Orchard CMS warmup authorization exception - orchardcms

I have an Orchard site that is set to periodically generate warm up pages.
I am seeing a number of UnauthorizedAccessExceptions when the background process is trying to delete the old warmup files.
Would somebody be able to guid me as to where I can grant the relevant permissions for this in IIS? The site is hosted by a shared hosting environment to which I have access although not as admin.
2013-01-15 18:44:09,078 [18] Orchard.Tasks.BackgroundService - Error while processing background task
Orchard.OrchardCoreException: Unable to make room for file "d:\virtualservers\xxxxx\xxxxxx\wwwroot\App_Data\Sites\Default\warmup.txt.lock" in "App_Data" folder ---> System.UnauthorizedAccessException: Access to the path 'd:\virtualservers\xxxxx\xxxxxx\wwwroot\App_Data\Sites\Default\warmup.txt.lock' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalDelete(String path, Boolean checkHost)
at Orchard.FileSystems.AppData.AppDataFolder.MakeDestinationFileNameAvailable(String destinationFileName) in c:\Users\sebros\My Projects\Orchard\src\Orchard\FileSystems\AppData\AppDataFolder.cs:line 79
--- End of inner exception stack trace ---
at Orchard.FileSystems.AppData.AppDataFolder.MakeDestinationFileNameAvailable(String destinationFileName) in c:\Users\sebros\My Projects\Orchard\src\Orchard\FileSystems\AppData\AppDataFolder.cs:line 82
at Orchard.FileSystems.LockFile.LockFile.Release() in c:\Users\sebros\My Projects\Orchard\src\Orchard\FileSystems\LockFile\L

It was a permissions issue within IIS.
As the site is hosted on a shared hosting provider I had to contact them to resolve the permissions.
Hopefully useful to somebody else if they see these errors in their logs.

Related

ABP framework 6.0.0 fails when deployed at Azure

Trying to deploy ABP framework 6.0.0 AuthServer at Azure, after sucessful built and run locally.
Got "HTTP Error 500.30 - ASP.NET Core app failed to start"
When trying to get some logs, using Azure Debug Console at myproject.scm.azurewebsites.net/DebugConsole I got following:
C:\home\site\wwwroot>dotnet MyProject.AuthServer.dll
[19:52:57 INF] Starting MyProject.AuthServer.
[19:53:00 FTL] MyProject.AuthServer terminated unexpectedly!
Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details.
---> Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied.
at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags)
at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags)
at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate(X500DistinguishedName subject)
at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate()
at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder)
at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action`1 configuration)
at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services)
at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context)
at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context)
at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
--- End of inner exception stack trace ---
at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
at MyProject.Program.Main(String[] args) in D:\a\1\s\aspnet-core\src\MyProject.AuthServer\Program.cs:line 35
This say nothing to me, and when Googling around, I hit this at abp.io website: https://support.abp.io/QA/Questions/3537/OpenIddict-WindowsCryptographicException-Access-is-denied
But I can´t figure out where I shall do the changes. It feels like this should be noted in the ABP.io docs?
Do you know what can cause this, or have some ideas what can be wrong?
I was having the same issue with having the same setup as you have with the exception of deploying to azure, but it should be the same solution.
Please check this SO question:
WindowsCryptographicException: Access is denied when publishing app in Azure
The problem with OpenIddict (or rather, the goodness we're not used to) is that it is bare bones and you have to implement everything yourself.
OpenIddict must have a certificate in order to function on the server you're deploying to, and to have better security on top of whatever measures you're taking.
Basically what you will do is create a new self-signed certificate, upload it to cert store, add the thumbprint to the code and add it to one WEBSITE_LOAD_CERTIFICATES environment variable on said server.
You can add this environment variable to the code instead of hard-coding the thumbprint.
Here is a not-so-informative part of the abp.io documentation about the issue at hand:
Abp.io doc
And here is what I did in the code:
I hope this helps.

