80070005 Access is denied,when asp.net website with crystal report is deployed on dedicated server

I have the same problem on a client's windows server 2003 machine running IIS6. Their server is very locked-down compared to normal servers, and something in that locking-down is probably the problem. I haven't experienced this problem on dozens of other clients' servers. I haven't solved the problem yet but here are some steps from what I've learned so far...

First thing to do is double-check which Application Pool your app is running under, and then check which Identity the App Pool is using (e.g. Network Service or Application Pool Identity or...). This is important to ensure you're giving permissions to the right user. Don't go any further until you're sure about this.

Next check if you're using IIS Impersonation (probably you're not unless you know what it is). This is where the application pool is sort-of running under the identity of the user ... this would only be the case if you're using Windows Authentication and in the web.config you have <identity impersonate="true" />. If you are using Impersonation then probably you have to give end users all the necessary file and/or COM access. If not (as in my case) it should just be a matter of checking the permissions are right for your application pool's user or IIS users group.

Once you know the right identity for permissions, try these steps:

  • If it's a 64-bit machine check you have Enable 32-bit applications enabled for the Application Pool (or that you have the 64-bit runtime installed)
  • Check the Application Pool identity has access to the C:\Windows\Temp folder (you've mentioned you've done this but I thought I'd list it for anyone else encountering the problem).
  • Check the Application Pool identity has access to the Crystal Reports folder, e.g. C:\Program Files\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\. You can find the folder by opening regedit.exe and navigate to HKEY_CLASSES_ROOT\CLSID\{4DB2E2BB-78E6-4AEA-BEFB-FDAAB610FD1B}\InProcServer32. Get the path from the (default) value for that registry key and check the permissions on the parent folder for that path. Try giving Full Control to the folder to the right identity to see if that fixes the problem.
  • I'm not sure if this is relevant, but possibly adding <startup useLegacyV2RuntimeActivationPolicy="true"> to the web.config might help ... it was suggested in this post relating to a different COM application having similar problems so worth a go? So you'd add this inside the tag within web.config:

    <startup useLegacyV2RuntimeActivationPolicy="true"> 
         <supportedRuntime version="v4.0"/> 
    </startup>
    
  • Check the COM permissions on the server:

    • open Component Services from Control Panel > Administrative Tools
    • expand Component Services > Computers > My Computer then right-click > properties
    • click on the COM Security tab
    • In the Launch and Activation Permissions click on the Edit Default... button
    • Check the Launch and Activation Permissions permissions listed. If your app pool user isn't listed can try adding it with all 4 Allow permissions and retest. If that doesn't solve the problem then undo any changes.
  • If none of this has solved it then I suggest downloading Process Monitor and try to determine what it's trying to do that hits an Access Denied. This is the next step for me on the problem so if I find anything out I'll update this answer.