We are working to certify our application for deployment on Windows Server 2008 and having some configuration issues.
The following code throws an interop error:
On Error Resume Next
Set WordApp = Server.CreateObject("word.application")
If Err.number <>0 Then
SetErrorDesc ErrorDesc, "Unable to instantiate word. (" & err.Description & ")<br>"
SetErrorStatus ErrorStatus,True
End If
The error information returned in err.Description is:
006~ASP 0178~Server.CreateObject Access Error~The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
The site is configured to use a specific user account for its application pool. The site is a mixed-mode ASP.Net and asp-classic application. I have checked out Ogawa's solution regarding the need for the systemprofile to have a Desktop folder, and for the AppPool to be configured to load the user profile. The Word 97-2003 Document DCOM object is configured to run as the same user as the site's app pool. Launch and Activation, Access Permissions, and Configuration Permissions all that the user added with full permissions set.
Edited to add:
When running interactively, this script (running under cscript or wscript) successfully creates the Word.Application and extracts the username:
var wordobj = new ActiveXObject("Word.Application");
WScript.echo(wordobj.UserName);
wordobj.quit();
Clearly not a duplicate of Error creating Word object in classic ASP on IIS7 as we are getting the error on the CreateObject for Word.Application rather than when opening a document.
The server is Windows 2008 x86.
What have I missed in configuring this?
Best Answer
After burning a support incident from our MSDN subscription, this is what we found:
On IIS7, you must configure the process identity in both the AppPool and the application's Anonymous Authentication. If you are running mixed ASP and ASP.NET, you can configure Anonymous Authentication (in the site's Authentication details) to point to the AppPool's identity, or use a specific username/password combination.
The default of Anonymous Authentication is IUSR, not the Application Pool identity.
If anyone knows the proper invocation of appcmd.exe to set the application pool identity passthrough, it'd be great in a comment.... though our script could simply use the same username/password combination here, it'd be better to reduce the number of locations in which it is stored by one.