Server Object Error ASP 0177:80040154
This article helps resolve the error that occurs when you attempt to run an Active Server Pages that use Server.CreateObject
to instantiate an ActiveX component.
Original product version: Microsoft Active Server Pages
Original KB number: 175804
Symptoms
When attempting to run an Active Server Pages (ASP) page that uses Server.CreateObject
to instantiate an ActiveX component, the following error message appears:
Server object error 'ASP 0177:80040154'
Server.CreateObject Failed
/<path>/<yourasp.asp><line #>
The call to Server.CreateObject failed. The request object instance Cannot be created.
Cause
Here are some of the typical causes of this error:
Your control is not registered correctly.
The Logged On User, usually the anonymous account does not have adequate permissions to run the control. In many cases, the anonymous login account (
IUSR_<machine>
) does not have appropriate permissions on certainDirectories/Files
or the specific component and its dependencies. While less frequent, if the registry permissions for certain keys are not set correctly, it causes the control to fail to initialize.The Everyone group has been removed from having READ permissions on certain registry keys due to the mistaken notion that Everyone means ANYONE, when in actuality it simply means all validated users on the
Domain/machine
.In the case of a file database, such as Access or FoxPro, the directory containing the database files does not provide sufficient permissions for the authenticated user.
Resolution
Warning
The following assumes a familiarity with Internet Information Server and editing the registry. It is always advised that you back up the Registry prior to making any changes.
Since this error is associated with incorrect permission settings on files or registry settings, you must complete the following steps:
Find out who is the Authenticated User. To determine what user is being authenticated, add the following code to the top of your ASP page:
<% Response.Write("LOGON_USER: " & _ Request.ServerVariables("LOGON_USER")) %>
If the
LOGON_USER
is blank, you are being authenticated asIUSR_machine
. Otherwise, theLOGON_USER
displays the<domain\user>
name of the authenticated user who is attempting to create the object.Confirm that the Authenticated User (or Group) has permission on the necessary directories, files, and registry keys. This requires knowledge of the directories, files, and registry keys specific to the control. Below is a list of the requirements for ActiveX Data Objects.
Directory/File permissions for ADO-specific case
\InetPub - IUSR_<machine> READ
\InetPub\wwwroot - IUSR_<machine> READ
\Program Files\Common Files\System\ADO - IUSR_<machine> READ
\Program Files\Common Files\System\OLE DB - IUSR_<machine> READ
\Program Files\Common Files\ODBC\Data Sources -IUSR_<machine> READ
\WinNT - IUSR_<machine> CHANGE
\WinNT\System32 - IUSR_<machine> READ
\WinNT\System32\Inetsrv\Asp - IUSR_<machine> READ
\WinNT\System32\Inetsrv\Asp\Cmpnts - IUSR_<machine> READ
\WinNT\Temp - IUSR_<machine> CHANGE
Registry permissions for ADO-specific case
Ensure the following permissions are set on the keys listed below:
Permissions:
<machine>\Administrator - Full Control
Creator Owner - Full Control
Everyone - READ
INTERACTIVE - Special Access (Query Value, Set Value, Create Subkey,
Enumerate Subkeys, Notify, Delete)
SYSTEM - Full Control
Keys:
HKEY_CLASSES_ROOT
\LICENCES
\CEDD4F80-B43C-11cf-837C-00AA00573EDE
HKEY_CLASSES_ROOT
\ADODB.Command
\ADODB.Connection
\ADODB.Parameter
\ADODB.Recordset
File and folder permissions for the database case
Make sure the database files and the folders containing the database files provide Read, Write, and Execute permissions for the authenticated user or group.
General trouble shooting steps
- Check to see if ASP is installed correctly by running the ADO using
Server.CreateObject
sample in the Active Server Pages Roadmap\More Samples folder. - Make sure all DLLs are registered with
Regsvr32
. - Make sure there are not multiple versions of the DLL registered and the registry entry points to the correct one.
- Make sure any DLLs are using the Apartment Threading Model and are not Single Threaded (See Note 2 below).
- Confirm that the Primary Domain Controller (PDC) has given everyone Access this computer from the network rights. If IIS is a PDC assure that the
IUSR_<machine>
also has these rights as well as Log on Locally rights.
Quick permissions check steps
- Force Anonymous by clearing Basic and NT Challenge and Response (NTCR) in IIS Service Manager.
- Temporarily add the
IUSR_<machine>
to the Administrators group to see if it makes a difference. If it does, the problem is a permissions problem. - Turn on NT Auditing (as noted below) and try again.
Not so quick permissions check steps
- Force Anonymous by clearing Basic and NT Challenge and Response (NTCR) in IIS Service Manager.
- Create a new NT User account called IUSR_Test.
- Give IUSR_Test Full Control of the root drive and cascade these permissions all the way down. Later, IUSR_Test can be deleted, thereby removing them from any directories or files.
- Turn on NT Auditing (as noted below) and try again.
Enable NT Auditing:
To enable auditing, open User Manager and select Audit from the Policies menu. Select the File and Object Access failure. Open Windows NT Explorer and select the root of your hard drive. Right-click and select properties. Select the Security tab and press the Auditing button. Add the user of interest (the one returned by the ASP page or IUSR_machine
) and select all the failure check boxes. Make sure you apply these settings to all folders. Use the Event Viewer to see any access failures (select Security from the Log menu). Make sure you turn auditing off when you are finished making changes.
NOTE 1: Jet uses the SYSTEM TEMP
and TMP
environment variables to specify the location of temporary files that are created during JET operations. By default these environment variables are defined for users and are not system-wide settings. To set these up, you can do one of the following two operations.
Option 1. In the autoexec.bat, add something similar to the following two lines:
Set TEMP=C:\Temp Set TMP =C:\Temp
Option 2. Right-click My Computer:
Click Properties and select the Environment TAB.
Click an entry in the System Variables List box (the one on top).
In the Variable and Value Edit control, type the following:
Variable = Temp Value = C:\Temp
Click Set. You will now see
TEMP
has been added to the list of system variable.Repeat the process for the
TMP
variable.Reboot the machine for changes to take effect. In addition, it has been found that
IUSR_<machine>
needs CHANGE permission to the WinNT directory to create temporary files when using the Access database driver.
NOTE 2: By default ASP creates single-threaded apartment clients, which means that only single-threaded apartment inproc servers are given the desired security context passed on by IIS. All other threading models are run in the SYSTEM context. This means, a DLL using the Single Threading Model will start up in the Security Context of SYSTEM, and not as intended as the Authenticated User.