I am trying to encryp web.confif using RsaProtectedConfigurationProvider.
Everything works fine on my machine which is Windows XP. I know I am supposed to use "ASPNET" in following command for XP. My test server is WIndows server 2007 and following command gives me an error. "No mapping between account name and security IDs was done." I know ASPNET is not the default application pool on the server. What command should I use on the server?
aspnet_regiis -pa "NetFrameworkConfigurationKey" "ASPNET"
Thanks
Got the answer. Command should be this on the windows server.
It shoud be aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITY\NETWORK SERVICE"
Related
I have been trying to browse a website run under IIS Express VS2019 from another computer on the same network. I see the following error.
Bad Request - Invalid Hostname
I found several discussions where people suggested adding bindings and I did try adding so many different bindings in applicationhost.config with specific hostname, IP, hostname+ip, wildcards. When I add any binding or modify the existing localhost binding VS 2019 start giving me the following error
Unable to connect to web server 'IIS Express'
I am running VS2019 as an admin. What else I am missing?
Here is what I discovered. I do not have admin privileges on my local PC. Our sysadmin had created a shortcut for me which launches VS2019 as an admin. However, the VS was still not run as elevated Admin privileges. Turns out, you need to be an admin, and you must right-click the VS2019 shortcut and choose Run As Administrator with a shield and say Yes to the warning. The shortcut wasn't doing none of that. Now my custom IIS Express bindings are picked up from applicationhost.config without any issue.
when I run on sql server 2005:
EXEC sp_grantlogin "IIS APPPOOL\DefaultAppPool"
I get the error:
Msg 15401, Level 11, State 1, Procedure sp_grantlogin, Line 49
Windows NT user or group 'IIS APPPOOL\DefaultAppPool' not found. Check the name again.
How can I fix this?
This work for me
CREATE LOGIN [IIS APPPOOL\MyAppPool] FROM WINDOWS;
CREATE USER MyAppPoolUser FOR LOGIN [IIS APPPOOL\MyAppPool];
You need to ensure that there is a Windows account called IIS APPPOOL\DefaultAppPool on the machine. Run Computer Management on the machine,go to Local Users and Groups, and look at the properties in IIS_IUSRS.
If there is no account there called IIS APPOOL\DefaultAppPool then that is why you cannot add a login to SQL Server. You will only have this account on your SQL Server machine if you are also running IIS on that machine, as IIS APPPOOL\DefaultAppPool is a local account.
This link http://forums.iis.net/t/1174325.aspx seems to be very similar to your problem. There are some tips on how to solve the problem, including one at the very end which looks important.
For a lazy set up on my IIS 7.5 development box, I use BUILTIN\IIS_IUSRS instead of the application pool identity IIS APPPOOL\DefaultAppPool.
As the (dynamic) app pool identity users are always members of the Group IIS_IUSRS, if you rename the app pool, or use a different app pool, it doesn't break the SQL permissions.
ref, Use BUILTIN\Group to Grant Access to Predefined Windows NT Groups: http://support.microsoft.com/kb/216808
I had the same error message after installing SQL etc. I found out that I actually didn't have IIS enabled/installed in Windows Programs and Features.
Search Turn Windows features on or off
Check IIS - Internet Information Services is ticked
Click OK
Rerunning SQL script should now complete.
I have a WCF service which I install via cmd line, due to installment on many servers!
When installing application pool and configuring it, I set a custom account on the process model identity, which is just an account with local administrator rights!
But when I try to browse the service just to see the front service page I get a Service Unavailable message with http error 503, which is a server error which again comes from an event id 5021, which states that the identity for the service's application pool is invalid due to either incorrect username/password or the user may not have batch logon rights.
Ergo, the error has to do with the user identity! When I change Identity to NetworkService there is no problem. I cannot either manually set the Identity to the user...
My cmd line looks like:
c:\Windows\System32\inetsrv\appcmd add apppool /name:"calendarproviderservice" ^
/autostart:"true" ^
/managedRuntimeVersion:"v4.0" ^
/processModel.idleTimeout:"24:00:00" ^
/enable32BitAppOnWin64:"true" ^
/processmodel.identitytype:"SpecificUser" ^
/processModel.userName:"PlannerAdmin"
Anyone has a clue...?
Cheers, Finn.
It's been a while, but I finally solved my problem! Unfortunately I didn't sketch the hole scenario in the main question because I didn't think it mattedered in the context. But it did!
The scenario was that my server was a deployed server with a base configuration including IIS 7.5! And this is the problem!
When you try to set the application pool identity to a domain account, IIS has to keep a local copy of your username and password. This is stored in IIS applicationHost.config in encrypted format. In the encryption IIS uses the machine specific keys in iisConfiguration and iisWasKey containers. When this applicationHost.config is moved to a different server (in this case the deployed server on new hardware), IIS can no longer decrypt the password because of the new machine keys.
One can export configuration Keys, but I already deleted the base server I made an image of!
So the lesson learned here is: If you have to deploy many servers with IIS on, make a base image WITHOUT IIS, and script the IIS on the server after deployment!!!
Cheers, Finn.
PS. Dominik, sorry that I wasn't that clear on the intro question!
Have you assigned the user to the local IIS_USRS group?
I have getting the above error when i try to start wcf service hosted in windows service. i am using net.tcp binding with port sharing and have updated the SMSSvcHost.exe.config with the correct SID. What else I could be missing which is casuing this error
i noticed on other forums people suggsting rebooting the server and running the service under admin account. don't know how relevant these suggestions are.
the issue was casued by installtion of .NET Framework 4.0. It upgared net.tcp port sharing as well.
I ran into the same issue. My solution is grant Administrative right to the application by adding app.manifest file and use this file in the project properties, manifest field. If I am running in Visual Studio, I need to run VS in administrative mode.
That is kind of sucks. I am wondering others have a different solution to this.
Running Visual Studio as Administrator worked for me
I'm trying to install windows service using the Microsoft.Sdc.Tasks library.
<ControlService Action="Install"
ServiceName="Service1"
User="XXX
Password="XXX"
ServiceExePath="$(DeployFolder)\XXX.exe"/>
But I keep getting prompted for the user and password! This will not work as I'd like to have it as an automated build on the build server. I mean, the user and password that I want to run the service under are in the actual target. How do I get it to install the service using the configured user and password and not prompt for it?
Found this post and since all my service does is writing and reading from local file I should be OK running under the Local Service account instead of a specific user. Even after updated the service installer the ControlService-target requires a user and password to run but then I actually doesn't prompt me for the user and password. But then I don't want to run a specific user and the target fails when not provided with a user and password in the config ... Strange.
I solved by shelling out to the InstallUtil.exe instead. That works fine after set the I set service installer to run as a Local Service account.
<Exec WorkingDirectory="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727"
Command="InstallUtil.exe -i XXX.exe" />
Just an FYI, to install to a remote server, you should use the SericeController task listed here:
http://weblogs.asp.net/scottgu/archive/2006/02/12/438061.aspx