I have a small winforms app that creates a new event log source.
I run it as administrator for the elevated privileges.
The code checks to ensure the specified event log does not exist and then creates the source. This worked fine on my Windows 7 machine, but when I run the app on Windows Server 2008 R2 SP1 it tells me the source already exists. I know it doesn't because a) this is a fresh installed of Windows Server 2008 R2, and b) I added code to return a list of all the log sources and my new one was not in the list.
I know about the "first 8 characters" being the significant ones and I made sure my source names was completely unique.
Here's the super-easy code (of course I have try/catches around this):
if (!EventLog.SourceExists(sourceName))
{
EventLog.CreateEventSource(sourceName, logName);
}
Can anyone tell me why Windows Server 2008 is lying to me?
Local (or domain) administrators are not the most powerful accounts on a Windows box.
There are other accounts that have higher (though also more limited) access.
SourceExists() will return false if it exits but you don't have access rights to know about it, and it's perfectly possible for an administrator to be denied access to something.
Also, there are reserved names for things in odd places that can trip you up. Creating folders with the names CON COM or LPT used to cause odd issues on server 2003.
So there also are a whole bunch of reasons why CreateEventSource() can fail - dig into the inner exception(s) as well, often those provide critical detail.
Which event log source name was failing for you?
Would you post the exception stack?
Related
I have spent 12 hours on this, tried everything that I have read about, but I cannot get a new server farm we have,the website to write to a shared folder.
I have set the application pools, even temporarily (just to try it out) to admin accounts and even set the folder to be available for "everyone".
We have a network specialist who cannot figure it out either, in his favour he does not understand IIS very well and keeps away from it, but at the end of the day, its just a User account and permissions as far as I can see and I have set up the exact same website on a previous W2012 server and IIS 8.5, 7.5 and 6 without major issues (abeit registering 32bit DLLs in a 64bit environment) but all that has gone well and no issue (except for reading and writing to a shared folder).
SO breaking it down to its simplest form, I used a simple FSO script to write a text file in the shared folder, this clearly came back with "Permission denied line X".
Running the script through cscript as a VBS file, it works, running it through IIS. No chance.
Im not going to give up, but running as the top admin login (I had the network guy use HIS identity in the application pool) its not happening.
32bit has been enabled, yes, folder permissions set, yes.
Im at my wits end with the thing. Anything to suggest, I would be happy to listen and try.
Thanks all.
Update: I can write to the same MACHINE as IIS, any folder as long as I set the appropriate permissions. The difference between from this shared folder (I am working on a server farm, I forgot to mention that) is - when you do the security, locations "IIS AppPool\poolidentity" to add the user, it works on the same server, when I try to add that user on the shared folder on the networked server, that user does not appear - does this give any clues?
Ok - for me, after all the right things that I had done, was something I had not tried.
Select the site in IIS, so you sell all the icons for ASP, Authentication, Autohorization Rules, CGI etc.. - select the Authentication and Open Feature
You will see Anonymous Authentication (Enabled), ASP.NET Impersonation (Disabled), Basic Authentication (Disabled) and so on.
Select the Anonymous Authentication, right click Edit - by default it was set to "Specific User" IUSR - now for me, that did not work - so clicked on Application Pool Identity and boom, now its working.
Hope that helps someone else.
An automated Windows update this morning left my Windows Server 2012 R2 Classic Virtual Machine on Azure in a semi-crashed state. The VM is a web server, and all the files and applications in it are still accessible via the browser. In other words, IIS and a number of other services are still running. Unfortunately, however, the VM is not accessible via Remote Desktop and is unresponsive to commands from the Azure management interface on the portal.azure.com website.
This type of error is quite common and can be found reported on many other websites. The error has been happening to Windows users (not just Windows Server) for many years already, and none of the solutions online will work for Azure users, because they involve restarting from a CD, pressing shift-f8 during boot, issuing DOS commands, restoring from backup, or unchecking certain properties in VMWare or other software.
Does anybody have a real solution for this problem on Microsoft Azure?
After struggling with this for weeks, I think I was able to fix this with the help of Microsoft support! I decide to post the solution here in case it can help someone in the future. Here are the three things that you need to do to fix this:
1-Restore the VM from a backup prior to the crash. The VM with the "Undoing Changes" crash is pretty much toast at this point. Now, proceed to steps 2 and 3 to ensure that the next batch of Windows Updates won't crash it again!
2-On your new VM, ensure that the Environment Variables for TEMP and TMP both point to C:\Windows\TEMP. In my case, they were both pointing to a temporary folder in the logged in user's profile.
3-Ensure that C:\Windows\TEMP is always empty. I achieved this by setting up a scheduled task that runs a simple BAT file that deletes all files and folders inside of the C:\Windows\TEMP once a day. I spoke with a Microsoft representative who said that even though you may have plenty of hard drive space in your C:\ drive, the Windows TEMP folder is really not supposed to get much bigger than 500MB. When it gets very large you may have some issues with Windows Updates (mine was just under 500MB when the updates were failing).
