I have a private message queue on machine x that I want to be able to read from/write to from a .NET web service running on IIS 8.5 on machine y. I keep getting
"Access to Message Queuing system is denied"
when calling GetPrivateQueuesByMachine(machine-name)
However I am able to access the same queue using a test console application from machine y. It apparently seems to be a permissions issue, but I have spent hours fiddling with permissions but no luck.
The MSMQ is running as Network Service and I have even unchecked the 'Disable un-authorised RPC calls' for it but that doesn't seem to be the issue because my console application can access the queue.
There is something specific about the .NET web service running in IIS that is resulting in this error but I can't figure it out.
IIS is running as ApplicationPoolIDentity on machine y. The path to the message queue on machine y is in the form: machine-name\private$\private-queue-name
I have finally figured it out. It was to do with the user that my web service was running as. I changed it from Local System to the administrator user and it worked.
Related
I have migrated a windows server 2008 r2 to GCP, in the process of putting it into production recreate the disks from snapshot and image in another project where I made sure in its creation that the instance had the default service account with the default permissions among the which is writing to StackDriver Monitoring, even so when installing the agent in the operating system, it does it without any problem, when verifying the service is stopped, when it starts it automatically stops again and registers the following in the event viewer log:
error metadata
On the other hand, and verified that there is communication with metadata.google.internal and not, for this reason request the client to recreate the registry in the DNS for said resolution:
enter image description here
even so, metadata.google.internal still does not respond, despite the fact that the machine does have Internet access open in the firewall and the private access vpc is also enabled.
How can I solve this problem?
I have hosted an MVC application in Azure App Service. The application is not creating any problem when i am testing it in local host. I can easily connect to the Dynamics-365 through the SDK and can do easily CRUD operation.
But when i am trying to login which is hosted in Azure it is giving that error though am not getting this error if i restart the app service. If i restart the app service in every morning then i am not getting this error. But i don't want to restart the app service daily.
Here the same question also has been asked but there is not any solution which has been marked as Solved. Time zone difference between client and server has been discussed here but the part which confused me when i am restarting the app service it is working.
How to solve this issue? I am thinking about app service Auto Healing. Should this work?
Any solution would be appreciated.
Thanks in advance.
From your description of Question it looks like connection pool issue. You probably are not closing connection after your transaction is completed. Try force closing connection (threads) that might solve your issue.
OR
The clock on the Server hosting client application was out of sync with the server having the service.
This is almost always because of a server time skew. The remote server
and the client's system time must be within (typically) 10 minutes of
each other. If they are not, security validation will fail.
I'd check azure service bus and find out what their server time is, and
compare that to your server time.
WCF gives an unsecured or incorrectly secured fault error
https://social.msdn.microsoft.com/Forums/vstudio/en-US/ae4172dd-e215-4a72-b927-d164ce4cc318/an-unsecured-or-incorrectly-secured-fault-was-received-from-the-other-party?forum=wcf
I have a web application developed in VS2013
ASP.NET MVC 5
NInject for IoC
Sql Server 2008 R2 for a backing store (ADO, not Entity Framework, for DAL)
IIS 7.5 (Not a web garden, max processes = 1)
PostSharp 3.1.46.0
I have been developing and deploying on my local machine this application to a development server for months with not too many issues.
App Pool is .Net 4.0 Integrated, using the ApplicationPoolIdentity
Anonymous and Forms authentication are enabled. Anonymous is set to use the App Pool identity
File permissions are set for the application folder to give IIS AppPool\[mypool] read, list, execute access. (I tried full access, once, and it didn't help)
Last week, the development server reports a 401 (sc-status:401 sc-substatus:0 sc-win32-status:0) instead of showing me any forms from a remote connection. Local connections, that is, when I access the app on the sandbox, or if I log on to the development server and access it locally, work as expected. Any request from a remote machine fails.
