Geek Answers Handbook

Installed Word on the server, but cannot find it to set permissions in Component Services

I addressed this issue on SO; System.UnauthorizedAccessException: getting factory COM class for Word Interop fails with error 80070005.

We had a word installed on a test server to get Word Interop to work on it. This will result in this new error, and I cannot apply the hotfix recommended by me, I cannot find Microsoft Word in the DCOM Componentet Services configuration. So how can I fix this?

+4
source share
4 answers

Using the ERR tool , we see an error: 80070005 is a denial of access, so you either do not have permissions or its design.

for hex 0x80070005 / decimal -2147024891 : COR_E_UNAUTHORIZEDACCESS corerror.h MessageText: Access is denied. DIERR_OTHERAPPHASPRIO dinput.h DIERR_READONLY dinput.h DIERR_HANDLEEXISTS dinput.h DSERR_ACCESSDENIED dsound.h ecAccessDenied ec.h ecPropSecurityViolation ec.h MAPI_E_NO_ACCESS mapicode.h STIERR_READONLY stierr.h STIERR_NOTINITIALIZED stierr.h E_ACCESSDENIED winerror.h General access denied error 11 matches found for "0x80070005"

I mention design because of all the problems described in this KB article: Considerations for Office Server Automation .

Installing Office on a server OS results in all issues. To develop VSTO, I install TFS on Win7 for automatic builds to avoid server-side issues.

Do not use the server OS to automate Office, as KB is not supported, use Win7!

Microsoft strongly recommends a number of alternatives that do not require Office to be installed on the server side, and it can perform most common tasks more efficiently and faster than automation. Before you use Office as a server component in your project, consider alternatives.

+3
source

Not knowing what you were trying to use in your associated stackoverflow entry: when COM objects are not displayed, you usually need to run

 mmc -32

And manually add the Component Services snap-in. This worked for me in both Windows Server 2008 R2 and Windows Server 2012.

You also need to create desktop directories in the following places:

C: \ Windows \ SysWOW64 \ Config \ systemprofile

C: \ Windows \ System32 \ Config \ systemprofile

+2
source

You must look for an incorrect code 000209FF-0000-0000-C000-000000000046, in which case it may have a different name. I have 00021401-0000-0000-C000-000000000046, try searching according to the latter for pairs of numbers. And don't forget to add the component tab of the component to the mmc console.

UPDATED

enter image description here

+2
source

This is much easier to do than type the answer SO, because there are various palaces that need to be checked and aligned.

But the overall goal is to: 1) track the security account that was trying to access and start / activate the COM component, and 2) which COM component was faulty.

NOTE. The procedures described above increase the level of security, so do not forget to create excellent logs of all the changes that you make, so that you know what exactly to fix your problem, but also so that you can roll back everything that was inappropriate.
NOTE 2 One change at a time, regardless of the need to restart the server. \ - so you know what is fixed.

  • Start with the Windows logs - they usually log the exact security principal and the DCOM component that he was trying to access / activate. Usually both: the security context and the component are pretty obvious - in this case you can skip to dcomcnfg below.

  • One way to test timeirely , if you find a component / account, is to allow administrator rights to account security or EVERY access to the component and see how to fix the error
    NOTE. These are temporary measures, only for verification. Remember to roll back everything.

  • Your ongoing configuration changes will be made in the MMC component snippet. You can either manually add it to a window with an elevated MMC, or, more simply, by running the following command under administrator rights:

/ "> DCOMCNFG

  • Try to find the component you are interested in in the "Component Services / Computers / My Computer / DCOM Configuration /" section, right-click and do "Properties": enter image description here

  • Go to the Security tab and set the Activate and Access permissions to the minimum that will fix your problem, but stay as close as possible to the locked state.
    NOTE. I have never done this with MS Office middleware. Be sure to consider all the security implications:
    enter image description here

This is pretty much how you get started. I did it for all tastes of Windows, and it always feels different. Often I have to rely on other methods of monitoring this condition: SysInternals spyware tools, Windows security auditing, COM + Applications properties, and several times direct modification of the file system or registry key ACL. In most cases, these were laboratory / dev machines, so hacks, like editing registry key systems, are fine.

And again - track and discard all the changes that you do not need!

+1
source

More articles:


All Articles