The call to Server.CreateObject failed. The request object instance Cannot be created.
- Your control is not registered correctly.
- The "Logged On User" -- usually the anonymous account -- does not have adequate permissions to run the control. In many cases the anonymous login account (IUSR_<machine>) does not have appropriate permissions on certain Directories/Files or the specific component and its dependencies. While less frequent, if the registry permissions for certain keys are not set correctly, it causes the control to fail to initialize.
- The "Everyone" group has been removed from having READ permissions on certain registry keys due to the mistaken notion that Everyone means ANYONE, when in actuality it simply means all validated users on the Domain/machine.
- In the case of a file database, such as Access or FoxPro, the directory containing the database files does not provide sufficient permissions for the authenticated user.
Since this error is associated with incorrect permission settings on files or registry settings, you must complete the following steps:
- Find out who is the Authenticated User. To determine what user is being authenticated, add the following code to the top of your ASP page: If the LOGON_USER is blank, you are being authenticated as IUSR_machine. Otherwise, the LOGON_USER displays the <domain\user> name of the authenticated user who is attempting to create the object.
Response.Write("LOGON_USER: " & _
- Confirm that the Authenticated User (or Group) has permission on the necessary directories, files, and registry keys. This requires knowledge of the directories, files, and registry keys specific to the control. Below is a list of the requirements for ActiveX Data Objects.
Directory/File Permissions for ADO Specific Case
\InetPub - IUSR_<machine> READ
\InetPub\wwwroot - IUSR_<machine> READ
\Program Files\Common Files\System\ADO - IUSR_<machine> READ
\Program Files\Common Files\System\OLE DB - IUSR_<machine> READ
\Program Files\Common Files\ODBC\Data Sources -IUSR_<machine> READ
\WinNT - IUSR_<machine> CHANGE
\WinNT\System32 - IUSR_<machine> READ
\WinNT\System32\Inetsrv\Asp - IUSR_<machine> READ
\WinNT\System32\Inetsrv\Asp\Cmpnts - IUSR_<machine> READ
\WinNT\Temp - IUSR_<machine> CHANGE
Registry Permissions for ADO Specific CaseEnsure the following permissions are set on the keys listed below:
<machine>\Administrator - Full Control
Creator Owner - Full Control
Everyone - READ
INTERACTIVE - Special Access (Query Value, Set Value, Create
Subkey, Enumerate Subkeys,
SYSTEM - Full Control
File and Folder Permissions for the Database CaseMake sure the database files and the folders containing the database files provide Read, Write, and Execute permissions for the authenticated user or group.
General Trouble Shooting Steps
- Check to see if ASP is installed correctly by running the "ADO Using Server.CreateObject" sample in the "Active Server Pages Roadmap\More Samples folder."
- Make sure all DLLs are registered with Regsvr32.
- Make sure there are not multiple versions of the DLL registered and the registry entry points to the correct one.
- Make sure any DLLs are using the Apartment Threading Model and are not Single Threaded (See Note 3 below).
- Confirm that the Primary Domain Controller (PDC) has given Everyone "Access this computer from the network" rights. If IIS is a PDC assure that the IUSR_<machine> also has these rights as well as "Log on Locally" rights.
Quick Permissions Check Steps
- Force Anonymous by clearing Basic and NT Challenge and Response (NTCR) in IIS Service Manager
- Temporarily add the IUSR_<machine> to the Administrators group to see if it makes a difference. If it does, the problem is a permissions problem.
- Turn on NT Auditing (as noted below) and try again.
Not So Quick Permissions Check Steps
- Force Anonymous by clearing Basic and NT Challenge and Response (NTCR) in IIS Service Manager.
- Create a new NT User account called IUSR_Test.
- Give IUSR_Test Full Control of the root drive and cascade these permissions all the way down. Later, IUSR_Test can be deleted, thereby removing them from any directories or files.
- Turn on NT Auditing (as noted below) and try again.
To enable auditing, open User Manager and select "Audit" from the Policies" menu. Select the "File and Object Access" failure. Open "Windows NT Explorer" and select the root of your hard drive. Right-click and select "properties." Select the Security tab and press the Auditing button. Add the user of interest (the one returned by the ASP page or IUSR_machine) and select all the failure check boxes. Make sure you apply these settings to all folders. Use the "Event Viewer" to see any access failures (select "Security" from the Log menu). Make sure you turn auditing off when you are finished making changes.
NOTE 2: Jet uses the SYSTEM TEMP and TMP environment variables to specify the location of temporary files that are created during JET operations. By default these environment variables are defined for users and are not system-wide settings. To set these up you can do one of two operations.
Option 1. In the autoexec.bat add something similar to the following two lines:
Option 2. Right-click My Computer:
Set TMP =C:\Temp
- Click Properties and select the Environment TAB.
- Click an entry in the System Variables List box (the one on top).
- In the Variable and Value Edit control type the following:
Variable = Temp
Value = C:\Temp
- Click Set. You will now see TEMP has been added to the list of system variable.
- Repeat the process for the TMP variable.
- Reboot the machine for changes to take effect.
NOTE 3: By default ASP creates single-threaded apartment clients, which means that only single-threaded apartment inproc servers are given the desired security context passed on by IIS. All other threading models are run in the SYSTEM context. This means, a DLL using the Single Threading Model will start up in the Security Context of SYSTEM, and not as intended as the Authenticated User.
174811 FILE: Authentication and Security for Internet Developers
For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site: