We have a situation where if the Active Directory server has a temporary problem possibly a network/DNS glitch, then after it is fixed the web application running under IIS still receives this error:
"The server could not be contacted. at
System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)"
This situation clears when IIS is reboot or we run iisreset.exe.
Could it be that IIS is caching the status of the downed directory server. In which case how can we avoid that?
Related
I have a simple node.js application running on localhost:3000, printing "Hello world".
When I start it from command line, everything works fine.
But when I start it with IIS (choosing "Browse website" in IIS manager), it gives following error:
iisnode encountered an error when processing the request.
HRESULT: 0x2
HTTP status: 500
HTTP subStatus: 1002
HTTP reason: Internal Server Error
You are receiving this HTTP 200 response because system.webServer/iisnode/#devErrorsEnabled configuration setting is 'true'.
In addition to the log of stdout and stderr of the node.exe process, consider using debugging and ETW traces to further diagnose the problem.
The last 64k of the output generated by the node.exe process to stderr is shown below:
Application has thrown an uncaught exception and is terminated:
Error: EPERM: operation not permitted, lstat ...
From several questions here on StackOverflow, I found this is a permission problem. So I granted full permission to the user of the site (following suggestions here and here), with no success, same error.
But when I change the Application Pool Identity from ApplicationPoolIdentity to LocalSystem, it works.
My problem is, this was just a try and I don't understand why it works. I'm confused about that and worried this is not the correct way to go. Can someone help me? Or maybe explain why this works?
This is a permission issue. The default identity of apppool is “ApplicationPoolidentity”, which is a virtual user created when the application pool is created and has few permissions. The localsystem has the highest authority.
Generally, Node.js starts listening on port 3000 through the command line, and IIS will reverse proxy the request to port 3000 and print “Hello World”. But your description is start it with IIS. I guess what you mean is to start node.js through IIS, that is, start node.js from app pool. App pool needs high authority to start local services, and the identity must be “local system”.
If you are worried about security issues, it is best to start node.js through the command line and proxy the request to port 3000. Through the test, even if the application pool identity is “ApplicationPoolIdentity”, it can work.
I have installed ARR on my Windows 2019 server via the IIS Platform Installer and configured it by adding a server farm and adding a single server to it.
I can ping the server and ARR shows it is online. The issue is, when I submit a request from my local PC, it seems to hit the ARR server but it never hits the server farm. The browser returns 404 Not Found.
On the ARR server, if I create a request to "controlcenter.mydomain.com" and view the logs in C:\iislogs\www\HTTPERR I see this error:
2020-10-30 19:14:54 [my local computer IP address] 53391 [my ARR server IP address] 80 HTTP/1.1 GET / - 404 - NotFound -
The sites on my webfarm server are "controlcenter.mydomain.com" and "api.mydomain.com." Do I need to create special rewrite rules for these sub domains? I cannot seem to tell from the documentation.
How can I find out why the request is not being properly routed from the ARR server to the server I've added to my server farm (shown below)?
When I tried to reset runtime statistics on the Monitoring and Management page, it says, "The operation could not be completed because the worker process has stopped."
The health test with URL "http://controlcenter.mydomain.com" succeeds also.
Before you use ARR, you must first make sure to create a site bound to your domain, and then ARR can forward requests for that domain to the server farm.
In order to solve the problem of stopping the work process, there are the following methods.
Setting Ping Enabled to False stops IIS from checking whether the worker process is still running and keeps the worker process alive until you stop your debugged process. Setting Ping Maximum Response Time to a large value allows IIS to continue monitoring the worker process. You can refer to this document.
Run this command from the elevated command prompt on the controller machine.
net stop webfarmservice & cd /d "%programfiles%\iis\Microsoft Web Farm Framework" & mkdir extensions & move WFFExtension.dll extensions & net start webfarmservice
When I tested in my environment and killed the w3wp.exe, health test returned success but status of servers were unknow. This command solved the issue.
Delete the server farms and restart the IIS, then re-create server farms and add servers.
