Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I properly instantiate 32-bit COM objects in classic ASP after installing Windows Update KB4340558?

Tags:

com

iis-8

asp-classic

windows-server-2012-r2

On Windows Server 2012 R2, after installing update KB4340558 (update history) / KB4338424 (installed updates) we can no longer instantiate .NET .DLLs (interop) in classic ASP in 32-bit mode using server.createobject. We receive the error 0x800A01AD "ActiveX component can't create object"

When we uninstall the update, the error disappears. Despite my best efforts, I was unable to find an alternate solution to uninstalling. We would prefer to reinstall the update and make whatever changes were necessary to Windows Server and/or the DLL's to allow the COM objects to be instantiated properly. There are no clues in the system logs, no clues in the CVE database, and no clues in the errors ASP is generating. Please help!

like image 411
user2458080 Avatar asked Jul 11 '18 15:07

user2458080

2 Answers

We were affected with multiple customers too.

I ruled out invalid strong-name signing of our assemblies, since the .NET Assemblies from the Framework itself were affected by that access-denied error too.

Finally I managed to solve the issue by configuration. Apparently the authenticating identity of the website has now to match the identity of the app-pool. Or IUSR has no longer enough permissions.

enter image description here

EDIT: 19.07.2018

Warning! This change also has a side-effect:

The asp-classic event "Session_OnEnd" was no longer called and therefore resources eventually could no longer be freed. But there is a fix for that, too!

The ASP-Config-Property "system.webServer/asp/runOnEndAnonymously" has to be "false", then the event fires again.

enter image description here

EDIT 2: 23.07.2018

As Dijkgraaf pointed out, Microsoft now considers this "new behaviour" a bug. So i guess my "solution" should now be considered a workaround until a new patch comes to rescue.

like image 160
keydon Avatar answered Oct 10 '22 20:10

keydon

We run our application pool under a specific identity, to enable a network share and database access. I too thought we were stuck after reading @keydon's answer above.

However, there are three places that we must configure the identity:

  • The Application Pool - should use the specific identity
  • The Website "Connect As" - should use the "Application pool identity"
  • The Anonymous Authentication option, under the Authentication feature - should use "Application pool identity"

That last one was the thing that we were missing - years of considering only the first two meant that we mis-read the great advice above.

like image 40
TimP Avatar answered Oct 10 '22 19:10

TimP
Sign in to Comment

Related questions

Is it worth learning classic ASP? [closed]
Should new programmers learn ASP first or ASP.Net? [closed]
Debugging Classic ASP in Visual Studio 2010
IIS7 - only serves up one page at a time. It's a making me crAzY!
SQL Server Pre-Login Handshake Acknowledgement Error [duplicate]
Asp Classic return specific http status code
Classic ASP Sending errors to browser does not work on IIS7 for remote connections
How to enable ASP classic in IIS7.5
How to resolve "The requested URL was rejected. Please consult with your administrator." error?
ASP.NET MVC reminds me of old Classic ASP spaghetti code
Check if an Object exists in VBScript
File URL "Not allowed to load local resource" in the Internet Browser
Calling REST web services from a classic asp page
"Operation is not allowed when the object is closed" when executing stored procedure
Response.Write vs <%= %>
How to guide for getting a classic asp application working under IIS 7.0
What does (?: do in a regular expression
How do I enable upload of large files in classic ASP on IIS 7?
Error checking for NULL in VBScript
How do you debug classic ASP?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!