please help. I have my code in visual basic. Error permission denied GetObject("IIS://loclahost/w3svc/4/ROOT")
Set wServer = GetObject("IIS://loclahost/w3svc/4")
Set wRoot = GetObject("IIS://loclahost/w3svc/4/ROOT") 'Get the root web
Set wNew = wRoot.Create("IIsWebVirtualDir", strWebName) 'Create a new web off the root
''Create New App
wNew.AppCreate True
I suggest you could post more details information about your requirement.
Do you run this code in your web application which hosted on the IIS?
It seems that your application pool doesn't have the enough permission to get the IIS web site information.
I suggest you could try to modify the application pool identity permission to local system, if you want to create or modify the IIS setting.
Details, you could refer to below steps:
1.In IIS Manager, select Application Pools.
2.From the list of application pools, right-click your application pool and select Advanced Settings.
3.In the Process Model section, change the identity property from ApplicationPoolIdentity to localsystem, and click OK.
Related
I have a .Net Core 2.0 application that I host in IIS 7.
With IIS Express the application works fine and I'm able to connect to the database successfully. With IIS I get this error:
Cannot open database "Books" requested by the login. The login failed. Login failed for user 'DOMAINNAME\PCNAME$'.
My connectionString in appsettings.production.json file looks like this :
"ConnectionStrings": {
"BooksDatabase": "Server=PCNAME\\SQLEXPRESS;Database=Books;user id=iisAccess;password=iisPassword;Trusted_Connection=True;ConnectRetryCount=0;MultipleActiveResultSets=true"
};
What am I doing wrong and why does it say that the "login failed for 'DOMAINNAME\PCNAME$'" when I put the credentials user id=iisAccess;password=iisPassword; in my JSON file?
You are asking for Windows Authentication:
Trusted_Connection=True
Remove this part of the connection string and give it another try.
The reason for the error goes along these lines:
IISExpress runs as a normal process in your logon session. So it runs with your Windows Credentials. When your app is running inside IISExpress it is actually running under your credential, and when you connect to the database using Windows Authentication, is your login that SQL Server will receive.
The full IIS on the other hand runs as a service under a different session and a different user account. There are the application pools that also play a part and run under yet another account. But the main thing is that those default IIS accounts are local accounts, so they have no "visibility" to another computers. Hence when your app tries to connect to SQL Server, SQL "sees" the machine account, which goes by the name DOMAIN\MACHINE$.
Most likely, ASPNETCORE_ENVIRONMENT is not set correctly on the server (i.e. either not set at all or not set to Production).
On your server, edit the system environment variables and add one (if it doesn't already exist) with the name ASPNETCORE_ENVIRONMENT and the value Production. Also, edit the advanced settings of your app pool in IIS for the application and ensure that the key Load User Profile is set to True.
I am trying to set up a site on a Windows 2003 server running IIS 6. When I start the application, I get "Service Unavailable". I googled this error and most indicated it is an application pool identity issue (wrong user id and password). This is an intranet app and I have a non-expiring user id and password. I tested this user id and password and confirmed it is correct. I also added the user id to IIS-WPG group but it still stops after first request. I disabled Rapid fail Protection in IIS and it doesn't die but it takes a long time to (try to) display the page and then says Page Cannot be Displayed. It does the same thing if I run the application pool under Network Services identity, which is already part of IIS-WPG. I have made sure web application folder has proper ACL.
Is there anything else I can try?
UPDATE:
I noticed in event log that I was getting a DCOM error before the application pool stop error.
I did the following:
go to Admin Tools > Component Services > Computers > My Computer > DCOM Config > IIS Admin Service > Right-Click / Properties
Security Tab - Customize the Launch and Activation Permissions > Edit
Add the Network Service (under which my application pool runs; I removed the custom user id) with Local Launch and Local Activation Permissions.
Now, the application pool does not stop but I get "Internet Explorer cannot display the page" error and no errors in System Event Log.
It seems in IIS 6 on Windows Server 2003, only ASP.Net version 1.1 is automatically added. I had to go to "Web Service Extensions" in IIS, under <server_name> and add support for ASP.Net 2 and ASP.Net 4. After that everything worked as expected. This, of course, only applies to the "Page Not Found" or "Page Cannot be displayed" errors. I still had to modify the DCOM setting to stop application pool from stopping.
Prior to this, however, I uninstalled and reinstalled IIS.
I am using SP 2010.
I created a new site collection from central admin.
and it gave me "site created successfully"
when I visit the new site collection, I get below error:
Cannot connect to the configuration database
What are my options?
Go to services (Start --> Run --> Type services.msc) and start the service SQL Server(SHAREPOINT)
Its probably the app pool you are running your site collection under, have you got any other site collections in the same web application?
If not take a look at the permissions on the app pool for that web app
This problem came to me after a password expired in the AD and had to be updated.
When i changed the password i had to sync in to the ad and used this site: http://info.izzy.org/Blog/archive/2010/08/04/how-to-fix-an-out-of-sync-password-issue-in-sharepoint-2010.aspx
Then i found out that the problem was that SharePoint Timer Service wasnt running och the Front end server. So I had to do an iisreset on the front end server to get the Service to start, since the account using the service was the account with a new password. And then everything was back on track again!
in my case the problem was secondary replica of Always on Was Empty and does not have Config database
i have configured an always Solution and at start i connect sharepoint to alias via cliconfig.exe and alias was connecting to AG listener
fail over back to instance where Config db exists solved my problem
Mainly looking to answer my question #1 below, but more knowledge would be appreciated.
I tried to use these resources during my investigation, but was unsuccessful:
http://social.msdn.microsoft.com/Forums/en/sqldatabaseengine/thread/f5eb164d-9774-4864-ae05-cac99740949b (For this error: Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed.)
http://social.msdn.microsoft.com/forums/en-US/sqlexpress/thread/6dfdcc22-7a81-4e8f-a947-c1ce6982d4b3/ (For this error: CREATE DATABASE permission denied in database master. An attempt to attach an auto-named database for file ? failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.)
Questions
1.) Why does this error occur while running the Telerik Rad Controls for ASP.NET AJAX "Live Demos" project with IIS 7 (Running Telerik Live Demos works fine using ASP.NET Development Server with this connection string)
Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed.
2.) How is creating a SQL Server Express instances different in IIS 7, from ASP.NET Development Server & SSMSE
3.) Are there certain attributes of a SQL connection string not allowed when running a website on different contexts (based on #2).
Environment:
I'm not running the "Live Demos" .NET 3.5 ASP.NET web application via the ASP.NET Development Server (feature that pops up in your system tray and picks a port for you after clicking play in Visual Studio). That works just fine! I'm running the website on IIS 7. SQL Server Express is using the NETWORK SERVICE user in Control Panel > Administrative Tools > Services > SQL Server (SQLExpress).
Using this connection string provided with the installed "Live Demos" web application demo project:
<add name="NorthwindConnectionString"
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|Northwind.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
I've tried setting "User Instance=False", but that just throws another error:
CREATE DATABASE permission denied in database master. An attempt to attach an auto-named database for file ? failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
(where "?" is the path of the *.mdf file - C:\Users\\MyDocuments\Visual Studio 2008\Projects\TelerikDemos\Telerik\RadControls for ASP.NET AJAX Q2 2011\Live Demos\App_Data\Northwind.mdf .. Stack Overflow italics is broken with some of those characters, so I had to remove that path)
Someone answered me on a previous question to set this "User Instance=False", but it appears User instances have nothing to do with whether or not you use SQL Express. User Instances are simply a feature of SQL Express that allows a very unprivileged user to host a database instance in it's own user context.
Note, this Northwind database is stored in an *.mdf file in the App_Data folder (under the "Live Demos" root application directory) along with the *.ldf (log file). I did previously try attaching the *.mdf files as actual databases under the "Databases" folder (in the SSMSE Object Explorer tree), but later removed them.
