Ask a Question

Error while completing certificate installation in Microsoft IIS 7 - Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Problem

 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)

Solution



This error occurs if the server administrator does not have permissions to the local security policy on Microsoft Windows 2008 server.  Although the error occurs during installation, the certificate might still install successfully. Check the bindings to see if the new certificate is available to be assigned. If the SSL certificate is not in available in the bindings list then proceed with the below instructions to set the appropriate permissions.

To bind the certificate to the appropriate web site, perform the following steps:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your [Server Name] > Sites > [site to be bound]
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add
  5. From the Add Site Bindings window, provide the binding type as HTTPS
  6. Select the SSL certificate that will be used for this site
  7. Click OK

Step 1:  Applying the permissions to the local security policy

Local Security Policies

  1. Start > Control Panel > Administrative Tools > Local Security Policy
  2. Navigate to Security\Local Policies\Security Option
    • DCOM: Machine Access Restrictions - Add Anonymous, Everyone, Interactive, Network, System with full rights options set.
    • Network Access: Let everyone permissions apply to anonymous users - Set to Enabled
    • Network Access: Sharing security model for local accounts - Set to Classic

DCOM Configuration

  1. Click Start -> Run
  2. Enter DCOMCNFG and press OK. This will open the DCOMCNFG window.
  3. Browse down the tree to Console Root > Component Services > Computers > My Computer
  4. Right click on My Computer and select Properties
  5.  Select the Default Properties tab
    • Enable Distributed COM on this computer - Option is checked
    • Default Authentication Level - Set to Connect
    • Default Impersonation Level - Set to Identify
  6. Select the COM Security tab
  7. Click on Access Permissions and edit Default
    • Add "Anonymous", "Everyone", "Interactive", "Network", "System" with Local and Remote access permissions set.
  8. Click Launch and Activation Permissions and edit Default
  9. Click OK
  10. Close the DCOMCNFG window

 

Step 2:  Install the SSL certificate without using IIS 7

The following solution describes how to resolve the permissions issue using a workaround of installing the certificate without using the Complete Certificate Request feature IIS 7.

  1. Right-click on the certificate file
  2. Select Install Certificate
  3. The Certificate Import Wizard will open, select Next
  4. Select Place all certificates in the following store > Browse > Personal > OK

Once the certificate is installed, bind the HTTPS protocol to a Web Site in IIS 7 and assign the installed certificate following these steps:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to the [Server name] > Sites > [Site to bind]
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add
  5. From the Add Site Bindings window, provide the binding type HTTPS
  6. Select the SSL certificate that will be used for this site
  7. Click OK