Home
ASP.NET Forums » General ASP.NET » Configuration and Deployment » Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Last post 02-28-2008 1:02 AM by klaus_b. 5 replies.

Sort Posts:

  • Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    02-26-2008, 12:17 PM

    Hi All,

     I've written the application which I just recently moved to a production server and I'm having issues, getting the following error:

    Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
     

    The page is trying to perform a complex INSERT or UPDATE wrapped into a transaction. If I'm not a mamber of the PowerUsers group of the machine I get that error. If I'm added to the group I'm fine and can perform any operations. The aplication is based on Windows Active Directory security and the identity is being impersonated. I have other pieces of this application where the INSERT and UPDATE work when connecting to the SQL Server, but not this one. Connection to SQL is through 'sa' and works from Dev environment with no problem. Also there are two different domains, Dev app is running on one domain, Prod app is running on he different domain.

    People who will be accessing the application can not have Power User access but will need to be able to INSERT and UPDATE. What would be the lower level of security I could add to the User to let this sort of operations?

    Thank you in advance...

     

    Thanks!

  • Re: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    02-27-2008, 2:02 AM
    • Contributor
      2,847 point Contributor
    • klaus_b
    • Member since 05-03-2006, 9:11 AM
    • Bavaria, Germany
    • Posts 566

    Hi Tatyana, 

    AspForumTanya:

    Connection to SQL is through 'sa'  <snip>

    as i understand, the AD user groups are mapped to sql groups inside the sql server, wright? So may you can create a "special" group inside the sql server with the permission to insert and update and map the "AD user group with problems" to this newly created one. To prevent the other table to be changed from this "special" group, assign this group only on the table you need.

     

     

    Servus,
    Klaus

    I haven't the faintest idea, but great many therefrom.
    klaus_b@.NET

  • Re: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    02-27-2008, 12:46 PM

    Hi Klaus,

    Thank you very much for the suggestion. I tried this today on the development machine, but unfortunately I'm not getting the same error as on production machine. The problem I'm having is somehow related to Transactions I'm using. Here is the exact issue I'm having: https://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1974418&SiteID=1

    There are suggesting to make changes to MSDTC - so I'm going to ask out admins to back up the web server and try the fix although I'm not so sure about settings of ACE strings... http://msdn2.microsoft.com/en-us/library/aa374928.aspx

     

     

     

    Thanks!

  • Re: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    02-27-2008, 2:03 PM

    TBD

    Thanks!

  • Re: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    02-27-2008, 2:03 PM
    Answer
    ok so I fixed the issue. The post above helped. Here are the steps I performed:  1) go to dev box (web server) and run: "sc sdshow msdtc"output could be similar to this:

     

    D:(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPRC;;;WD)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)  2) go to prod box (web server) and run the same  "sc sdshow msdtc"outout could be similar to this:

     

    D:(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) As you can see - highlighted strings are different - that's where my issue was.   

    3) I changed it but running the following:

    sc sdset msdtc D:(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPRC;;;WD)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)  

     

    ** Note - I only changed that one string, the rest stayed the same as they were on prod environment. This could be caused either by the invalid install or permissions set during the install or because of some sort of the "hot fix" or the update. If your transactions suddenly stop working you should look into these settings and see if they are identical. Also don't forget to back up your server before making any changes or put it into undoable mode!!!   Here are the posts I used: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2915944&SiteID=1  and http://msdn2.microsoft.com/en-us/library/aa374928.aspx   Good Luck!

     

    Thanks!

  • Re: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    02-28-2008, 1:02 AM
    • Contributor
      2,847 point Contributor
    • klaus_b
    • Member since 05-03-2006, 9:11 AM
    • Bavaria, Germany
    • Posts 566

    Hi Tatyana,

    glad to hear you could resolve your problem.

    I never had so a strange problem with the ACL like yours. I've read the posts and article you've mentioned and yes, i've stored the links for possible later use in the future.

    Thanks to share your solution.

     

    Servus,
    Klaus

    I haven't the faintest idea, but great many therefrom.
    klaus_b@.NET
Page 1 of 1 (6 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.