant KB is "Access Denied" errors and applications with COM activation fail after installing July 2018 Security and Quality Rollup updates for .NET Framework
This has impacted BizTalk, SharePoint, IIS with classic ASP and .NET application that uses impersonation.
Workarounds for Classic ASP are as follows
IIS Hosted Classic ASP calling CreateObject for .NET COM objects may receive an "ActiveX component can't create object" error:
If your web site uses Anonymous Authentication: Change the Web Site Anonymous Authentication credentials to use the "Application pool identity".
If your site uses Basic Authentication or Windows Authentication: Log into the application once as the application pool identity, then create an instance of the .NET COM component.
Afterwards other site users will be able to active the .NET COM component without the failure.
Alternatively, if you are using Windows Authentication and accessing the web site from the console of the Windows Server where the ASP application runs: Creating an instance of the .NET COM component also resolves error for other site users.
We support a Classic ASP site running in IIS Anonymous Authentication. The application instantiates a DLL .NET object exposed as COM visible.
After applying recent security Windows Updates and reboot OS our application crashed with following error:
Microsoft VBScript runtime error '800a01ad'
ActiveX component can't create object: 'NameOfObjectInDLL'
In our case, this last advice fixed our problems.
IIS > Authentication > Anonymous Authentication - Edit > "Application pool identity"
screenshot1
This is only to confirm the solution provided by keydon, combined by the one provided by TimP. And give them thanks!!
In our case we've changed the following 3 parts (and an additional 4th for new permissions):
Web server Authentication properties: set Anonymous Authentication with "Application pool identity" instead of "Specific User".
Application Pool "Identity" property: set to "ApplicationPoolIdentity" instead of "LocalSystem".
Web Site "Connect As" for physical path: set to "Application user (pass-through authentication)" instead of "Specific User".
Add permissions for "Application Pool Identity user name" in the shared folder where the web application files are. Have a look to https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities#securing-resources
Thank you!!
(I'm sorry I can't vote your solutions because I'm starter and I don't have any reputation)
Background: I support a classic ASP environment. I have a development setup locally on my machine as part of that support. I am running IIS7.
To access my environment, I use "http://localhost:99999/" (port # faked for privacy purposes). I have not had a problem with this -- until today.
I built an application that is intended to run in this environment. The app is ASP.NET v.4.0 (for sake of example, I'll say it's called "http://localhost:99999/DotNetApp/"). Of course, in order to run this, I had to set up my environment application pool to support it (which it now does).
Problem: after configuring this, I am now getting:
Server Error in '/' Application.
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources.
Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to '[filepath]\SourceFiles'.
I did NOT get this before I set my IIS configuration. Why am I getting this now?
Note: this ONLY happens with "http://localhost:99999/"; this does NOT happen if I try "http://localhost:99999/default.asp" (the page comes up with no problem).
Anyone have any insight?
Thanks in advance . . .
Edit: Additional symptoms: I tried playing with the application pool settings. The problem goes away if I change the .NET Framework version to either 2.0.50727 or to "No Managed Code." Changing it to 4.0.31319 breaks it. Of course, if I use any of the other two versions, my ASP.NET app won't run.
Edit #2: This problem occurs on ALL links that go to a folder or directory (e.g. "http://localhost:99999/somefolder/"), not just the web root.
Edit #3: I have a workaround: set "http://localhost:99999/" and "http://localhost:99999/DotNetApp/" in separate application pools. The first runs in .NET 2.0, while the latter runs .NET 4.0. (I'll post this as an answer once my 8 hour limit is up.) Probably not the best answer -- I'd prefer something that isn't as much of a kludge -- but for the time being, it'll get the job done. However, if anyone has a solution that enables me to run everything in the same app pool, by all means, post away!
You probably must specify "default.asp" as allowed in your "Default Document" settings in IIS7
EDIT: Check if ASP has been installed: Control Panel -> Programs and features -> Windows Features -> Internet Information Services -> Www services ->Application Development Features-> ASP
EDIT Final solution: The IUSR account is missing from the folder the website is in.
Set the default page for your site in IIS.
