Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. BUG: "Access is denied" Error Message When Making HTTPS Requests with ServerXMLHTTP

BUG: "Access is denied" Error Message When Making HTTPS Requests with ServerXMLHTTP

Symptoms

When you make HTTPS requests between Web servers by using the ServerXMLHTTP request object, you may receive the following error message:
"Access is denied" -2147024891 (80070005)

↑ Back to the top

Cause

Secure Sockets Layer (SSL) certificate support was added to the ServerXMLHTTP request object with the release of MSXML version 3.0 Service Pack 1. To make any SSL requests from the Web server, ServerXMLHTTP expects a client digital certificate to be installed, even if the target Web server does not require a client certificate.

↑ Back to the top

Resolution

To work around this problem, do one of the following:

  • Run the Active Server Pages (ASP) application in Microsoft Internet Information Server (IIS) and set the application protection level to Low (IIS Process).
  • If the ASP application is configured as out-of-process and the application protection level is set to Medium (Pooled) or High (Isolation), install a client certificate under the MY store of the IWAM_machinename user account.For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

    301429 HOWTO: Install Client Certificate on IIS Server for ServerXMLHTTP Request Object

↑ Back to the top

Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

This bug has been fixed in the MSXML 3.0 SP2 release. This can be downloaded from the following URL:
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

308480 How to obtain the latest Microsoft XML 3.0 service pack

↑ Back to the top

More Information

If the client certificate is not properly installed, you may receive the following error message along with the main error message:
msxml3.dll (0x80072F0C) A certificate is required to complete client authentication

Steps to Reproduce Behavior

The test requires two Web servers, ServerA and ServerB. One server is a target Web server with a valid SSL server certificate installed, and the other is a client Web server.
  1. Install a valid SSL server certificate on ServerA.
  2. On ServerA, save the following code as Targetpage.asp:
    <%@ Language="JScript" %>
    <%
    Response.Buffer=true ;


    var oxmldom = Server.CreateObject("MSXML2.DOMDocument.3.0");
    oxmldom.async=false;

    oxmldom.loadXML("<msg><id>TargetPage</id></msg>");
    Response.Write(oxmldom.xml);
    %>
  3. Save the following code as Client.asp on ServerB, and make sure that ServerB is set with Medium or High application protection.
    <%@ Language="JScript" %>
    <%
    try
    {
    var Req = Server.CreateObject("Msxml2.ServerXMLHTTP.3.0");
    var xmlDoc = Server.CreateObject("Msxml2.DOMDocument.3.0");

    xmlDoc.async = false;
    xmlDoc.loadXML("<msg><id>1</id></msg>");

    var URL = "https://targetserver/targetpage.asp";
    Req.open("POST", URL, false);
    Req.send(xmlDoc);

    Response.Write("<BR>Status = " + Req.status);
    Response.Write("<BR>responseText = " + Req.responseText);
    }
    catch( e )
    {
    Response.Write( "Exception!!<BR>");
    Response.Write(e.number + "<BR>");
    Response.Write(e.description + "<BR>");
    }
    %>
  4. In Microsoft Internet Explorer, run the ASP page (http://ServerB/client.asp).

↑ Back to the top

Keywords: kbbug, kb

↑ Back to the top

Article Info
Article ID : 302080
Revision : 3
Created on : 4/18/2018
Published on : 4/19/2018
Exists online : False
Views : 620