Unable to access IIsCertMapper object through ADSI

Unable to access IIsCertMapper object through ADSI

  • Comments 7

Today, I was working on an issue where we were trying to add mapping for client certificate for a windows account using ADSI and VBScript. Something similar as below:

<%
  Dim CertObj, vCert
  vCert = Request.ClientCertificate("CERTIFICATE")
  Set CertObj = GetObject("IIS://<path>/IIsCertMapper")
  CertObj.CreateMapping vCert, "MYACCT", "MYPASS", "My Name", True
%>

where path is in the format: "<IISServerName>/W3SVC/<Identifier>"
However, script was failing on the 3rd line,

Set CertObj = GetObject("IIS://<path>/IIsCertMapper")

We get “Path not found error”, 80070003. Now this is an expected behavior if this object type is not found in the IIS's metabase. You can search for the above in metabase.xml file. Ideally this should have been there, but since we did not have this, to make it work we had to manually create this for a website in question.

You can try this to have the necessary object type:

> cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"     

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

created "w3svc/1/IIsCertMapper"

>

Here 1 is the identifier for the website in question and "IIsCertMapper" is the Object type.

Once done, try restarting IIS services as like (IISRESET from the cmd prompt).

Open the metabase.xml and now we should see an entry as below:

<IIsCertMapper    Location ="/LM/W3SVC/1/IIsCertMapper"
    >
</IIsCertMapper>

Once this entry was created in the metabase.xml we should be able to access this object via ADSI script. This is not only applicable to a specific object type like IIsCertMapper but any other object type associated with IIS.

Hope this helps someone, somewhere, somehow ;-)

Leave a Comment
  • Please add 5 and 6 and type the answer here:
  • Post
  • I tried your method to create the IIsCertMapper object Type but get:

    Microsoft (R) Windows Script Host Version 5.6

    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

    ErrNumber: -2147463153 (0x8000500F)

    Error creating the object: "w3svc/1/IIsCertMapper"

    Any ideas? Thanks.

  • Hi Mark,

    The error you get is this:

    C:\>err 0x8000500F

    # for hex 0x8000500f / decimal -2147463153

     E_ADS_SCHEMA_VIOLATION

    # The attempted action violates the DS schema rules.

    Can you type in the exact complete command that you tried which failed with the above error?

    Thanks.

  • cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"

  • Looks strange as to why it should throw this error.

    What version of IIS are you checking in, i tried with both IIS 5/6 without luck. I suggest you may want to manually add the entry like this after stopping the IISADMIN service.

    <IIsCertMapper Location ="/LM/W3SVC/1354220969/IIsCertMapper"

    >

    </IIsCertMapper>

    Is there a way you can share the metabase.xml file with me. Just send me the password encrypted metabase.xml (if this is IIS6.0) at xxxxxx@xxxx.xxx

  • I am using IIS version 6. I manually added a line to the metabase.xml file. Still unable to use mapping.  I will email the file to you. However your email address is x'd out.

    Thanks.

  • I'm having the same issue 2k3 SP2 32bit.  default IIS install.

    ErrNumber: -2147463153 (0x8000500F)

    Error creating the object: W3SVC/2046548428/Root/AccessPlatform/IIsCertMapper

    I wish to configure many-to-one certificate maping in a scripted install.

  • Hi Dan,

    *Ensure* that the identifier for the web site is same as below in the command:

    W3SVC/<Site Identifier>/root/IIsCertMapper

    where <Site Identifier> is the site identifier for your web site.

Page 1 of 1 (7 items)