PRB: RDS Handler Error Messages Due to Security Settings (243245)


The information in this article applies to:

  • Remote Data Service for ADO 2.0
  • Remote Data Service for ADO 2.1
  • Remote Data Service for ADO 2.5
  • Remote Data Service for ADO 2.6
This article was previously published under Q243245

SYMPTOMS

When using Remote Data Services (RDS) to request an ActiveX Data Objects (ADO) Recordset either through a DataFactory object or through the Microsoft Remote Provider, you may get one of the following error messages:
A Handler is required and one was not specified.

-or-

The specified Handler has been denied access.
The HRESULT is 0x80070005.

CAUSE

This problem occurs if:
  • RDS is enabled on your Web server.

    -and-

  • The standard or custom RDS handler cannot be loaded.

    -or-

  • The RDS handler does not allow running the client's query.

RESOLUTION

Following is a list of items to check:

Check RDS Handler Securities for the Server

Beginning with Microsoft Data Access Components (MDAC) 2.0, security features were added to Remote Data Service (RDS) that prevent malicious use of RDS on an IIS computer.

NOTE: If you install MDAC version 2.1 on an MDAC version 2.0 computer, the security features are not enabled to avoid breaking existing RDS applications. If you are installing MDAC 2.1 on a "clean" computer, then new RDS security features are enabled.

As a result of the new RDS security features, you must specify an RDS handler when using the DataFactory. A handler is required by default. For more information about RDS handlers, please see the following article:

Using the Customization Handler Feature in RDS 2.0

Following are the choices for using the RDS DataFactory:
  • Use the default DataFactory handler installed with MDAC. You must configure the Msdfmap.ini file to allow your queries.
  • You can write and use your own custom handler for DataFactory. You must register your own custom handler in the "safe handlers" list in the registry.
  • You can run DataFactory in "unrestricted" mode by setting the "handler required" key to 0 (zero). You can do this easily through the Handunsf.reg file in your \Program Files\Common Files\System\MSADC folder. To avoid security risks, this should only be done if your intranet Web server is behind a firewall.
The following security bulletin contains information about the new RDS security features:

Microsoft Security Bulletin (MS99-025)

Check Anonymous User Account Permissions to the Handler Directory

Because Remote Data Service is installed in the C:\Program Files\Common Files\System\MSADC folder, check that the Anonymous user from the IIS Service Manager can access this directory (it should have both Read and Execute access). Also, if you are not using the default virtual directory of IIS or if you have the Run in Separate Memory Space check box selected in the default directory's properties, the RDS client may not have access to the RDS directory. For additional information on how to fix this, click the article number below to view the article in the Microsoft Knowledge Base:

184606 HOWTO: Use RDS From an IIS 4.0 Virtual Server

STATUS

This behavior is by design.

REFERENCES

Microsoft Security Bulletin (MS99-025)
Modification Type:MajorLast Reviewed:9/30/2003
Keywords:kbDatabase kbprb KB243245
©2003 Microsoft Corporation. All rights reserved.