DOCUMENT:Q282189 15-AUG-2002 [iis] TITLE :ASP Error When Calling OOP Component with Delegation Security PRODUCT :Internet Information Server PROD/VER::5.0 OPER/SYS: KEYWORDS:kbCOMIS kbWin2000sp3fix ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server version 5.0 ------------------------------------------------------------------------------- SYMPTOMS ======== If the Web site application has been configured for Delegation security in the Component Services management tool, and the Web site is configured for Basic authentication, you may receive the following error message when you try to call or create an out-of-process component that is on the same computer as Internet Information Server (IIS): Error Type: Server object, ASP 0177 (0x800706D5) 800706d5 /page.asp, line 3 NOTE: Error 0x800706D5 is "The security context is invalid". CAUSE ===== The user token that is generated from Basic authentication has the SecurityImpersonation impersonation level instead of the SecurityDelegation impersonation level. WORKAROUND ========== Use Integrated Security (using Kerberos). RESOLUTION ========== To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: Q260910 How to Obtain the Latest Windows 2000 Service Pack The English version of this fix should have the following file attributes or later: Date Time Version Size File name ----------------------------------------------------------------- 5/31/2001 03:31p 5.0.2195.3649 332,560 Asp.dll 5/31/2001 03:31p 5.0.2195.3649 13,584 Infoadmn.dll 5/31/2001 03:31p 5.0.2195.3649 245,520 Infocomm.dll 5/31/2001 03:31p 5.0.2195.3649 62,736 Isatq.dll 5/31/2001 03:32p 5.0.2195.3649 7,440 W3ctrs.dll STATUS ====== Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3. MORE INFORMATION ================ This fix corrects this problem by using the DuplicateTokenEx function to modify the token's impersonation level to SecurityDelegation. Additional query words: kbIISCom ====================================================================== Keywords : kbCOMIS kbWin2000sp3fix Technology : kbiisSearch kbiis500 Version : :5.0 Hardware : ALPHA x86 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.