Author: Halfvares Mats, Teknikhuset AB.

Published: 2006-01-03

Applies to:
  • Content Studio ver. 4.0 and later running PDF server

Type: How to

Symptoms

When generating a PDF that uses high resolution images the resulting PDF is either an error page or the pictures are not in high resolution format. However normal resolution works as expected.

Cause

This is probably a security problem with IIS on Windows Server 2003. When creating high resolution PDF documents Content Studio instantiates Internet Explorer on the server side - an operation that requires certain privileges are held by the calling process. Before Sp 1 only administrators and anonymous callers could do this but after Sp 1 the anonymous option was removed. So in order to solve this problem one must ensure that PDFReader is authenticated using integrated security.

Resolution

After applying Sp 1 on Windows Server 2003 you must use integrated security with the web site. In this article the term PDFReader account is used and this account is the account that Content Studio PDF server (ie. Active PDF Webgrabber) uses when browsing to the document that should be converted to PDF documents. For more information see the article "Set up the Content Studio PDF server".

Sites using anonymous access
If Sp 1 the site allows anonymous access you must edit the security settings on the file "default_pdfget.asp" file that is located in the site root. You should turn off security inheritance on that file and allow the system to copy all permissions. After that you should remove all entries that gives anonymous access to this file (ex. Everyone, Users and Authenticated Users) and make sure that the PDFReader account has at least READ/EXECUTE permission on that file. Also you should make the PDFReader account a member of the local administrators group on the web server. Additionally, log on to the web server and on the PDF server using the PDFReader account and add all of the sites affected to the Local Intranet security zone.

Protected sites that does not use anonymous access
The PDFReader account should be a member of the local administrators on the web server and log on to the web server and on the PDF server using the PDFReader account and add all of the sites affected to the Local Intranet security zone.