Unable to access IIsCertMapper object through ADSI

Today, I was working on an issue where we were trying to add mapping for client certificate for a windows account using ADSI and VBScript. Something similar as below:

  Dim CertObj, vCert
  vCert = Request.ClientCertificate("CERTIFICATE")
  Set CertObj = GetObject("IIS://<path>/IIsCertMapper")
  CertObj.CreateMapping vCert, "MYACCT", "MYPASS", "My Name", True

where path is in the format: "<IISServerName>/W3SVC/<Identifier>"
However, script was failing on the 3rd line,

Set CertObj = GetObject("IIS://<path>/IIsCertMapper")

We get “Path not found error”, 80070003. Now this is an expected behavior if this object type is not found in the IIS's metabase. You can search for the above in metabase.xml file. Ideally this should have been there, but since we did not have this, to make it work we had to manually create this for a website in question.

You can try this to have the necessary object type:

> cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"     

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

created "w3svc/1/IIsCertMapper"


Here 1 is the identifier for the website in question and "IIsCertMapper" is the Object type.

Once done, try restarting IIS services as like (IISRESET from the cmd prompt).

Open the metabase.xml and now we should see an entry as below:

<IIsCertMapper    Location ="/LM/W3SVC/1/IIsCertMapper"

Once this entry was created in the metabase.xml we should be able to access this object via ADSI script. This is not only applicable to a specific object type like IIsCertMapper but any other object type associated with IIS.

Hope this helps someone, somewhere, somehow 😉

Comments (7)

  1. Mark Blauvelt says:

    I tried your method to create the IIsCertMapper object Type but get:

    Microsoft (R) Windows Script Host Version 5.6

    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

    ErrNumber: -2147463153 (0x8000500F)

    Error creating the object: "w3svc/1/IIsCertMapper"

    Any ideas? Thanks.

  2. Saur212 says:

    Hi Mark,

    The error you get is this:

    C:>err 0x8000500F

    # for hex 0x8000500f / decimal -2147463153


    # The attempted action violates the DS schema rules.

    Can you type in the exact complete command that you tried which failed with the above error?


  3. MarkBl says:

    cscript adsutil.vbs CREATE w3svc/1/IIsCertMapper  "IIsCertMapper"

  4. Saur212 says:

    Looks strange as to why it should throw this error.

    What version of IIS are you checking in, i tried with both IIS 5/6 without luck. I suggest you may want to manually add the entry like this after stopping the IISADMIN service.

    <IIsCertMapper Location =”/LM/W3SVC/1354220969/IIsCertMapper”



    Is there a way you can share the metabase.xml file with me. Just send me the password encrypted metabase.xml (if this is IIS6.0) at xxxxxx@xxxx.xxx

  5. MarkBl says:

    I am using IIS version 6. I manually added a line to the metabase.xml file. Still unable to use mapping.  I will email the file to you. However your email address is x’d out.


  6. Dan Kaminski says:

    I’m having the same issue 2k3 SP2 32bit.  default IIS install.

    ErrNumber: -2147463153 (0x8000500F)

    Error creating the object: W3SVC/2046548428/Root/AccessPlatform/IIsCertMapper

    I wish to configure many-to-one certificate maping in a scripted install.

  7. Saur212 says:

    Hi Dan,

    *Ensure* that the identifier for the web site is same as below in the command:

    W3SVC/<Site Identifier>/root/IIsCertMapper

    where <Site Identifier> is the site identifier for your web site.

Skip to main content