Error message when you request an ASP page that connects to an Access database in IIS 7.0: "Microsoft JET Database Engine error '80004005'"

Article translations Article translations
Article ID: 926939 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario. On a Web server that is running Microsoft Internet Information Services (IIS) 7.0, you host an active server page (ASP) that connects to a database. The ASP page data provider is the Microsoft.Jet.OLEDB.4.0 data provider. The ASP page data source is a Microsoft Access database (.mdb) file. In this scenario, you may receive the following error message when you request the ASP page:
Microsoft JET Database Engine error '80004005'
Unspecified error
Note You will encounter a similar error message when you use both of the following:
  • A Microsoft Access database in the Access 2007 file format (.accdb)
  • The Microsoft.ACE.OLEDB.12.0 data provider

CAUSE

This problem may occur if IIS 7.0 is configured to load the current user profile for an application pool identity. This may cause compatibility issues with legacy ASP-based applications and ADO-based applications because the current user may not have sufficient permissions to write to the temporary directory.

RESOLUTION

To resolve this problem, you must add the correct access control entries to the temporary directory for the process identity. To do this, follow the steps for your operating system.

Windows Server 2008 and Windows Vista with SP1 or later versions

To resolve this problem on an IIS 7.0 Web server that is running on Windows Server 2008 or Windows Vista with SP1 or later versions, follow these steps:
  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. When you are prompted for an administrator password or for a confirmation, type the password or click Continue.
  3. Type the following command, and then press ENTER:
    icacls %SystemDrive%\Windows\Temp /grant Users:(CI)(S,WD,AD,X)

    Note This command enables every user to create files and directories in the temporary directory.
  4. Type the following command, and then press ENTER:
    icacls %SystemDrive%\Windows\Temp /grant "CREATOR OWNER":(OI)(CI)(IO)(F)

    Note The user who creates a file or a directory in the temporary directory is the CREATOR OWNER. The CREATOR OWNER access control entry grants a user complete control over the file or over the directory. Other users cannot access these files and directories because they are not the CREATOR OWNER.
Windows Vista RTM

To resolve this problem on an IIS 7.0 Web server that is running on Windows Vista RTM, follow these steps:
Note By default on Windows Vista RTM, the process identity is NetworkService, and the temporary directory is %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp.
  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. When you are prompted for an administrator password or for a confirmation, type the password or click Continue.
  3. Type the following command, and then press ENTER:
    icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant Users:(CI)(S,WD,AD,X)

    Note This command enables every user to create files and directories in the temporary directory.
  4. Type the following command, and then press ENTER:
    icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant "CREATOR OWNER":(OI)(CI)(IO)(F)

    Note The user who creates a file or a directory in the temporary directory is the CREATOR OWNER. The CREATOR OWNER access control entry grants a user complete control over the file or the directory. Other users cannot access these files and directories because they are not the CREATOR OWNER.

WORKAROUND

To resolve this problem, use the method that is described in the "Resolution" section. However, if you do not want to add access control entries to the temporary directory for the process identity, you can work around the problem by disabling the loadUserProfile property for the application pool. When this property is disabled, IIS 7.0 does not load the current user profile for the application pool.

Important If you disable this property, a security risk may be created. Make sure that you understand and evaluate the risks before you implement this workaround.

To disable the loadUserProfile property for the application pool, modify the ApplicationHost.config file. The following example demonstrates how to do this.
<applicationPoolDefaults>
    <processModel identityType="NetworkService" loadUserProfile="false" />
</applicationPoolDefaults> 

REFERENCES

For more information about temporary directory permissions when you run a database query in an ASP page, click the following article number to view the article in the Microsoft Knowledge Base:
315456 You receive a database results error message when you connect to database from an ASP page in FrontPage
Using Classic ASP with Microsoft Access Databases on IIS 7.0 and IIS 7.5
http://learn.iis.net/page.aspx/563/using-classic-asp-with-microsoft-access-databases-on-iis-70-and-iis-75/

Properties

Article ID: 926939 - Last Review: March 12, 2009 - Revision: 4.0
APPLIES TO
  • Microsoft Internet Information Services 7.0
Keywords: 
kbtshoot kbprb KB926939

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com