Permission denied: 'CreateObject' 2

[kev05]

hi all,

i'm getting the below error message:

Error Type:
Microsoft VBScript runtime (0x800A0046)
Permission denied: 'CreateObject'
/dump2.asp, line 22


my code is:

<html>
<head>
<title>test</title>
<%
Sub LaunchApp

Dim qtApp
Dim qtTest
Dim qtResultsOpt

Set qtApp = CreateObject("QuickTest.Application")
qtApp.Launch
qtApp.Visible = True

End Sub
%>

</head>
<body>
<%Call LaunchApp%>
</body>
</html>


Any ideas why I'm getting the permission issue?

I tried the below in a vbs file and it manages to open the wanted application:

Dim qtApp
Dim qtTest
Dim qtResultsOpt
Set qtApp = CreateObject("QuickTest.Application")
qtApp.Launch
qtApp.Visible = True


So why doesn't it work when I put the vbs code into asp?
Which permission do i need to check?

looking forward to hearing from someone,
thanks in advance,
kev

 

[theniteowl]

When you ran this on your own machine you got the app to open right? That may be because the app was installed on your machine and launching locally rather than actually running from the server.

Can you trim your code to just opening the app without executing the test or outputting a file to simplify it and see if it makes that critical first step?
Doing this from a machine the app is not installed on of course.
And to eliminate concerns over rights you can log into the machine under your own ID. It's the best test to narrow down rights and application issues.

You said you could test before with a VBS file. Try that file on this other persons PC as well and see if it works from there.


Paranoid? ME?? WHO WANTS TO KNOW????

 

[kev05]

Hi theniteowl,

-Yes, when i ran the script on my machine itself, i got the app to launch. It seems to be because I already have the software installed.

- i have as u said trimmed the code so that I just open the application and it seems that I can't launch qtp on the remote quicktest machine server if i don't have quicktest installed on the client. i have also tried the same test with excel and got the same result.

Any ideas on that?
thanks again so much,
kev

 

[theniteowl]

I'm not familiar with QuickTest. Most apps only run relative to their installed environment and need access to their registry entries and various files installed on the system and so do not run remotely.
If QuickTest is specifically designed to allow it to execute remotely from a machine that does not have an installation for it then it's just permissions problems you are running into.

Let me ask you this though. Does the app have to operate visibly? Can you launch an instance of the application passing a command line value to tell it which test to run and where to send the output and have it run without manul intervention?

If it will work that way then you can launch a server-side instance of the app through a shell object and echo any text responses back to your application screen.

Here is a sample code I found somewhere that uses a shell object to execute a ping from command line and echo it back to the web page.

<% 
  Response.Buffer = true

    url = "[URL unfurl="true"]www.espn.com"[/URL] 
 
    Set objWShell = CreateObject("WScript.Shell") 
    Set objCmd = objWShell.Exec("ping " & url) 
    strPResult = objCmd.StdOut.Readall() 
    set objCmd = nothing: Set objWShell = nothing 
 
    strStatus = "offline" 
    if InStr(strPResult,"TTL=")>0 then strStatus = "online" 
 
    response.write url & " is " & strStatus 
    response.write ".<br>" & replace(strPResult,vbCrLf,"<br>") 
%>

Paranoid? ME?? WHO WANTS TO KNOW????

 

[damber]

niteowl - for your perseverence if nothing else you deserve a star.. so here you go!


A smile is worth a thousand kind words. So smile, it's easy!

 

[theniteowl]

Thanks damber.
I am beginning to think I will have to research QuickTest to see what it can do.


Paranoid? ME?? WHO WANTS TO KNOW????

 

[kev05]

hehe! true, thanks so much niteowl - i have given you a 2sd star.

Thanks for all. I will now investigate whether I can run quicktest from the command line.

Anyway, i will keep u guys updated,

thanks again,
kev

 

[kev05]

hi the niteowl,

i threw this issue to mercury support and they also have the same issue. However, they said they did manage to make it work using W2K machines - so it seems that XP SP2 has added security features such as re-enforcing permissions, which is preventing us to run the automated test script remotely.

Any ideas which specific XP SP2 permission feature could cause this to happen?

thanks again,
kev

 

[theniteowl]

Possibly heightened security settings in the IE6 browser that comes with XP, what are you using on the W2K machine?
Gone up to IE6 or still using 5.5?

Check your settings for executing ActiveX in the browser.
See if you can get full admin rights to an XP box for testing to eliminate folder security issues.
In my company all PCs are locked down to varying degrees based on the logon ID. Many people are not able to write to most folders on the computer and some applications choke because they maintain a log or INI file in a folder the client does not have write or create permissions in.
It is possible your W2K environment does not have as restrictive permissions set as the XP implementation.