Error when trying to open sharepoint in windows server

When i try to open sharepoint in my windows server, following error appears:-
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.
Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".
Can anybody help me on this.
Following is the error:-
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[COMException (0x80070005): Access is denied.
]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.get_IsContainer() +31
System.DirectoryServices.ChildEnumerator..ctor(DirectoryEntry container) +26
System.DirectoryServices.DirectoryEntries.GetEnumerator() +25
Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.System.Web.IHttpModule.Init(HttpApplication app) +471
System.Web.HttpApplication.InitModulesCommon() +65
System.Web.HttpApplication.InitModules() +43
System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers) +729
System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context) +298
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +107
System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +289
Any help is appreciated.
Do the Following to get the idea about exact error :
Go to C:\inetpub\wwwroot\wss\VirtualDirectories\ of your web application for which you have error.
Open and Edit web.config file and set customErrors mode to Off.
See what is the main error.
Let us know the error.
This error is occured when a login you are using is not having enough permission to login to the sharepoint site.
Check Permission of a user, it has the permission to login or not?
If you are able to able to access CA then you can add this user as Site Collection administrator, and access the sharepoint site.
Hope this helps

Orchard CMS Multi-tenancy crash beware

I'm sporting Orchard 1.4 up with Multi-tenancy enabled. I added a new tenant this morning with a name that started with the number 4, "4wdcarsandtrucks". Well, after creating the new tenant, all my sites started throwing 404 errors. Looking into the logs, I found that I was getting the following entries for every one of my tentants:
2012-05-20 08:59:22,795 [6] Orchard.Environment.DefaultOrchardHost - A
tenant could not be started: Default System.Xml.XmlException: Name
cannot begin with the '4' character, hexadecimal value 0x34. Line 16,
position 4. at System.Xml.XmlTextReaderImpl.Throw(String res,
String[] args) at System.Xml.XmlTextReaderImpl.ParseQName(Boolean
isQName, Int32 startOffset, Int32& colonPos) at
System.Xml.XmlTextReaderImpl.ParseElement() at
System.Xml.XmlTextReaderImpl.ParseElementContent() at
System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace) at
System.Xml.XmlLoader.LoadDocSequence(XmlDocument parentDoc) at
System.Xml.XmlDocument.Load(XmlReader reader) at
System.Xml.XmlDocument.LoadXml(String xml) at
Orchard.Environment.Descriptor.ShellDescriptorCache.Fetch(String name)
in
C:\src\xxxxxx\main\dotnet\public\Orchard\v1.4.1.0\src\Orchard\Environment\Descriptor\ShellDescriptorCache.cs:line
53 at
Orchard.Environment.ShellBuilders.ShellContextFactory.CreateShellContext(ShellSettings
settings) in
C:\src\xxxxx\main\dotnet\public\Orchard\v1.4.1.0\src\Orchard\Environment\ShellBuilders\ShellContextFactory.cs:line
54 at
Orchard.Environment.DefaultOrchardHost.CreateAndActivateShells() in
C:\src\xxxxxx\main\dotnet\public\Orchard\v1.4.1.0\src\Orchard\Environment\DefaultOrchardHost.cs:line
135
As per instructions of removing tentants manually, I deleted the site folder in App_Data\Sites and the issue still persists.
I did a search under the orchard root folder for "4wdcarsandtrucks" and found another folder in Media. With that removed, the only remaining traces of the tenant name, the issues still persists. I've Recycled the app pool and restarted the site. It's so bizarre!
Has anyone run into this issue before or anyone have any advice?
Issue resolved! Okay, in case anyone else runs into this, there is some bizzare caching surrounding this issue. The following steps should clear it right up:
Stop the application pool.
Delete App_Data\cache.dat
Start the application pool.
I had a local copy of server's side Orchard CMS and I had an uninitialized tenant on my azure server. After downloading it, it either wanted to set up a new webpage (default setup screen on an already working system) or it threw
a tenant could not be started
But deleting cache.dat in App_Data folder of my orchard directory (locally) fixed the issue.

