03 April 2008

Unable to access IIsCertMapper object through ADSI

Today, I was working on an issue where we were trying to add mapping for client certificate for a windows account using ADSI and VBScript. Something similar as below:

<%
  Dim CertObj, vCert
  vCert = Request.ClientCertificate("CERTIFICATE")
  Set CertObj = GetObject("IIS://<path>/IIsCertMapper")
  CertObj.CreateMapping vCert, "MYACCT", "MYPASS", "My Name", True
%>

where path is in the format: "<IISServerName>/W3SVC/<Identifier>"
However, script was failing on the 3rd line,

Set CertObj = GetObject("IIS://<path>/IIsCertMapper")

We get “Path not found error”, 80070003. Now this is an expected behavior if this object type is not found in the IIS's metabase. You can search for the above in metabase.xml file. Ideally this should have been there, but since we did not have this, to make it work we had to manually create this for a website in question.

You can try this to have the necessary object type:

> cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"     

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

created "w3svc/1/IIsCertMapper"

>

Here 1 is the identifier for the website in question and "IIsCertMapper" is the Object type.

Once done, try restarting IIS services as like (IISRESET from the cmd prompt).

Open the metabase.xml and now we should see an entry as below:

<IIsCertMapper    Location ="/LM/W3SVC/1/IIsCertMapper"
    >
</IIsCertMapper>

Once this entry was created in the metabase.xml we should be able to access this object via ADSI script. This is not only applicable to a specific object type like IIsCertMapper but any other object type associated with IIS.

Hope this helps someone, somewhere, somehow ;-)

Filed under: , ,
 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Mark Blauvelt said:

I tried your method to create the IIsCertMapper object Type but get:

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

ErrNumber: -2147463153 (0x8000500F)

Error creating the object: "w3svc/1/IIsCertMapper"

Any ideas? Thanks.

28 July 08 at 6:18 PM
# Saurabh Singh said:

Hi Mark,

The error you get is this:

C:\>err 0x8000500F

# for hex 0x8000500f / decimal -2147463153

 E_ADS_SCHEMA_VIOLATION

# The attempted action violates the DS schema rules.

Can you type in the exact complete command that you tried which failed with the above error?

Thanks.

28 July 08 at 6:46 PM
# MarkBl said:

cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"

28 July 08 at 6:48 PM
# Saurabh Singh said:

Looks strange as to why it should throw this error.

What version of IIS are you checking in, i tried with both IIS 5/6 without luck. I suggest you may want to manually add the entry like this after stopping the IISADMIN service.

<IIsCertMapper Location ="/LM/W3SVC/1354220969/IIsCertMapper"

>

</IIsCertMapper>

Is there a way you can share the metabase.xml file with me. Just send me the password encrypted metabase.xml (if this is IIS6.0) at xxxxxx@xxxx.xxx

28 July 08 at 7:13 PM
# MarkBl said:

I am using IIS version 6. I manually added a line to the metabase.xml file. Still unable to use mapping.  I will email the file to you. However your email address is x'd out.

Thanks.

29 July 08 at 6:48 PM
# Dan Kaminski said:

I'm having the same issue 2k3 SP2 32bit.  default IIS install.

ErrNumber: -2147463153 (0x8000500F)

Error creating the object: W3SVC/2046548428/Root/AccessPlatform/IIsCertMapper

I wish to configure many-to-one certificate maping in a scripted install.

31 October 08 at 7:34 PM
# Saurabh Singh said:

Hi Dan,

*Ensure* that the identifier for the web site is same as below in the command:

W3SVC/<Site Identifier>/root/IIsCertMapper

where <Site Identifier> is the site identifier for your web site.

31 October 08 at 7:46 PM

Leave a Comment

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

(required) 
(optional)
(required) 

  
Enter Code Here: Required

About Saurabh Singh

I am a Support Escalation Engineer with Microsoft GTSC, India. I have been supporting IIS and ASP.Net. I am a Computer Engineer (B.E.), did my graduation from one of the premier Engineering institutes in India. I have been working in the IT field for over 6 years now.
Page view tracker