How To Troubleshoot Run-time Error '70' in DCOM Applications (180384)


The information in this article applies to:

  • Microsoft Visual Basic Professional Edition for Windows 5.0
  • Microsoft Visual Basic Professional Edition for Windows 6.0
  • Microsoft Visual Basic Enterprise Edition for Windows 5.0
  • Microsoft Visual Basic Enterprise Edition for Windows 6.0
This article was previously published under Q180384

SUMMARY

Attempting to access a DCOM Server from a remote client application sometimes results in the following error:
Run-time error '70':
Permission Denied

This article describes the most common scenarios in which this error is raised.

MORE INFORMATION

Run-time error '70' is typically the result of a security or permissions issue. The following is a list of possible causes of run-time error 70 but is by no means a complete or definitive list.

DCOM Is Not Enabled

If the Server machine does not have DCOM enabled, client machines will receive run-time error 70 when attempting to access the server. This scenario applies to Windows 2000, Windows NT, Windows 95, Windows 98, and Windows Millennium Edition (Me) servers:
  1. On the Server machine, run DCOM Config (DCOMCNFG.EXE).
  2. Choose the Default Properties tab.
  3. Ensure that Enable Distributed COM on this computer is checked. This value is stored in the Windows Registry at the following location:

    HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

The Client User Does Not Have Sufficient Permissions

If the client user does not have the correct permissions, access to the DCOM Server can be denied. There are several steps to take in order to ensure your client has valid privileges.

If the Server is Windows 95, Windows 98, or Windows Me:
  1. Run DCOM Config.
  2. Select the DCOM Server application from the list of available applications.
  3. Select the Properties button, or double-click the DCOM Server application in the list.
  4. Test the server with "Default Access Permissions."

    If run-time error '70' still occurs, the default access permissions are restricting your user. If this is the case, then modify the Default Access Permissions from the Default Security tab in DCOM Config. Grant the client user access permissions.

    If run-time error '70' does not occur running with default access permissions, it is likely that the custom access permissions are restricting your client from accessing the DCOM Server. Choose custom access permissions and select the Edit button. Grant the client user access permissions.
If the Server is Windows NT or Windows 2000:
  1. Run DCOM Config.
  2. Select the DCOM Server application from the list of available applications.
  3. Select the Properties button, or double-click the DCOM Server application in the list.
  4. Test the server with "Default Access Permissions," "Default Launch Permissions," and "Custom Configuration Permissions."

    If run-time error '70' still occurs, it is likely that the default access permissions are restricting your user. If this is the case, modify the Default Access Permissions from the Default Security tab in DCOM Config.

    If run-time error '70' does not occur, it is likely that the custom access permissions are restricting your client from accessing the DCOM Server. Choose to use Custom access permissions and choose the Edit button. Grant the client user account access permissions, or grant a group the client user belongs to access permissions.
For more information regarding security groups on Windows NT see the table to follow.

There are several group accounts you will find when you configure users and groups on Windows NT and Windows 2000. The following list is a summary of who belongs to each group: 
Group                     Description
--------------------------------------------------------------------------
Interactive               Includes all users who log onto a Windows NT or
                          Windows 2000 system locally (at the console). It 
                          does not include users who connect to NT
                          resources across a network or are started as a 
                          server.

Network                   Includes all users who connect to Windows NT or
                          Windows 2000 resources across a network. It does 
                          not include those who connect through an 
                          interactive logon.

Creator/Owner             The Creator/Owner group is created for each
                          sharable resource in the Windows NT or
                          Windows 2000 system. Its membership is the set of 
                          users who either create a resource (such as a 
                          file) and who take ownership of them.

Everyone                  All users who access the system, whether locally,
                          remotely, or across the network.

System                    The local operating system.

The above list includes the group accounts which are intrinsic to Windows NT and Windows 2000 systems. Your particular network may include more groups from which you may choose. In order to determine the membership of each custom group account, you must contact your network administrator.

The DCOM Server Raises Events to the Client

If your DCOM server component raises events that are handled by the client application, you must configure DCOM security on the client computer to allow access, and you must configure DCOM security on the server computer. This allows the server to make callbacks to the client, so the event can be raised. If you do not configure DCOM security in this way, error 70 is generated whenever the client application calls the server. This results in an event being raised back to the client. If the server application does not raise events, you do not have to configure DCOM security on the client computers.

If the client computer is running Windows 95, Windows 98, or Windows Me, follow these steps:
  1. Run DCOM Config (DCOMCNFG.exe).
  2. Click the Default Security tab.
  3. Click the Edit Default button.
  4. Click the Add button.
  5. Click to select The World, and then click the Grant Access button to grant permissions.
  6. Click Ok to close the Add Access Permissions dialog box.
  7. Click Ok to close the Access Permissions dialog box.
  8. Click Ok to close the DCOM Config Properties dialog box.
  9. Test the application again.

    The client application successfully handles the event.

If the client computer is running Windows NT or Windows 2000, follow these steps:
  1. Run DCOM Config (DCOMCNFG.exe).
  2. Click the Default Security tab.
  3. Click the Edit Default button.
  4. Click the Add button.
  5. Click to select the Everyone account, and then click to select Allow Access in the Type of Access box.
  6. Click Ok.
  7. Click Ok again to close the Registry Values Permission dialog box.
  8. Click Ok to close the DCOM Config Properties dialog box.
  9. Test the application again.

    The client application successfully handles the event.

Attempting to Access DCOM Server Across Non-Trusted Domains

If your DCOM Server resides in one Windows NT or Windows 2000 domain, and your client logs on to a second Windows NT or Windows 2000 domain that is not "trusted" by the first, you will receive run-time error '70' when attempting to access the DCOM Server.

REFERENCES

For additional information, please see the following article in the Microsoft Knowledge Base:

176799 : INFO: Using DCOM Config (DCOMCNFG.EXE) on Windows NT

Modification Type:MinorLast Reviewed:9/21/2006
Keywords:kbDCOM kbhowto kbRegistry KB180384
©2004 Microsoft Corporation. All rights reserved.