Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 820440 - Last Review: May 30, 2003 - Revision: 1.3
A COM+ Client That Uses a Proxy May Receive a "Permission Denied" Error Message (800A0046) When CLB Is Used on a Computer That Is Running Microsoft Windows Server 2003
SYMPTOMS
Your client application may try to create an object that uses Component Load Balancing (CLB) on a computer that is running Windows Server 2003. If that object has a proxy with a remote server name that points to the Application Center 2000 routing cluster virtual IP (VIP) that is installed on the client computer, you may receive the following error message:
CAUSE
By default, COM+ application access checks are turned on in Windows Server 2003. This is done to help increase the security and may help to prevent anonymous users from creating objects on the Windows Server 2003 COM+ application servers. CLB uses the anonymous account to create objects for client computers that use proxies to point to the routing cluster.
RESOLUTION
You can resolve this issue by using one of the following methods:
- Method 1
You can create a role to permit access and to add the NT AUTHORITY\ANONYMOUS LOGON account or the NT AUTHORITY\NETWORK group to the role. For each component that is load balanced, click to select the role on the Security tab. This permits you to set the access on a per component basis - Method 2
You can restore the Microsoft Windows 2000 setting if you click to clear the Enforce access checks for this application check box on the property sheet of the component in the Component Services snap-in. You must do this for all load balanced applications that must be accessed by clients that use proxies to point to the CLB routing cluster. This permits access to all components in the application.
STATUS
This behavior is by design.
MORE INFORMATION
You can enforce security roles on COM+ method calls. You can do this to help prevent users from using the objects that they create if their account does not have an appropriate role.
REFERENCES
For additional information about creating roles in COM+, click the following article number to view the article in the Microsoft Knowledge Base:
326818Â
(http://kbalertz.com/Feedback.aspx?kbNumber=326818/EN-US/
)
PRB: MTS and COM+ Roles Are Not Applied Immediately
APPLIES TO
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Application Center 2000 Service Pack 2
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please