Unable to access IIsCertMapper object through ADSI

  • Article

Today, I was working on an issue where we were trying to add mapping for client certificate for a windows account using ADSI and VBScript. Something similar as below:

<%
  Dim CertObj, vCert
  vCert = Request.ClientCertificate("CERTIFICATE")
  Set CertObj = GetObject("IIS://<path>/IIsCertMapper")
  CertObj.CreateMapping vCert, "MYACCT", "MYPASS", "My Name", True
%>

where path is in the format: "<IISServerName>/W3SVC/<Identifier>"
However, script was failing on the 3rd line,

Set CertObj = GetObject("IIS://<path>/IIsCertMapper")

We get “Path not found error”, 80070003. Now this is an expected behavior if this object type is not found in the IIS's metabase. You can search for the above in metabase.xml file. Ideally this should have been there, but since we did not have this, to make it work we had to manually create this for a website in question.

You can try this to have the necessary object type:

> cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"     

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

created "w3svc/1/IIsCertMapper"

>

Here 1 is the identifier for the website in question and "IIsCertMapper" is the Object type.

Once done, try restarting IIS services as like (IISRESET from the cmd prompt).

Open the metabase.xml and now we should see an entry as below:

<IIsCertMapper    Location ="/LM/W3SVC/1/IIsCertMapper"
    >
</IIsCertMapper>

Once this entry was created in the metabase.xml we should be able to access this object via ADSI script. This is not only applicable to a specific object type like IIsCertMapper but any other object type associated with IIS.

Hope this helps someone, somewhere, somehow ;-)

Comments

  • Anonymous
    July 28, 2008
    I tried your method to create the IIsCertMapper object Type but get: Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. ErrNumber: -2147463153 (0x8000500F) Error creating the object: "w3svc/1/IIsCertMapper" Any ideas? Thanks.

  • Anonymous
    July 28, 2008
    Hi Mark, The error you get is this: C:>err 0x8000500F

for hex 0x8000500f / decimal -2147463153

 E_ADS_SCHEMA_VIOLATION

The attempted action violates the DS schema rules.

Can you type in the exact complete command that you tried which failed with the above error? Thanks.

  • Anonymous
    July 28, 2008
    cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"

  • Anonymous
    July 28, 2008
    The comment has been removed

  • Anonymous
    July 29, 2008
    The comment has been removed

  • Anonymous
    October 31, 2008
    I'm having the same issue 2k3 SP2 32bit.  default IIS install. ErrNumber: -2147463153 (0x8000500F) Error creating the object: W3SVC/2046548428/Root/AccessPlatform/IIsCertMapper I wish to configure many-to-one certificate maping in a scripted install.

  • Anonymous
    October 31, 2008
    Hi Dan, Ensure that the identifier for the web site is same as below in the command: W3SVC/<Site Identifier>/root/IIsCertMapper where <Site Identifier> is the site identifier for your web site.