We've been able to successfully, automatically, deploy our MVC and WebApi to IIS7.5 on Win2008 R2, for some time now. Just this week the MSDeploy stopped working. The System event log shows this error when attempting to restart the Web Management Service on the targeted Win200 R2 server:
The Web Management Service service terminated with service-specific
error %%-2147483640.
The Application log shows this error at the same exact time the above error occurs.
IISWMSVC_STARTUP_UNABLE_TO_ACTIVATE_HWC
Failed to activate the Hostable Web Core (HWC). Web Management Service startup failed. Please reference the Win32 error in this
event for further information.
Exception:System.Runtime.InteropServices.COMException (0x8007007F):
The specified procedure could not be found. (Exception from HRESULT:
0x8007007F) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at
Microsoft.Web.Management.Server.WebServer.Microsoft.Web.Management.Server.Interop.IWebServer.Start()
Process:WMSvc User=NT AUTHORITY\LOCAL SERVICE
The above error is preceded by this warning:
A listener channel for protocol 'http' in worker process '7164' serving application pool 'WMSvcAppPool' reported a listener channel
failure. The data field contains the error number.
Which is preceded by this error:
Failed to find the RegisterModule entrypoint in the module DLL C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll. The
data is the error.
We've attempted to reach the target server using https://ourservername:8172/MsDeploy.axd. The response is:
Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the
connection
Is this occurring because the port is blocked or because the Web Management Service is not running? (The Windows Firewall with Advanced Security dialog says the "Windows Firewall is off" and there are no entries in the firewall log (C:\Windows\System32\LogFiles\Firewall).
We've seen some posts that indicate the certificate may be the issue. Not sure how to actually tell if this is the case though. The CERT we have says it is valid thru 2029.
I resolved the problem on a cloned Win2012 VM by changing the SSL certificate which was set to the original host. I used the self-cert.
I've put this here as a potential answer as I didn't read the question far enough to see the SSL comment at the end ;) and although the fix took 30 seconds we spent at least 2 days trying everything else.
I have CCNET 1.8.5.0 installed on two build servers and I configured WebDashboard on one server to monitor both of them. But it leads to such bug: when user logs in to one of the servers, webdashboard shows him as being authorized on other server too (Logout button is showed instead of Login). But when it tries to access project on second server he gets usual error:
Request processing has failed on the remote server: Permission to execute 'ViewProject' has been denied.
How could I force webdashboard to separate authorization on every server?
this seems to be a bug :-(
there is no configuration to my knowledge that would bypass this problem for the moment.
Here's the scanario... i have a glassfish server runnung my app on EC2, i configured a virtual server on glassfish for one of my domains (lets say mydomain.com) and this same virtual server has a default web module (lets say "myapp").
it works like a charm, when i access www.mydomain.com i get the login screen for my app, as it should be... no need to access www.mydomain.com/myapp (/myapp is the default context path for myapp).
But here's the thing; after i do a new deployment of my WAR file i can't access my app. if i type www.mydomain.com on the browser and press ENTER, the server gives me an "HTTP Status 503" however, if a access www.mydomain.com/myapp y can see my login page.
this problem goes away after i do a "sudo service glassfish restart" but as you might think, restarting the app server after every deployment is a pain, and btw, this is not the only app i'm running here, so... restarting glassfish just shuts down all apps and pisses off all users.
I'm deploying from Netbeans but i get the same result deploying from command line (asadmin).
i tried google but the notes i found didn't help.
is this a glassfish config problem?
am i missing a step after deployment?
for reference, i'm using: jsf 2.1, primefaces 3.2, jasper reports 4.6 (with required dependencies), mysql connector, glassfish server ose 3.1.2.2
i'll appreciate any help.
thanks.
Looks like Im shooting in the dark but here it goes.
In most cases, HTTP Error 503: Service Unavailable indicates that the App Server / Tomcat Server was not communicating well with the Web server, normally Apache.
Whats interesting is that when you sudo restart, it works, ITs a good indication of permissions of the filesystems. If you have deployed as a normal user but you have set up the server as root, this might just be the problem.
Yes, its a config problem & more. Try checking the file permissions & assign users to each process & make them play well.
Let me know if you could share some errors / logs, it would be helpful.