Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Problem with Exception Mgt. App Block on W2k Server (http://www.velocityreviews.com/forums/t765484-problem-with-exception-mgt-app-block-on-w2k-server.html)

Jim Ross [MVP] 12-02-2003 11:07 PM

Problem with Exception Mgt. App Block on W2k Server
 
I'm about at wit's end getting the exception block to operate at all
on our Win 2000 server. All is well on my local workstation, but the
block will not register correctly to operate on the server. Here is
what we have done:

* Xcopied the dll's into our app's bin directory on the server.
* Ran the install util with a bat file located in the bin directory.
the BAT file contains:
===========================
REM *** Batch File to register the ExceptionManagement appblock dll to
allow
REM *** writing to the event log
c:\winnt\microsoft.net\framework\v1.1.4322\install util.exe
microsoft.applicationblocks.exceptionmanagement.dl l
REM Register complete.
pause
=================================

the BAT file returns comforting sounding words, and the actual install
log that gets created also looks "comforting":

==========================================
Installing assembly
'd:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll
logfile =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.InstallLog
Creating EventLog source ExceptionManagerInternalException in log
Application...
Creating EventLog source ExceptionManagerPublishedException in log
Application...
Committing assembly
'd:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll
logfile =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.InstallLog
==============================

BUT, when anything tries to throw an exception, we get the "dreaded":
=======================
"The event source ExceptionManagerInternalException does not exist and
cannot be created with the current permissions
======================

WHAT is going on here? I have seen this error reported frequently, but
in most cases running the installutil seems to clear it up. Here, we
ran installutil, with apparent success to judge from the log, but we
still can't log an exception. I'm sure it is a permissions thing
somewhere, but where? As noted, this is a Win2000 sp3.

Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail

MSFT 12-03-2003 08:45 AM

RE: Problem with Exception Mgt. App Block on W2k Server
 
Hi Jim,

If you use a more powerful account, for example, the System account, will
the error still occur?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Jim Ross [MVP] 12-03-2003 12:24 PM

Re: Problem with Exception Mgt. App Block on W2k Server
 
I don't know. Could you tell me how I might try that? I'm afraid that
is an area of .NET that is foreign territory to me.

Note that the block _appears_ to be correctly registered. Even the
correct Registry entries exist.

lukezhan@online.microsoft.com (MSFT) wrote:

>If you use a more powerful account, for example, the System account, will
>the error still occur?


Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail

MSFT 12-04-2003 07:51 AM

Re: Problem with Exception Mgt. App Block on W2k Server
 
Hi Jim,

You can configure the process identity in the <processModel> section of the
Machine.config file in the Config subdirectory of the installation root
directory. The userName and the password attributes control the identity of
the process. The default values for these attributes are as follows:


<processModel userName="machine" password="AutoGenerate" />


The machine and the AutoGenerate values instruct ASP.NET to use the
built-in ASPNET account and to use a cryptographically strong, random
password that is stored in the Local Security Authority (LSA) for that
account.

If you want to use a process that has more access rights, you can set the
userName attribute to System, which causes the ASP.NET worker process to
run with the same identity as the Inetinfo.exe process. The Inetinfo.exe
process runs by default as the System identity. When you configure the
ASP.NET worker process to use the System identity, the ASP.NET worker
process can access almost all of the resources on the local computer. On
computers that are running Windows 2000 or Windows XP, the System account
also has network credentials and can access network resources as the
machine account.


For more information about <processModel> Element:

http://msdn.microsoft.com/library/de...us/cpgenref/ht
ml/gngrfprocessmodelsection.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Jim Ross [MVP] 12-09-2003 01:52 PM

Re: Problem with Exception Mgt. App Block on W2k Server
 
Yes, I _could_ take that approach, but since my original post I'be
been reading up on these issues, and according to an MS Press book on
building secure ASP.NET apps, the preferred approach for this specific
sort of issue is to grant the ASPNET account the needed access. The
idea being--just as much access as is needed and not a bit more.
Sounds reasonable.

What is so maddening is that I HAVE granted it Registry access to the
needed keys. I can look at it in RegEdt32, and there it is, ASPNET has
the exact access the books says it needs, but as soon as I try to log
an exception, it gets "Registry access denied". It seems reasonable to
assume, at this point, that the domain security policies are somehow
overriding what I'm trying to do.

lukezhan@online.microsoft.com (MSFT) wrote:
>You can configure the process identity in the <processModel> section of the
>Machine.config file in the Config subdirectory of the installation root
>directory. The userName and the password attributes control the identity of
>the process. The default values for these attributes are as follows:
>


Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail

Joe Audette 12-09-2003 06:02 PM

Problem with Exception Mgt. App Block on W2k Server
 
I think the reason your batch file doesn't work is
because you have to use the VS.NET command prompt to run
the installutil not just a regular command prompt. The
VS.NET command line set up environment variables that are
needed. I know there is a way to do it with a regular
command prompt but you have to setup the environment
variables that the VS.NET command prompt would do for you.

Best Regards,

Joe Audette

>-----Original Message-----
>I'm about at wit's end getting the exception block to

operate at all
>on our Win 2000 server. All is well on my local

workstation, but the
>block will not register correctly to operate on the

server. Here is
>what we have done:
>
>* Xcopied the dll's into our app's bin directory on the

server.
>* Ran the install util with a bat file located in the

bin directory.
>the BAT file contains:
>===========================
>REM *** Batch File to register the ExceptionManagement

appblock dll to
>allow
>REM *** writing to the event log
>c:\winnt\microsoft.net\framework\v1.1.4322

\installutil.exe
>microsoft.applicationblocks.exceptionmanagement.d ll
>REM Register complete.
>pause
>=================================
>
>the BAT file returns comforting sounding words, and the

actual install
>log that gets created also looks "comforting":
>
>==========================================
>Installing assembly
>'d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll'.
>Affected parameters are:
> assemblypath =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll
> logfile =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.InstallLog
>Creating EventLog source

ExceptionManagerInternalException in log
>Application...
>Creating EventLog source

ExceptionManagerPublishedException in log
>Application...
>Committing assembly
>'d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll'.
>Affected parameters are:
> assemblypath =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll
> logfile =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.InstallLog
>==============================
>
>BUT, when anything tries to throw an exception, we get

the "dreaded":
>=======================
>"The event source ExceptionManagerInternalException does

not exist and
>cannot be created with the current permissions
>======================
>
>WHAT is going on here? I have seen this error reported

frequently, but
>in most cases running the installutil seems to clear it

up. Here, we
>ran installutil, with apparent success to judge from the

log, but we
>still can't log an exception. I'm sure it is a

permissions thing
>somewhere, but where? As noted, this is a Win2000 sp3.
>
>Jim Ross
>MS MVP [ASP.NET][VC/MFC emeritus]
>
>To send email, change 'lotsofspamthroughhere' to 'msn'

but please ask all questions in the newsgroups, not via
private mail
>.
>


MSFT 12-10-2003 09:02 AM

Re: Problem with Exception Mgt. App Block on W2k Server
 
Hi Jim,

There may be some other registry entries on which we need permission. To
make sure this, you may use a tool "regmon" to trace the access to
registry. It will log all access to registry. When the error occur, you can
check its log to see if there is any permission denied error on the
registry. For more information on this tool, you can browse to:

www.systeminternals.com

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)



All times are GMT. The time now is 09:50 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.