March 28, 2006 - 10:37 UTC - Tags: authorization azman AD LDS
When using AzMan (authorization manager) from .NET, you may get some confusing error messsages due to the fact that the DLLs are using COM. I'll try to update this post with new error messages when I run into them, but for now:
File not found (80070002)
This error message can appear in both the azman.msc or in your running code. It may be caused by an erronous msldap-uri, but actually also appears if you don't have access to the azman container in ADAM. To remedy the last cause, you need to add the user running your applicaiton to one of the roles/groups in ADAM or the azman.msc.
One could argue that the "file not found" (80070002) message is better than an "access denied" message (80070005), as the "file not found" message does not leak information about the existence of an azman-store, but I personally think these error messages should be fixed.
COM error 80040154
The full error message is "Parser Error Message: Retrieving the COM class factory for component with CLSID {B2BCFF59-A757-4B0B-A1BC-EA69981DA69E} failed due to the following error: 80040154". This message appears because .NET cannot find the azman COM objects. The remedy seems to be:
Also take a look at Step 1 here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000019.asp
File not found (80070002)
This error message can appear in both the azman.msc or in your running code. It may be caused by an erronous msldap-uri, but actually also appears if you don't have access to the azman container in ADAM. To remedy the last cause, you need to add the user running your applicaiton to one of the roles/groups in ADAM or the azman.msc.
One could argue that the "file not found" (80070002) message is better than an "access denied" message (80070005), as the "file not found" message does not leak information about the existence of an azman-store, but I personally think these error messages should be fixed.
COM error 80040154
The full error message is "Parser Error Message: Retrieving the COM class factory for component with CLSID {B2BCFF59-A757-4B0B-A1BC-EA69981DA69E} failed due to the following error: 80040154". This message appears because .NET cannot find the azman COM objects. The remedy seems to be:
- Copy azroles.dll into %WINDIR%\System32\
- Run "regsvr32 azroles.dll" in the system32-folder
- Optionally you need to add the Microsoft.Interop.Azroles.dll to you assembly repository. Do this by using gac.exe which comes with the .NET-framework
Also take a look at Step 1 here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000019.asp
December 8, 2006 - 17:17 UTC
Cesar
Hi, good explanation about the "file not found" message, thanks for posting it. I have a question...I`m getting 80070002 error message (I`m using Windows XP Pro SP2), I added user "A" and "B" to the adam readers group. If I run the application as user "A" it works fine, but if I run the application with user "B" I got the 80070002 error. The only difference between user A and B is that when I installed ADAM I was logged in as user A. I used the AzMan Console and the ADAM ADSI Editor to add both users to the readers group. Is there something else I should do?.
December 15, 2006 - 21:41 UTC
Somebody from Microsoft Support just told me that ADAM is not supported in Windows XP as a production Platform, just for administration and development (local computer access only). :-(
December 16, 2006 - 12:51 UTC
Re:
That is probably true, and what I have described in my blog regarding Windows XP has been for development only.
About Erlend
Security guy with some thoughts on secure development.
Tag cloud
Categories
Blogroll