Sharepoint SSL Web.Config access issue

I’ve got a strange scenario:
I’ve got a webpart that calls into a dll in the GAC, which is trying to read a section from web.config file.
This works fine normally, but under SSL it fails, saying it does not have access to the path (of the config file). However, it’s under the mosssvc account, which has full control over the webconfig file.
Both the 80 web.config file and the 443 web.config file have the same entries the dll is looking for, and mosssvc has full control on both configs.
I have tried elevating the trust level on 443 to full, which didn't work.
Any ideas, or anything you can think of that I can try?
EDIT: I should have been more clear: the SSL site has already been created and works fine until the one method in the GAC'd assembly tries to examine the web config.
The full error message is:
Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1310
Date: 2/9/2009
Time: 1:44:49 PM
User: N/A
Computer: XXXXX
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 2/9/2009 1:44:49 PM
Event time (UTC): 2/9/2009 9:44:49 PM
Event ID: 2d7180cdfbb34acfa6c61f95df12ddde
Event sequence: 26
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: YYYYYYYYYYYYYYYYYYYYYYY
Trust level: Full
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\
Machine name: XXXXXXXX
Process information:
Process ID: 5168
Process name: w3wp.exe
Account name: XXXXXXXXX\mosssvc
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred loading a configuration file: Access to the path 'C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\web.config' is denied. (C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\web.config)
Request information:
Request URL: https://XXXXXXX:443/training/Pages/smartregister.aspx?c=383
Request path: /training/Pages/smartregister.aspx
User host address: 64.34.27.186
User:
Is authenticated: False
Authentication Type:
Thread account name: XXXXXXX\mosssvc
Thread information:
Thread ID: 10
Thread account name: XXXXXXX\mosssvc
Is impersonating: True
Stack trace: at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.Configuration..ctor(String locationSubPath, Type typeConfigHost, Object[] hostInitConfigurationParams)
at System.Configuration.Internal.InternalConfigConfigurationFactory.System.Configuration.Internal.IInternalConfigConfigurationFactory.Create(Type typeConfigHost, Object[] hostInitConfigurationParams)
at System.Web.Configuration.WebConfigurationHost.OpenConfiguration(WebLevel webLevel, ConfigurationFileMap fileMap, VirtualPath path, String site, String locationSubPath, String server, String userName, String password, IntPtr tokenHandle)
at System.Web.Configuration.WebConfigurationManager.OpenWebConfigurationImpl(WebLevel webLevel, ConfigurationFileMap fileMap, String path, String site, String locationSubPath, String server, String userName, String password, IntPtr userToken)
at System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(String path)
at XXXXXXXXX.RegistrationHelper.RegisterStudents(Boolean sendEmail, String Time, String Title, String bFirstName, String bLastName, String bAddress, String bPostalCode, String bCity, String bTelephone, String bCompany, String bEmail, List`1 Registrants, Int32 courseDateID, String pType, String CCNumber_, String NameOnCard, String cExpiry, Double Discount, String DiscountCode, Double CostPerRegistrant, String PurchaseOrder)
at ASP.SmartEventRegistration.lnkSubmit_Click(Object sender, EventArgs e) in c:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\CONTROLTEMPLATES\SmartEventRegistration\SmartEventRegistration.ascx:line 401
at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at Microsoft.SharePoint.Publishing.TemplateRedirectionPage.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
try this, form Faranz Kan SharePoint blog on how to enable SSL in MOSS:
Go to central admin --> Create or extend a new web application -->
Create a new web application.
Fill in the Web app, DB and App pool names as usual. Select yes to
enable SSL on the web application. If
you are using host headers for this
web app, then enter those too.
(Important: Make sure to set the port
to 443, not 80).
After the web application has been created, reset IIS and then open up
IIS mmc. Scroll to the IIS website
that MOSS just created for you and
select the right SSL certificate from
the available certificates (Ask your
network folks to generate an internal
or external SSL cert for you depending
on whether this is a test or prod
server). Important: Go to the Home
Directory tab and click Advanced. Make
sure you set the host header and the
right IP for port 80. For SSL entries,
select port 443 and the IP. (If you
have multiple IP's on the server, I
usually pick one here for these
entries). Click on the edit button for
SSL entries and check the 'Require
SSL' box. Also check 'Require 128 bit
encryption' to make this more secure.
Now go ahead and create your first site collection for this web app. MOSS
will automatically create a new site
collection for you and present you
with a "https://.." link upon
completion. You should now have a SSL
ready web app.
By default, if you want multiple web apps using SSL on the same server
this does not work in IIS 6. If you want multiple MOSS 2007 Web apps to be
SSL enabled, there are two ways of
going about this. One way is to get as
many IPs as you want SSL web apps for
that web server and assign one IP per
host header settings for port 80 and
443 under IIS Website properties -->
Home Directory --> Advanced. The other
option is to modify the IIS metabase
to allow multiple SSL web apps on the
same IP. Be careful with the second
option and make sure you know what you
are doing.