Try to set permission "Everyone" for directory "[filepath]\SourceFiles/" or/and "Allow" for other user names and groups in folder properties.
I tried installing my old ASPImage from server Objects in my new server, but the object is not created even though the dll is registered and ASP is enabled in IIS7. Does anyone have any ideas on this issue, or used a different component that can be called from VBS as well as ASP classic?
I tried running tests on the object and it returns internal server errors. When running in VBS, no errors but it ignores the object.
Thanks
James F.
Assuming you have a 64 bit Web Server, you have to enable the setting "Enable 32-Bit Applications" in the Application Pool using the 32bit Component.
See here for further details:
http://help.webcontrolcenter.com/KB/a1114/how-to-enable-32-bit-application-pool-iis-7-dedicatedvps.aspx
I recently upgraded from XP to Win 7. I used to be able to debug from an ASP classic app into VB6. However I now get a:
"The call to Server.CreateObject failed while checking permissions. Access is denied to this object"
This only occurrs when I start the dll in VB6 and access the ASP application. Prior to IIS7 this would allow you to step into the VB6 dll. Any ideas?
I have recently had the same experience going from WinXP to Win7 in our dev environment and had have exactly the same grief with some of our legacy apps. Here's how I fixed it.
To be clear, our Classic ASP website makes calls off to our in-house VB6 .dlls and it was these .dll files that I wanted to be able to step into and debug.
Enable 32-bit applications
In the Application Pools section, right click on the website's application pool and select 'Advanced Settings'.
Change the 'Enable 32-bit Applications' to 'True'.
Change the 'Managed Pipeline Mode' to 'Classic'.
ASP Authentication
As #GregWoods has suggested, check the authentication details of the website in IIS, As follows:
Anonymous Authentication – DISABLED
ASP.Net Impersonation – DISABLED
Basic Authentication – ENABLED
Forms Authentication – DISABLED
Windows Authentication – ENABLED
Run the VB6 application inside the Visual Basic IDE and open a web browser; navigate to the website and when the code enters the external VB6 .dll, the Visual Basic 6 environment should now stop on the breakpoints set in your code. Ta da.
A step more??
I also wanted to be able to debug the actual Classic ASP pages themselves from within VS2010 or VS2012... which is entirely possible too, but there's an extra step to add to this list, simply to instruct IIS to :
In IIS, click on the website that created earlier and in the Features view, click on ‘ASP’.
Expand the ‘Debugging Properties’ option group.
Change the ‘Enable Client-side Debugging’ to ‘True’.
Change the ‘Enable Server-side Debugging’ to ‘True’.
Click ‘Apply’ to save. (Top right corner of the Actions pane).
Then, in order to make Visual Studio stop on a breakpoint, you have to Attach to Process:
Go to the 'TOOLS' menu, and select 'Attach to Process...'
Change the 'Attach to' option to 'Automatic: Native code'
Select the 'w3wp.exe' process and click 'Attach'.
Now, when you open the website in your chosen browser and nabigate to your website, IIS and VS2010/VS2012 will work in conjunction and Visual Studio will stop on any break points.
Hope this helps you.
I've just run into the same problem, and after applying the above 'fixes', still had a problem. I found that making sure that the web application has Anonymous authentication turned off (I used Windows authentication instead) finally allowed me to debug vb6 from classic ASP.
From this I cannot whether the registry entry, or the DCOM permissions change (both from q259725), contributed to the fix.
Hope this helps someone!
I always thought the user running the app pool was used to, for instance, access the file system when an application is trying to write a file.
I have an application in IIS, setup with Windows Integrated Authentication, that tries to write a file to the file system. I always get an error unless I give permissions on the file system to the specific domain user that logged in through Windows Integrated Authentication.
Any reason why I´m observing this behaviour?
Thx in advance
Are you using Impersonation? This would use the User's identity to do stuff, rather than the one of the AppPool. If you're using a third party ASP.net Application, check if they use Impersonation (for example, SharePoint does).
There is a way to revert the identity of the AppPool. Check this question which includes the RevertToSelf and HostingEnvironment.Impersonate methods. The Question is about SharePoint, but these two answers are the non-SharePoint way of reverting to the apppool, so they apply.