Paranoid? ME?? WHO WANTS TO KNOW????

 

[kev05]

Hi niteowl,

good news!

I have have been able to fix the issue. Please find below in between the asterics the solution. It was basically DCOM settings.

As you have suggested, I am using an HTA file, which is working fine.

As it works fine with an hta application, I will try to implement using 'asp' now. Hope it will work...

Anyway, thanks so much for ur help,

please find below the DCOM settings that made it working.

thanks again,
Kev



***********************************************************
Part I:

Add both machines into the same domain. For the domain users logged into both machines, add these domain users to the Local Administrators group on the QTP machine. This is required for Windows to authenticate the remote user executing the tests against the DCOM objects.

Part II:

On the Testing Tool client machine configure Windows Firewall to allow Port 135 for DCOM:

1. Select Start -> Control Panel -> Windows Firewall.

2. Navigate to the Exceptions tab.

3. Configure the Remote Agent to be allowed under "Programs and Services." Configuration should be done for QTP as given below:

QuickTest Professional Remote Agent (path: <System Drive>:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe)

4. Click on <Add Port> and add the DCOM TCP port 135 to the Exceptions list. The list of "Port Assignments for Commonly-Used Services" is provided in the URL below:

<

http://www.microsoft.com/resources/...0/server/reskit/en-us/cnet/cnfc_por_SIMW.asp>

Part III: (NOT ALL STEPS HAVE BEEN COMPLETED, SOME EXTRA USERS)

Modify DCOM Security Properties:

1. Select Start -> Run and enter dcomcnfg.

2. Navigate to Console Root -> Component Services -> Computers -> My Computer.

Note: If Windows Security Alert dialog window appears, click on <Ask me later> or <Unblock>.

3. Right-click on My Computers and select "Properties."

4. Navigate to the Default Properties tab.

5. Make sure the Default Impersonation Level is "Identify."

6. Click <Apply>.

7. Navigate to the Defualt COM Security tab.

8. Under Access Permissions, click on <Edit Limits>. The Access Permission dialog window appears.

9. Click on <Add>. The Select Users or Groups dialog windows appear.

10. Click on <Advanced>.

11. Click on <Find Now>.

12. Add the following groups and users from the local machine

Administrator

Administrators

Authenticated User

Anonymous Logon

Everyone

Interactive

Network

System

13. Click <OK>.

14. Add the following groups and users from the domain:

<tdomain user logged into the QTP box>

<domain user logged into the other machine running the VBS>

15. Click <OK>.

16. Give "Local Access" and "Remote Access" permissions to the groups and users.

17. Click <OK>.

18. Under Access Permissions, repeat steps 9-17 for <Edit Default>.

19. Under Launch and Activation Permissions, click on <Edit Limits>. The Launch Permission dialog window appears.

20. Repeat steps 9-15.

21. Enable "Local Launch," "Remote Launch," "Local Activation," and "Remote Activation" permissions to the groups and users.

22. Click <OK>.

23. Repeat steps 20-22 for <Edit Default>.

Part IV: (for QTP only)

1. While still in the Component Services window, navigate to Console Root -> Component Services -> Computers -> My Computer -> DCOM Config.

2. Look for the following.

AQTRmtAgent

QuickTest Professional Automation

TlpRmtServer

3. For each of these DCOM applications, right click and select <Properties>.

4. Under the Identity tab, select <The Interactive User>. This will allow the DCOM application to authenticate the process against the logged in Windows user and run the process in that security context.

5. Next, go to the Security tab.

6. For both the <Launch and Activation Permissions> and <Access Permissions>, select <Use Default>. This will use the Default security settings as we did in Part III.

7. Click Apply, then OK to commit the changes.

***********************************************************

 

[theniteowl]

Excellent!

It looks like the primary issues were just related to restrictions in the XP firewall?

The instructions show opening security wide open.
I suspect those instructions are just to make sure that it works under the widest possible circumstances. You can probably trim much of that out with a bit of testing so that you can keep it restricted to just specific people if needed.

Final security can always be controlled at the server level where the application resides regardless of what security settings are on the end-user PC.

For running from ASP, are you trying to use server.createobject? That will involve the IUSR account for permissions. Using creatobject on the client-side should use the clients permissions but will trigger ActiveX warnings.

Glad it's working for you.


Paranoid? ME?? WHO WANTS TO KNOW????