Solving the UnauthorizedAccessException When Calling ServerManager.OpenRemote

The Microsoft.Web.Administration library is a wonderful thing (Nuget package here). Instead of the old ways of using ADSI or WScript objects to manage IIS through code, the Microsoft.Web.Administration library provides a much better and more modern API to do such things.

Typical Usage

Usually the first thing you do when using Microsoft.Web.Administration is to create a ServerManager object, at which point you can then get the list of IIS sites, application pools, make changes, etc. And how you would normally do that is by passing the server name to the OpenRemote() static factory method on the ServerManager class, as such:

The Inherent Problem: Can’t Set Credentials

This works all well and good when you have full access to the server with the appropriate permissions. But there is one major flaw with the Microsoft.Web.Administration library: there is no way to set credentials when creating a ServerManager object.

For example, I recently tried to use the above code to connect to an IIS server running on an EC2 instance in Amazon’s AWS environment. In doing so I received the following error message:

“System.UnauthorizedAccessException – Retrieving the COM class factory for remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344} from machine […] failed due to the following error: 80070005 […].”

applicationHost.config to the Rescue

Much searching uncovered a few articles and Stack Overflow posts with similar problems, but nothing that would actually resolve the issue. However, there is another way to create a ServerManager object – by invoking one of its overloaded constructors, in particular the one that takes in a path to the IIS server’s applicationHost.config file.

You see, the applicationHost.config file contains all the IIS settings for a server. Passing in the path to this file when creating a new ServerManager object tells the Microsoft.Web.Administration library all it needs to know, and as long as you have connectivity (ports, permissions, etc) to the IIS server’s file system, you should be good to go.

The applicationHost.config file is located in the C:\Windows\System32\inetsrv\config directory. So instead of using ServerManager.OpenRemote(serverName) as shown above, you can do this:

Hopefully this will save someone a lot of time and frustration :-)

Featured Image: Some rights reserved by the justified sinner

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *