We Keep Coding

asp.net core out-of-process fails to start correctly

I'm attempting to us the RunFromPackage App Setting for an Azure Web Site.
I'm using the following stack
asp.net core (out-of-process)
Targeting .Net Framework 4.7.2
and I can no longer get my web application to run correctly. when I hit the url all I get is
"The page cannot be displayed because an internal server error has occurred."
in the response.
I have launched my application using the Kudu powershell window with the command
".{applicationName}.exe"
and it start up fine. No errors or anything
Viewing the event viewer logs all I see is
APPLICATION_MANAGER::~APPLICATION_MANAGER | this=000001D1CD999A60 [TID 8872] [PID 8028]
When turning on the Failed Request Tracing Logs I see the following relevant information
URL_CACHE_ACCESS_START RequestURL="/favicon.ico" 15:37:30.729
URL_CACHE_ACCESS_END PhysicalPath="", URLInfoFromCache="false", URLInfoAddedToCache="true", ErrorCode="The operation completed successfully.
(0x0)" 15:37:30.729
GENERAL_GET_URL_METADATA PhysicalPath="", AccessPerms="545" 15:37:30.729
HANDLER_CHANGED OldHandlerName="", NewHandlerName="aspNetCore", NewHandlerModules="AspNetCoreModule", NewHandlerScriptProcessor="", NewHandlerType="" 15:37:30.729
MODULE_SET_RESPONSE_ERROR_STATUS
Warning ModuleName="IIS Web Core", Notification="BEGIN_REQUEST", HttpStatus="500", HttpReason="Internal Server Error", HttpSubStatus="0", ErrorCode="Access is denied.
(0x80070005)", ConfigExceptionInfo=""
I have tried to turn on the asp.net core module logging but I get no log files. I have also tried to turn on the stdoutlog but nothing is appearing to log.
Here is a copy of my web.config
<configuration>
<system.webServer>
<security>
<access sslFlags="SslNegotiateCert" />
</security>
<serverRuntime uploadReadAheadSize="30000000" />
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" stdoutLogEnabled="true" stdoutLogFile="\\?\%home%\LogFiles\stdout" hostingModel="OutOfProcess" arguments="%LAUNCHER_ARGS%">
<handlerSettings>
<handlerSetting name="debugFile" value="\\?\%home%\LogFiles\aspnetcore-debug.log" />
<handlerSetting name="debugLevel" value="FILE,TRACE" />
</handlerSettings>
</aspNetCore>
</system.webServer>
</configuration>
I'm not really sure what is going on. All I can gather is something is going wrong with the IIS Module. from the error message it appears that it cannot read or process my web.config ErrorCode="Access is denied."
Strangely enough I had a previous build of the application up and running. I have tried to isolate the changes that may have broke the site but I cant seem to find out what has cause this.

It appears that this was due to the fact I was trying to get only client authentication on one endpoint.
The following setting
<access sslFlags="SslNegotiateCert" />
in the web.config, and Require incoming Certificate in the App Settings caused my issue.
I then tried the feature of "Certificate exclusion paths" but having this and the web.config access node makes the web server very upset and causes the error message
"The page cannot be displayed because an internal server error has occurred."
I had to remove the node from my web.config file, leave the Required SSL, and set my Certificate Exclusion path and everything turned back online.

Visual Studio 2015. Failed to register URL for site access is denied IIS Express. Access denied 0x80070005

I enabled SSL in Visual Studio 2015 in order to implement Facebook and Google login locally.
I changed the project URL in the Web tab of the project's properties to https://localhost:44300/ and decorated the controller with the RequireHttps attribute - ref #msdn.
Everything worked fine locally.
I reverted settings to HTTP to test something else and that caused me a problem when I tried to get back to HTTPS.
I found this SO question and tried almost every suggested solution.
Error detail:
Failed to register URL "url" for site "site" application "path".
Error description: Access is denied. (0x80070005).

I had to issue this command in DOS to solve the problem in VS 2015:
netsh http add urlacl url=http://{ip_addr}:{port}/ user=everyone
Strangely this was only needed when I moved the project to a different PC. On the original PC I didn't need it.

Turned out this very answer on the same question thread by Cayne led me to the solution.
The port change didn't work because applicationhost.config file, located in .vs folder specific for VS2015, kept bindings combo of old port for Http and Https as a default setting. No matter how many times did I change port to something else while trying with Http (only got clogged with mass of new web site bindings in the config file) as soon as I wanted to switch back to SSL it ended up with the first bindings combo. The port it complained about that can't be registered any more.
Once I deleted that first bindings combo everything was fine.
I hope this will help someone in the future.

Go to C:\Users{username}\Documents\IISExpress\config and open the applicationhost.config file.
Search for the <sites> tag in the document. You will see some lines similar to the following.
<site name="WebSite1" id="1" serverAutoStart="true">
<application path="/">
<virtualDirectory path="/" physicalPath="%IIS_SITES_HOME%\WebSite1" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:8080:localhost" />
</bindings>
</site>
Replace the line <binding protocol="http" bindingInformation="*:8080:localhost" /> as follows.
<binding protocol="http" bindingInformation="*:{required_port_number}:*" />
I think you can even remove the * marks in bindingInformation.
Then restart IIS Server (remove all IIS server related operations using Task Manager and go to C:\Program Files\IIS Express folder and run iisexpress.exe: you might need to Run as Administrator).
A console will open and if all went well, following lines will be displayed.
Successfully registered URL "http://*:{required_port_number}/" for site "Website1" application "/"
...
Also check in browser whether the required URL works now.
Here's a very useful resource...

How to run svcutil.exe from behind authenticating proxy

I want to run the svcutil.exe tool to access a web service on the internet. Unfortunately, whenever I try, I get a bunch of errors that include the following message:
The request failed with HTTP status 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
As I have learned from this related post (with more details here), the problem is that I am sitting behind an authenticating proxy. That post explains that I need to edit the app.config file, but I can't figure out how to do that. I think I will use the /svcutilConfig:alternate_app.config switch, but I don't know how to construct a valid .config file to pass to that switch. What is the default app.config file that svcutil.exe uses?

Well, I think I have figured out the answer to my question:
It turns out that the default .config file used by svcutil.exe is called svcutil.exe.config, and (at least for me) it lives in this folder:
C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin
I decided to just edit that file directly (rather than fumble around with the /svcutilConfig switch). I needed Admin privileges to do so.
The final contents of that file looked like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false" />
</runtime>
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
</configuration>
(with the secret sauce buried in the <system.net> element.)
In order for this all to work, I had to start the Command Prompt as Administrator, navigate to the folder listed above, and run the svcutil.exe command from there.
Hope this helps some other poor soul who gets stuck in this mess! Thanks to #AndrewWebb for the clues that got me going!

There was no endpoint listening at http://

I have a Windows forms app which uses WCF services. Our application sends messages using one of our WCF services to specific users running our client, so our callback “http:” string is dynamically constructed each time a message is sent to a user. It includes the server IP address and port (126.221.97.105:701) onto which the current user is logged, the user’s id (56281), and the client GUID (7392d27a-e4a0-42e2-89a3-adc332e28934). So, a typical callback “http:” string looks like this:
http://xxx.xxx.xx.xxx:701/CmesCns/CALLBACK/56281/7392d27a-e4a0-42e2-89a3-adc332e28934
We have an http namespace (http://+:701/) on our client and the group “Everyone” is tied to this namespace with all of the access permissions checked (GenericAll, GenericExecute, GenericRead, and GenericWrite). We use “http namespace” to create our namespaces.
Our application has been in production (on Windows Server 2003) for a few years and everything is working fine.
We have recently converted our application to run in the Windows 2008 server environment. The “Target Framework” in each of our projects is set to the “.NET Framework 4.0”. Our application works fine on my Windows 7 developer workstation. That is, I am able to receive messages from our WCF service, but when I place our application onto our Windows 2008 server and I attempt to run the application, I receive the following error message:
"There was no endpoint listening at http://xxx.xxx.xx.xxx:701/CmesCns/CALLBACK/56281/7392d27a-e4a0-42e2-89a3-adc332e28934
that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.”
The http namespace (http://+:701/) exists on my developer workstation and on my Windows 2008 server. The group “Everyone” is tied the namespace on my Windows 7 box and on my Windows 2008 server, and all of the access permissions are checked (GenericAll, GenericExecute, GenericRead, and GenericWrite).
We have been searching the web for an answer but have not discovered anything. Would anybody have any ideas on why this would work on our Windows 7 workstations, but not on our Windows 2008 servers?
Any help is greatly appreciated!
Kevin

When you host a WCF service in IIS you don't specify an absolute url in the address. You should use a relative url to the .svc file. The base url will be determined by the web site where it is hosted.
<service name="WebService.Receptor">
<endpoint
address="/WS.svc"
binding="wsHttpBinding"
contract="IMyContract"
/>
and on the client, depending on how your IIS is configured you should obviously specify the full address:
<client>
<endpoint
name="Receptor"
address="http://MyServer:8000/WS.svc"
binding="wsHttpBinding"
contract="IMyContract"
/>
This assumes that you have configured a site in IIS that listens on the 8000 port and that you have hosted your WCF application inside this site.
if it does not help please follow these links, hope it would be useful.
Stack overflow link
Multiple Endpoint

Typically, this error is because there is no endpoint on the server that matches what the client is requesting (the address, the service, or the authentication is different).
However, in my case, I had the exact same error, and it was not due to any of these things.
When I enabled the tracing on IIS and reviewed the svclog trace with SvcTraceViewer.exe (included in Visual Studio), the actual internal error was "Maximum request length exceeded."
My client was uploading an image via the service. And I guess the image was too big.
To enable tracing I added this to the configuration section:
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="All"
propagateActivity="true">
<listeners>
<add name="traceListener"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData= "c:\log\Traces.svclog" />
</listeners>
</source>
</sources>
To solve the error, I increased the message request length in the web config and the error went away.
To do this, in the system.websection in the web.config I added the line:
<httpRuntime maxRequestLength="32768" />
Then I added this section inside the configuration section
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="32000000" />
</requestFiltering>
</security>
</system.webServer>
So I recommend you enable tracing and then review the trace for the exact error.

wcf trying to set up tracing to debug, not writing to log file

here's my web.config, running a WCF service in an application on IIS7, but nothing is being written to the specified file. permission on the file has been granted for everyone.
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="Information, ActivityTracing, error, warning, critical" propagateActivity="true">
<listeners>
<add name="traceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="c:\log\tracestext.log" />
</listeners>
</source>
</sources>
</system.diagnostics>
I can add a service reference just fine.
I then try to call the service from a windows app and, after a few minutes, get an error on the machine running the windows app "Client is unable to finish the security negotiation within the configured timeout (00:00:00). The current negotiation leg is 1 (00:00:00)."
but absolutely nothing is written to the trace log file specified in config.
Is there something else I need to do to enable tracing? thanks for your help
EDIT: "sources" section now matches the section recommended here: http://msdn.microsoft.com/en-us/library/aa702726.aspx
I've added the "diagnostics . messagelogging" section to "system.servicemodel"
and the event viewer shows: "Message Logging has been turned on. Sensitive information may be logged in the clear, even if it was encrypted on the wire: for example, message bodies.
Process Name: w3wp
Process ID: 1784
"
but the log file is still empty

Yes - you've only just defined some .NET tracing source and listeners - but you haven't instructed WCF yet to actually do the tracing!
You also need:
<system.serviceModel>
<diagnostics>
<messageLogging
logMessagesAtTransportLevel="true" logMessagesAtServiceLevel="false"
logMalformedMessages="true" logEntireMessage="true"
maxSizeOfMessageToLog="65535000" maxMessagesToLog="500" />
</diagnostics>
</system.serviceModel>
These two sections of config combined should do it!
In order to get your messages written back to the log file right away, you might want to add a setting to your <system.diagnostics> section:
<system.diagnostics>
... everything you already have....
<trace autoflush="true" />
</system.diagnostics>

To write to the log file, make sure that identity running your web application has write access to the log directory.
You can find the identity in the IIS 7 management console. Select the application pool that your web application is using. Click on Advanced Settings... In the properties window, look for the identity field. It may say Network Service. This is the account that needs write permission to your log output folder.
If you already have a log file in this directory, try deleting it and letting the framework create it.
Hope this helps.

Make sure you have configured both the system.diagnostics and the
System.serviceModel/diagnostics sections configured.
Make sure you have them configured in the correct App.config/Web.config file. The thing to note is that multiple
config files may exist in a project, and the one used depends on the
Build Configuration.
Personally I had the very same symptom until I noticed that I put the sections under app.config (in my case, client side tracing), instead of app.DebugLocal.config. The later was used as my build configuration was set to DebugLocal.

Probably the issue is due to permission to write in the log directory specified in your config file.
If you are'nt sure wich is the user in the context, give write permission to all machine users.
Right click in log directory
Click in the "Security" tab
Click edit
On "Group Names or Users" section, select "Users MachineName\Users"
On "Permissions" section grant permission to write
It worked fine for me.