Web application "Live Demos" root folder (and nested folders/files) have the following users assigned with ALL privileges:
- IIS APPPOOL\Telerik ("Telerik" is the name of my application pool in IIS 7 for this site)
- IUSR
- NETWORK SERVICE
Making a note for myself about this SQLExpress master database query:
SELECT * FROM sys.dm_os_child_instances
Also tried different combinations of *.mdf & *.ldf permissions while also changing the user on the SQL Server (SQLExpress) Windows 7 service (Control Panel > Administrative Tools > Services) .. and also restarted the service after making those changes.
To reproduce:
download the Telerik Rad Controls for ASP.NET AJAX. Set the permimssions I mentioned in the "Live Demos" folder under Program Files\Telerik, change the .NET version of the web application to .NET 3.5, switch out their 3.5 web.config file with the normal web.config file in that folder. You have to use Visual Studio 2010, but I am running this in Visual Studio 2008 (with a little grunt work I did because our company is not yet on VS2010). Also switch out the proper Bin35 assemblies into the "Live Demos" folder Bin folder. Compile the solution. Create an IIS 7 website. Add Windows authentication. Enabled anonymous and Windows authentication.. all others are disabled. Set application pool to use Classic and 32 bit.
Then navigating to this URL and clicking the "First Look" image.
http://localhost/combobox/examples/overview/defaultcs.aspx
====================
More evidence will be provided if requested.
You are using a connection string with trusted authentication = true. This means that the connection uses the security context of the calling process.
When you run with the development server you are running in the security context of the logged in user, so every thing works fine.
When you run in IIS you are in the security context of the application pool process, which is NETWORK SERVICE, which does not have a user profile, therefore it crashes.
You can fix it by either:
Change the identity of the application pool to a normal user with access to the database
Use a connection string with user name and password
IIS doesn't load the Windows user profile, but certain applications might take advantage of it anyway to store temporary data. SQL Express is an example of an application that does this. However, a user profile has to be created to store temporary data in either the profile directory or in the registry hive. The user profile for the Network Service account was created by the system and was always available. However, with the switch to unique Application Pool identities, no user profile is created by the system. Only the standard application pools (DefaultAppPool and Classic .NET AppPool) have user profiles on disk. No user profile is created if the Administrator creates a new application pool.
However, if you want, you can configure IIS application pools to load the user profile by setting the LoadUserProfile attribute to "true".
https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
I have a WCF web service that is deployed at IIS.
Part of the web service is to validate the inputs using EntLib 4.1
For ex, the string values can be of specific length and so on.
In case of the validation being failed a fault exception is raised and the service is supposed to write the message in log file.
How do I go about creating the log file to a location that can be configured from a config file.
Basically how do we write messages from IIS (since the service is hosted at IIS, I am assuming that that will be the source!)
To write to the log file, make sure that the identity running your web application has write access to the log directory.
IIS7: You can find the identity in the IIS management console. Select the application pool that your web application is using. Click on Advanced Settings. In the properties window, look for the identity field. It may say Network Service. This is the account that needs write permission to your log output folder.
IIS6: Same as IIS7 except right click on the app pool and select properties. The properties window of IIS6 will have an Identity tab.
If you already have a log file in this directory, try deleting it and letting the framework create it.
Hope this helps.
Why not just write the warnings/error to the Event Log? It's easier to maintain than arbitrary log files and you can query them from other machines.
http://imar.spaanjaars.com/275/logging-errors-to-the-event-log-in-aspnet-applications
This website helped me with the same problem on IIS 7.5, where you have new Application Pool Identities: http://learn.iis.net/page.aspx/624/application-pool-identities/
Using the command line ICACLS test.txt /grant "IIS AppPool\<AppPoolName>":F on the log file or log folder worked for me.
Trying to set the permissions via the file/folder properties dialog failed, the AppPool identity was not accepted there.