Knowledgebase: SSL
Access Denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

 

 

Cause:

This error occurs if the server administrator does not have permissions to the local security policy on Microsoft Windows 2008 server.

Solution:

Although the error occurs during installation, the certificate might still install successfully. Check the bindings to see if the new certificate is available to be assigned. If the SSL certificate is not in available in the bindings list then proceed with the below instructions to set the appropriate permissions.

To bind the certificate to the web site, perform the following steps:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your Server Name > Sites > Your SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add
  5. From the Add Site Bindings window, provide the binding type as HTTPS
  6. Select the SSL certificate that will be used for this site
  7. Click OK
  8. Test the if the site is secure by using HTTPS

Step 1: Applying the permissions to the local security policy

Local Security Policies

  1. Start -> Control Panel -> Administrative Tools -> Local Security Policy
  2. Navigate to Security\Local Policies\Security Option 
    • DCOM: Machine Access Restrictions - Add Anonymous, Everyone, Interactive, Network, System with full rights options set.
    • Network Access: Let everyone permissions apply to anonymous users - Set to Enabled
    • Network Access: Sharing security model for local accounts - Set to Classic

DCOM Configuration

  1. Click Start -> Run
  2. Enter DCOMCNFG and press OK. This will open the DCOMCNFG window.
  3. Browse down the tree to Console Root -> Component Services -> Computers -> My Computer
  4. Right click on "My Computer" and select properties
  5. Select the "Default Properties" tab
    • Enable Distributed COM on this computer - Option is checked
    • Default Authentication Level - Set to Connect
    • Default Impersonation Level - Set to Identify
  6. Select the "COM Security" tab
  7. Click on "Access Permissions" Edit Default
    • Add "Anonymous", "Everyone", "Interactive", "Network", "System" with Local and Remote access permissions set.
  8. Click "Launch and Activation Permissions" Edit Default
  9. Click OK
  10. Close the DCOMCNFG window

Step 2: Install the SSL certificate without using IIS 7

The following solution describes how to resolve the permissions issue using a workaround of installing the certificate without using the Complete Certificate Request feature IIS 7.

  1. Right click on the certificate file
  2. Select Install Certificate
  3. The Certificate Import Wizard will open, select Next
  4. Select Place all certificates in the following store > Browse > Personal > OK

Once the certificate is imported, bind the HTTPS protocol to a Web Site in IIS 7 and assign the installed certificate by following these steps:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to the server name > Sites > the SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add
  5. From the Add Site Bindings window, provide the binding type
  6. Select the SSL certificate that will be used for this site
  7. Click OK

 

(1631 vote(s))
Helpful
Not helpful
Comments (0)