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
I tried recreating the app pool and re-assigning the app to it. I tried aspnet_iisreg -ir. I went through most of the "Similar Questions" to the right of this edit box, trying to find something close to my issue. I erased the application from the server and redeployed to a new app, with new name and a new physical folder. KB2545850 hotfix didn't help.
My deployment strategy is an xcopy of everything but the web.config(s) I maintain the web.config separately. Please help diagnose.
In ASP.NET MVC Deploying an app with forms authentication to IIS 7.5 it says:
If you have a path leading to an eventual [Authorize] attribute, that will cause this -
removing the RenderAction or allowing that action to render without [Authorize] fixes it.
That was similar to my issue. I have a global filter to Authorize. I recently added a partial view in a controller to display a serial number. I added that partial to the _Layout, without the AllowAnonymous. Since the login form used the layout, which used this partial, I couldn't log in until I logged in.
Adding an [AllowAnonymous] to the action resolved this issue. I am thinking about how to more easily detect this for when it happens to me again.
Ok I'm stumped. I've configured an IIS 6 website with its own App Pool, which has its own AD domain credential. When I attempt to browse the site, I see a page that simply says "Access is denied.". There is no error code or information in Event Logs.
I am able to open Notepad with the app pool account credentials (and open the html file I'm trying to browse).
If I add the app pool's domain account to the local administrators group, the site loads. However, this is not acceptable for our environment.
I have successfully configured this site on two servers (that are supposed to be identical in a load-balanced pair). However, try as I might, I can't find any difference between these two servers' configurations.
Is your pool identity present in the local group IIS_WPG ?
This group ensure the Worker Process will have the required privileges to run correctly.
Also, your WebSite root folder must have Read permissions for IIS_WPG, which is the case if your root is in Inetpub\wwwroot.
Same for C:\WINDOWS\Microsoft.NET\Framework\vx.x.x.x\Temporary ASP.NET Files + Write, if you run ASP.NET WebSites.
FYI, in IIS 7, the group is now known as IIS_IUSRS.
Default permissions and user rights for IIS 6.0
Configuring Application Pool Identity in IIS 6.0
I reinstalled IIS 6 and the error has gone away. After reinstalling IIS, I had to reinstall .NET 4 as well.
Thank you very much for your suggestions and advice though!
My Setup: W2K8-R2 IIS7.5 x64bit servers (app pool is running in 32bit, though)
We have a (.net 4.0) web application that runs under the "ApplicationPoolIdentity". It has "Windows Authentication" enabled. The web app calls a web service on different (older - W2K3 II6) web server (same domain). The web service requires Windows Authentication as well.
On some of our web servers, this works well and I can see that the Web App calls the web service and identifies itself as the machine name for the web server it is running on (as expected). However on other web servers the application will not identify itself when it calls the web service and thus gets a 403 error (this is confirmed by looking at the IIS logs for the web service).
I've compared the web servers that work versus those that don't and I can't find any significant differences. (I compared the ApplicationHost.Config files from both sites and with the exception of a few encryption keys they are identical).
Any thoughts on what could be causing the App Pool Identity on the bad machines to forgo identifying itself? Did we set something up on one web server and miss it on the other?
If not, can someone recommend tools that could be used to track down what's going on?
Thanks for any help.
For anyone else who find this question, it is answered is several places :
Granting write permissions to a networked UNC folder for ASP.NET under IIS 7.5 and Windows Server 2008 R2
IIS application using application pool identity loses primary token?
DirectoryServicesCOMException 80072020 From IIS 7.5 Site Running Under ApplicationPoolIdentity
ApplicationPoolIdentity cannot access network resources
https://serverfault.com/questions/217547/applicationpoolidentity-iis-7-5-to-sql-server-2008-r2-not-working
Summary: Install MS HotFix KB2545850 and learn the details about this bug in KB2672809 which also shows how to reproduce this issue.
An update in case anyone runs into this... We realized that the common thread between servers that worked was that they had been rebooted recently. After rebooting the problem servers, they too started working.
At this point I can't explain what the issue was, but it appears a reboot solved it. I will update if the problem reoccurs.