MOSS 2007 SSL error when configuring Search Settings

We’re getting the following error message when we click on “Search Settings” for a Shared Services Provider: “Authentication failed because the remote party has closed the transport stream.”
This is a new server environment with two web front ends, one database server, and one index server, all running Windows 2003 x64.
Does anyone have any thoughts related to if this could be related to 64-bit, or what could be causing the error.
Here are the full details from ULS:
09/17/2008 16:30:34.13 w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86x4 High Configuring the Search Application web service Url to 'https://mushni-sptwb04q:56738/Shared%20Services%20Portal/Search/SearchAdmin.asmx'.
09/17/2008 16:30:34.14 w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86ze High Exception caught in Search Admin web-service proxy (client). System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.Co...
09/17/2008 16:30:34.14* w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86ze High ...mpilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.SoapHt...
09/17/2008 16:30:34.14* w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86ze High ...tpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.Office.Server.Search.Administration.SearchWebServiceProxy.RunWithSoapExceptionHandling[T](String methodName, Object[] parameters)
I guess you find this exception in the index server, right?
Are you able to browse to 'https://mushni-sptwb04q:56738/Shared%20Services%20Portal/Search/SearchAdmin.asmx' from the index server?
It seems like SSL is not properly provisioned on the front-end servers. This might solve your issue:
Remove the SSL certificate of the front-end servers
Remove the index server from the farm
Move the search and index roles to one of the front-ends
Join the index server back to the farm
Add the index/search roles to the index server
Apply the SSL certificate (you can generate them using SelfSSL) to both front-ends
Be careful with SelfSSL, its better to use Use SSLDiag. SelfSSL has a bug where if you use it to assign certificates to multiple sites on the same box, only the last site will work. You can run SslDiag from the command line like so:
ssldiag /selfssl /V:999 /N:CN=<hostname> /S:<siteId>
Use metabase explorer to find the side it.
Could be an SSL issue.
Do have a look into profiles settings, do you get any error when accessing to the User Profiles settings for that same SSP?
I'm having the same problem. The "Office Server Web Services" (henceforth OSWS) site is available through HTTP on my app server, but not via HTTPS. It doesn't matter where I try to hit the HTTPS URL from, it just flat-out fails (read: no HTTP error code).
However, I have come up with some more information. When the app server was joined to the farm, it gave OSWS a different site identifier than exists in the rest of the farm.
I tried changing the site identifier, but that didn't work. I've also tried installing the IIS diagnostics toolkit. That pointed me towards the certificate that MOSS installed when the machine was joined to the farm. The line of interest is this one:
#WARNING: AcquireCredentialsHandle failed with error -2146893043(0x8009030d)
Unfortunately, it looks like Microsoft has embedded some information in the certificate that would prevent me from using SelfSSL or similar tools. Here's the subject (suitably scrubbed):
CN={hostname},L=951338967,OU=SharePoint,O=Microsoft
The "L" parameter matches the original (and incorrect) site identifier that the site was given and not the one that matches the rest of the farm.
My next step is to see if I can generate something that looks appropriate and install it with winhttpcertcfg.exe
We are also running x64 windows and moss 2007 with .net 3.5 sp1,same issues. I suspect this is the culprit.
To resolve this issue download the IIS6 resource kit and run the following command
Selfssl /s:(IIS ID of the Office Server Web Services site) /v:9999
Cheers,
-Ivan

Resources