I would recommend contacting Azure support as something may have to be done by an engineer to fix the issue and unfortunately classic VMs don't have the redeploy feature.
I've added only InboundPort 3389 RPD, and works well now.
When working on a project that uses IIS (not IIS Express) for local development, what permissions are actually required under window 8? I don't want to run as admin all the time...the first error message I get when running using the Local User Account (LUA) was about Metabase (probably a misnomer, as changing the permissions on that gave the same error message until the config files in inetsrv/config were also available). Now it builds, but then gives an error message "Unable to start debugging on web server. IIS does not list a web site that matches the launched URL".
The blog https://blogs.msdn.microsoft.com/jaredpar/2005/02/04/myth-creating-web-applications-with-visual-studio-requires-admin-privileges/ while old, at least hints that it should be possible to manually give myself (or a group that I create) the right permissions. Just need to figure out what those permissions are...
To run VS against IIS you need to run VS elevated (the process needs admin permissions).
From a non-admin account you could run VS "As Administrator", you will also need to do this with the tools necessary to configure IIS.
However I've never tried that, rather I run with a non-elevated admin account so any file changes from within an elevated VS are fully accessible to non-elevated processes.
Additional: note, VS really only needs the Debug Any Process privilege, but giving that one privilege gives the ability to gain all others (with some effort) going through the work to limit the VS process to just that one difference seems pointless.
This one is too bizarre for me. In my Framework 4.0 WinForms app, FileSystemWatcher recently started giving me a null for OldName and only the parent folder for OldFullPath, not the full path of the old filename. However, some of the Windows 7 computers do this while others do not. I tried uninstalling our company anti-virus program temporarily but that didn't make any difference. I rolled back my code but it didn't make any difference.
I tried switching my application from Framework 4.0 to 4.5.2 but the problem persisted. In fact, I believe the problem is at a lower level than .NET because I wrote a test C++ program that uses ReadDirectoryChangesW() and a similar problem occurs: the problem computer never receives the FILE_ACTION_RENAMED_OLD_NAME notification, only the FILE_ACTION_RENAMED_NEW_NAME one.
I compared running processes and ended ones that are running on the problem computer but not on the non-problem one. Both computers are up to date with Windows Updates; I am hoping not to have to start uninstalling them.
I have one Windows 8 computer and the problem is not there; however, upgrading from 7 to 8 is not an option for several other deployments.
It just occurred to me to look at kernel32.dll on the respective machines, since that is where ReadDirectoryChangesW() lives. It's different.
Worky: v6.1.7601.18798
No worky: v6.1.7601.18869
Was there a recent change to the API that I need to accommodate?
Update: I found a non-working machine with v6.1.7601.18409 so that's not the problem.
In a word, Kaspersky.
To elaborate, I thought I had already tested removing KAS but maybe I didn't reboot after or something, and it's odd because it is also installed on a computer at work that does not present the problem--same version of KAS.
Note that this version is a corporate version, which installs:
Kaspersky Endpoint Security 10 for Windows
and
Kaspersky Security Center Network Agent
A central policy is pushed out to each client computer and enforced. It has control over settings, like trusted applications (a whitelist). When IT pushed out a whitelist entry for my specific application, it fixed the problem.
Note that there are several checkboxes to select for each trusted application entry. This fix only needed one of them.
Under Settings | Anti-Virus protected | Exclusions and trusted applications | Settings, there is a list that can be added to.
Do not scan opened files
X Do not monitor application activity
Do not inherit restrictions of the parent process (application)
Do not monitor child application activity
Allow interaction with application interface
Do not scan network traffic
Honourable mention must go to my co-worker, Arti Chauhan, who suggested more than once that KAS might be the problem. I thought I had fully tested when I guess I hadn't.
I have some problems regarding WMI scripting on Windows 8. More precisely, remote connection from Win7(not that relevant) to Windows 8. Note that the following issues do not happen when the client machine runs Windows 7.
First one is getting data regarding the current shares on that machine. Specifically, I am trying to get the Path property of the shares, that is local path.
In windows 7 it works perfectly, in windows 8 however it returns null(ran with wbemtest from remote computer).
First I thought that there is a problem with the WMI system. Then I ran the same query directly on the win8 machine. That returned the actual local path of the share. This led me to believe that there are problems with the WMI security on that machine.
Another issue I have with WMI on win8 is that it does not allow me to run things as Administrator, even though the user used to log is is the Administrator.
Regarding the security settings on the win8 machine, I gradually lowered them to try the exact position in which I can operate. I have reached the level where Everyone has every access, so it is the lowest security possible. Hope someone can help.
After a few days of just playing with security around Wmimgmt.msc and dcomcnfg I finally found a way to run wmi as administrator on a remote machine. Although this is not exactly what I did, I found that this works great: I activated the Administrator account: net user administrator /active:yes. Then I entered User accounts and set a password for the Administrator account. I then opened Wmimgmt.msc and set allow on all security for the Root node and cimv2 node. After this Wmi remotely(logged on as administrator) works as a charm