«

I'm running some ASP.NET applications on Windows 2003 server and I cannot
get ANY performance counters values in ASP.NET, ASP.NET Applications
categories. Every sample is 0, application instances are not shown.

w3wp process is running under NETWORK SERVICE account and it has the
following permissions in

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ASP.NET_1.1.4322\Names.

Query Value
Set Value
Create Subkey
Enumerate Subkeys
Notify
Read Control

BTW, NETWORK SERVICE is not a member of IIS_WPG and I see no way to add it
there.

Please advise.

Dmitry.

Hi Dmitry,

Thanks for your posting. From your description. You can't found your
asp.net application's instances in the server performance counter's certain
Categories and also the NT AUTHORITY \NETWORKSERVICE account is not in the
IIS_WPG group, yes?

Is the win2003 server you mentioned a DC Controller? There is a known
behavior that When a server is promoted to DC box, there will occur some
problems on running asp.net/asp applications (IIS host services). And one
problem is the NETWORKSERVICE BE removed from the IIS_WPG group. If this is
the problem, I think you can try switch the ASP.NET to run under the SYSTEM
identity first and also check the performance counter to see whether it
works( you can also create some other simple asp.net applications to verify
this).

Please have a check and if there is any further findings, please feel free
to post here.
Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

"Steven Cheng[MSFT]" <v-> wrote in message
news...
> Hi Dmitry,
>
> Thanks for your posting. From your description. You can't found your
> asp.net application's instances in the server performance counter's
certain
> Categories and also the NT AUTHORITY \NETWORKSERVICE account is not in the
> IIS_WPG group, yes?
>
> Is the win2003 server you mentioned a DC Controller? There is a known
> behavior that When a server is promoted to DC box, there will occur some
> problems on running asp.net/asp applications (IIS host services). And one
> problem is the NETWORKSERVICE BE removed from the IIS_WPG group. If this
is
> the problem, I think you can try switch the ASP.NET to run under the
SYSTEM
> identity first and also check the performance counter to see whether it
> works( you can also create some other simple asp.net applications to
verify
> this).

Yes, Steven you described the problem correctly. It IS a domain controller.
But I don't feel like running ASP.NET under SYSTEM account because of
security concerns.

What other options could you suggest as a workaround? If I create the
account equivalent to NETWORK SERVICE (like ASPNET in Windows 2000 server)
and run ASP.NET under this account, what potential problems I can bump into?
Is there anything special in NETWORK SERVICE regarding ASP.NET behavior?

Regards,

Dmitry.

Thanks for your response Dmitry,

If you don't want to use SYSTEM, and since its a DC box, maybe you need to
provide a domain account to run the asp.net application(set it as teh
process identity in the IIS6's application pool setting). Generally, adding
the account into IIS_WPG group should be sufficient, you can try that and
testing your web app to verify this. If there occurs any problems on
permission, you can have a look at the following kb article which has a
complete description on the default aspnet process identify's access rights:

#Process and request identity in ASP.NET
http://support.microsoft.com/default...b;en-us;317012

BTW, if possible, I still recommend that you consider moving those service
based application(such asp.net) from DC box to a normal server machine.
That'll help avoid some unexpected issues.

Hope helps.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

"Steven Cheng[MSFT]" wrote:


> If you don't want to use SYSTEM, and since its a DC box, maybe you need to
> provide a domain account to run the asp.net application(set it as teh
> process identity in the IIS6's application pool setting). Generally, adding
> the account into IIS_WPG group should be sufficient, you can try that and
> testing your web app to verify this.

Thanks, that works. I've created MYASPNET account, include it in Users and
IIS_WPG groups and made appropriate change in processModel.

> BTW, if possible, I still recommend that you consider moving those service
> based application(such asp.net) from DC box to a normal server machine.
> That'll help avoid some unexpected issues.

That's NOT possible because this is the only server in the domain.

Thank you for your help.

Regards,
Dmitry

You're welcome Dmitry,

Glad that your application work again. Good luck!

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)