FIX: Error message when you use the OpenRemote method to administer Web servers remotely in an IIS 7.0 shared configuration environment: "Cannot write configuration file due to insufficient permissions"

Article translations Article translations
Article ID: 970691 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Issue 1

Consider the following scenario:
  • In a shared hosting environment, you have one or more provisioning servers and one or more Internet Information Services (IIS) 7.0 Web servers. The provisioning servers are independent from the Web servers.
  • You enable shared configuration on the Web servers.

    Note The configuration files are located on a network share server.
  • You use the OpenRemote method to administer Web servers remotely over the network. This method is provided by the Microsoft.Web.Administration (MWA) API.

    Note For more information about the OpenRemote method, refer to the "More information" section.
In this scenario, the remote administration operation fails. Additionally, when you use the OpenRemote method, you receive the following error message:
Error: Cannot write configuration file due to insufficient permissions

Issue 2

You experience poor performance when you use the OpenRemote method.

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Installation notes

  • To administer Web servers remotely by using the OpenRemote method, you must have write permissions for the shared configuration files on the network share server. Additionally, if a shared configuration is enabled, configure the IIS Web servers to be trusted for delegation after you apply this hotfix.
  • Refer to the "More information" section for more information about how to configure a computer to be trusted for delegation.

Prerequisites

You must have Internet Information Services (IIS) 7.0 installed to apply this hotfix. To apply this hotfix, your computer must be running one of the following operating systems:
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)

Restart requirement

You must restart your computer if IIS 7.0 is running when you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Microsoft.web.administration.dll6.0.6001.22481131,07227-Jul-200916:55x86
Microsoft.web.administration.dll6.0.6002.22184131,07227-Jul-200915:59x86

For all supported x64-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Microsoft.web.administration.dll6.0.6001.22481131,07227-Jul-200916:40x86
Microsoft.web.administration.dll6.0.6002.22184131,07227-Jul-200916:06x86

For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Microsoft.web.administration.dll6.0.6001.22481131,07227-Jul-200916:40x86
Microsoft.web.administration.dll6.0.6002.22184131,07227-Jul-200916:06x86

WORKAROUND

To work around Issue 1 described in the "Symptoms" section, change the DCOM configuration for the ahadmin DCOM object by using a specified account before you call the OpenRemote method. To do this, follow these steps:
  1. Open the Component Services in Administrative Tools on one of the Web servers.
  2. Browse to DCOM Config, and then locate ahadmin
  3. Right-click ahadmin to open the properties page, click the Identity tab, select the This User option, and specify a user account that has the following permissions:
    • Write permissions for the shared configuration files on the network share server.
    • Read permissions for the Redirection.config file that is stored in system32\inetsrv\config.
    Note You must be a member of the local administrators group to decrypt the data in the Redirection.config file.
Note There is a known issue in Issue 2 described in the "Symptoms" section. You may experience poor performance if you use this workaround together with the OpenRemote method. We recommend that you apply the hotfix described in this Knowledge Base (KB) article and not change the DCOM configuration.

MORE INFORMATION

You experience Issue 1 that is described in the "Symptoms" section only when there is a write operation to the shared configuration file. For example, you experience the issue when you call the OpenRemote method, and then you create a site by using the MWA API. You can use the OpenRemote method to read data from the shared configuration file. However, when you do this, you may experience Issue 2 that is described in the "Symptoms" section. In this scenario, we recommend that you apply this hotfix to improve the performance.

Notes: For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 970691 - Last Review: October 7, 2011 - Revision: 2.0
APPLIES TO
  • Microsoft Internet Information Services 7.0
Keywords: 
kbautohotfix kbexpertiseadvanced kbsurveynew kbqfe KB970691

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com