DOCUMENT:Q161821  26-JAN-2001  [vbwin]
TITLE   :PRB: Remote OLE Automation: Using Access Control Lists (ACL)
PRODUCT :Microsoft Visual Basic for Windows
PROD/VER::4.0,5.0
OPER/SYS:
KEYWORDS:kbole kbsetup kbVBp kbVBp400 kbVBp500 kbOSWin95 kbOSWin98 kbGrpDSVB kbGrpDSVBDB kbDSupp

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Visual Basic Learning Edition for Windows, version 5.0 
 - Microsoft Visual Basic Professional Edition for Windows, version 5.0 
 - Microsoft Visual Basic Enterprise Edition for Windows, version 5.0 
 - Microsoft Visual Basic Enterprise Edition, 32-bit, for Windows, version 4.0 
-------------------------------------------------------------------------------

SYMPTOMS
========

When using a Client/Server Remote OLE Application, you receive the following
error when attempting to create the server:

   "Run Time error '-2147023132 (800706e4)': OLE Automation Error"

CAUSE
=====

The server has been configured to "Allow Remote Creates by ACL," and the client
has been set up to use an "Authentication" of "None."

RESOLUTION
==========

You can either change the server to "Allow All Creates" or change the client to
a compatible authentication level. Changes to the server are made in the Remote
Automation Connection Manager. Changes to the Client are made in step 4 of the
Application Setup Wizard. A compatibility chart is included in the MORE
INFORMATION section of this article.


MORE INFORMATION
================

Many of the examples given by Microsoft on creating Remote OLE servers suggest
using an "Authentication" level of "None" in step 4 of the Setup Wizard for the
client application.

Step 4 of the Setup Wizard calls for you to "Add OLE Servers." At this point, you
need to change the drop-down box to "List Files of Type:" "Remote OLE Servers
(*.vbr)," and select the VBR file that was created when the Server executable
was compiled. The VBR file should have the same name and be in the same
directory as the server executable.

Immediately after selecting the VBR file, you will see the "Remote OLE Servers
Details" dialog box. The last option in the dialog box is "Authentication." This
setting is defaulted to "1 - None." In all cases, using an "Authentication" of
"None" will cause an error when the client attempts to create an object on the
server which has been configured for "Allow Remote Creates by ACL".

The available "Authentication" options are:

   0 - Default            Use network default.

   1 - None               No authentication.

   2 - Connect            Connection to the server is authenticated.

   3 - Call               Authenticates only at the beginning of each
                          remote procedure call when the server receives
                          the request. Does not apply to connection-based
                          protocol sequences (those starting with the
                          prefix "ncacn").

   4 - Packet             Verifies that all data received is from the
                          expected client.

   5 - Packet Integrity   Verifies that none of the data transferred
                          between client and server has been modified.

   6 - Packet Privacy     Verifies all previous levels, and encrypts the
                          argument values of each remote procedure call.

Refer to "Building Client/Server Applications with Visual Basic," Part 2: Client
Server Design, Chapter 7: Implementing OLE Servers, Page 131 - 132, for more
information on data authentication.

To assist you in determining which settings to use in the Setup Wizard, the
following charts show which combinations of operating systems, protocols,
security policies, and authentication levels will work. The values at the
beginning of each row are RPC protocols. The values at the top of each column
are authentication levels. These charts apply to "Allow Remote Creates by ACL"
only.


NOTE: The table below does not cover the case where Microsoft Windows 95 is being
used as the server because Microsoft Windows 95 does not support Access Control
Lists (ACL) authentication. Using Windows 95 for Remote OLE Automation in this
manner will always produce the error described above. Windows 98 and Windows Me
do support Access Control Lists (ACL) authentication.

Client = Win 32 (Win NT 3.51 or Win95)
Server = Win NT 3.51

                    0       1       2       3       4       5       6
                    ---------------------------------------------------

   ncacn_np         OK      error   OK      OK      OK      OK      OK

   ncacn_ip_tcp     OK      error   OK      OK      OK      OK      OK

   ncadg_ip_udp     error   error   error   error   error   error   error

   ncacn_nb_nb      OK      error   OK      OK      OK      OK      OK

   ncacn_nb_tcp     OK      error   OK      OK      OK      OK      OK

   ncacn_nb_ipx     OK      error   OK      OK      OK      OK      OK

   ncacn_spx        OK      error   OK      OK      OK      OK      OK

   ncadg_ipx        error   error   error   error   error   error   error

------------------------------------------------------------------------

Client = Win 16 (WFW 3.11, Win 3.1)
Server = Win NT 3.51

                    0       1       2       3       4       5       6
                    -----------------------------------------------------

   ncacn_np         Log On  error   Log On  Log On  Log On  Log On  Log On

   ncacn_ip_tcp     Log On  error   Log On  Log On  Log On  Log On  Log On

   ncadg_ip_udp     error   error   error   error   error   error   error

   ncacn_nb_nb      Log On  error   Log On  Log On  Log On  Log On  Log On

   ncacn_nb_tcp     Log On  error   Log On  Log On  Log On  Log On  Log On

   ncacn_nb_ipx     Log On  error   Log On  Log On  Log On  Log On  Log On

   ncacn_spx        Log On  error   Log On  Log On  Log On  Log On  Log On

   ncadg_ipx        error   error   error   error   error   error   error

Additional query words:

======================================================================
Keywords          : kbole kbsetup kbVBp kbVBp400 kbVBp500 kbOSWin95 kbOSWin98 kbGrpDSVB kbGrpDSVBDB kbDSupport kbOSWinME 
Technology        : kbVBSearch kbAudDeveloper kbZNotKeyword6 kbZNotKeyword2 kbVB500Search kbVBA500 kbVB500 kbVB400Search kbVB400
Version           : :4.0,5.0
Issue type        : kbprb

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2001.