PRB: RDS Handler Error Messages Due to Security Settings

ID: Q243245

The information in this article applies to:
  • Remote Data Service for ADO versions 2.0, 2.1

SYMPTOMS

When using Remote Data Services (RDS) to request an ActiveX Data Objects (ADO) Recordset either through a DataFactory object or through the Microsoft Remote Provider, you may get one of the following error messages:

A Handler is required and one was not specified.
-or-
The specified Handler has been denied access.
The HRESULT is 0x80070005.


CAUSE

This problem occurs if:

  • RDS is enabled on your Web server.


    • -and-
  • The standard or custom RDS handler cannot be loaded.


    • -or-
  • The RDS handler does not allow running the client's query.



RESOLUTION

Following is a list of items to check:

Check RDS Handler Securities for the Server

Beginning with Microsoft Data Access Components (MDAC) 2.0, security features were added to Remote Data Service (RDS) that prevent malicious use of RDS on an IIS computer.

NOTE: If you install MDAC version 2.1 on an MDAC version 2.0 computer, the security features are not enabled to avoid breaking existing RDS applications. If you are installing MDAC 2.1 on a "clean" computer, then new RDS security features are enabled.

As a result of the new RDS security features, you must specify an RDS handler when using the DataFactory. A handler is required by default. For more information about RDS handlers, please see the following article:
Using the Customization Handler Feature in RDS 2.0
Following are the choices for using the RDS DataFactory:
  • Use the default DataFactory handler installed with MDAC. You must configure the Msdfmap.ini file to allow your queries.


  • You can write and use your own custom handler for DataFactory. You must register your own custom handler in the "safe handlers" list in the registry.


  • You can run DataFactory in "unrestricted" mode by setting the "handler required" key to 0 (zero). You can do this easily through the Handunsf.reg file in your \Program Files\Common Files\System\MSADC folder. To avoid security risks, this should only be done if your intranet Web server is behind a firewall.


The following security bulletin contains information about the new RDS security features:
Microsoft Security Bulletin (MS99-025)

Check Anonymous User Account Permissions to the Handler Directory

Because Remote Data Service is installed in the C:\Program Files\Common Files\System\MSADC folder, check that the Anonymous user from the IIS Service Manager can access this directory (it should have both Read and Execute access). Also, if you are not using the default virtual directory of IIS or if you have the Run in Separate Memory Space check box selected in the default directory's properties, the RDS client may not have access to the RDS directory. For additional information on how to fix this, click the article number below to view the article in the Microsoft Knowledge Base:
Q184606 HOWTO: Use RDS From an IIS 4.0 Virtual Server


STATUS

This behavior is by design.


REFERENCES

Microsoft Security Bulletin (MS99-025)

Additional query words:

Keywords : kbDatabase kbRDS kbGrpVCDB kbGrpMDAC
Version : WINDOWS:2.0,2.1
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: October 22, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.