I’ve got a strange scenario:
I’ve got a webpart that calls into a dll in the GAC, which is trying to read a section from web.config file.
This works fine normally, but under SSL it fails, saying it does not have access to the path (of the config file). However, it’s under the mosssvc account, which has full control over the webconfig file.
Both the 80 web.config file and the 443 web.config file have the same entries the dll is looking for, and mosssvc has full control on both configs.
I have tried elevating the trust level on 443 to full, which didn't work.
Any ideas, or anything you can think of that I can try?
EDIT: I should have been more clear: the SSL site has already been created and works fine until the one method in the GAC'd assembly tries to examine the web config.
The full error message is:
Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1310
Date: 2/9/2009
Time: 1:44:49 PM
User: N/A
Computer: XXXXX
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 2/9/2009 1:44:49 PM
Event time (UTC): 2/9/2009 9:44:49 PM
Event ID: 2d7180cdfbb34acfa6c61f95df12ddde
Event sequence: 26
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: YYYYYYYYYYYYYYYYYYYYYYY
Trust level: Full
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\
Machine name: XXXXXXXX
Process information:
Process ID: 5168
Process name: w3wp.exe
Account name: XXXXXXXXX\mosssvc
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred loading a configuration file: Access to the path 'C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\web.config' is denied. (C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\web.config)
Request information:
Request URL: https://XXXXXXX:443/training/Pages/smartregister.aspx?c=383
Request path: /training/Pages/smartregister.aspx
User host address: 64.34.27.186
User:
Is authenticated: False
Authentication Type:
Thread account name: XXXXXXX\mosssvc
Thread information:
Thread ID: 10
Thread account name: XXXXXXX\mosssvc
Is impersonating: True
Stack trace: at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.Configuration..ctor(String locationSubPath, Type typeConfigHost, Object[] hostInitConfigurationParams)
at System.Configuration.Internal.InternalConfigConfigurationFactory.System.Configuration.Internal.IInternalConfigConfigurationFactory.Create(Type typeConfigHost, Object[] hostInitConfigurationParams)
at System.Web.Configuration.WebConfigurationHost.OpenConfiguration(WebLevel webLevel, ConfigurationFileMap fileMap, VirtualPath path, String site, String locationSubPath, String server, String userName, String password, IntPtr tokenHandle)
at System.Web.Configuration.WebConfigurationManager.OpenWebConfigurationImpl(WebLevel webLevel, ConfigurationFileMap fileMap, String path, String site, String locationSubPath, String server, String userName, String password, IntPtr userToken)
at System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(String path)
at XXXXXXXXX.RegistrationHelper.RegisterStudents(Boolean sendEmail, String Time, String Title, String bFirstName, String bLastName, String bAddress, String bPostalCode, String bCity, String bTelephone, String bCompany, String bEmail, List`1 Registrants, Int32 courseDateID, String pType, String CCNumber_, String NameOnCard, String cExpiry, Double Discount, String DiscountCode, Double CostPerRegistrant, String PurchaseOrder)
at ASP.SmartEventRegistration.lnkSubmit_Click(Object sender, EventArgs e) in c:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\CONTROLTEMPLATES\SmartEventRegistration\SmartEventRegistration.ascx:line 401
at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at Microsoft.SharePoint.Publishing.TemplateRedirectionPage.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
try this, form Faranz Kan SharePoint blog on how to enable SSL in MOSS:
Go to central admin --> Create or extend a new web application -->
Create a new web application.
Fill in the Web app, DB and App pool names as usual. Select yes to
enable SSL on the web application. If
you are using host headers for this
web app, then enter those too.
(Important: Make sure to set the port
to 443, not 80).
After the web application has been created, reset IIS and then open up
IIS mmc. Scroll to the IIS website
that MOSS just created for you and
select the right SSL certificate from
the available certificates (Ask your
network folks to generate an internal
or external SSL cert for you depending
on whether this is a test or prod
server). Important: Go to the Home
Directory tab and click Advanced. Make
sure you set the host header and the
right IP for port 80. For SSL entries,
select port 443 and the IP. (If you
have multiple IP's on the server, I
usually pick one here for these
entries). Click on the edit button for
SSL entries and check the 'Require
SSL' box. Also check 'Require 128 bit
encryption' to make this more secure.
Now go ahead and create your first site collection for this web app. MOSS
will automatically create a new site
collection for you and present you
with a "https://.." link upon
completion. You should now have a SSL
ready web app.
By default, if you want multiple web apps using SSL on the same server
this does not work in IIS 6. If you want multiple MOSS 2007 Web apps to be
SSL enabled, there are two ways of
going about this. One way is to get as
many IPs as you want SSL web apps for
that web server and assign one IP per
host header settings for port 80 and
443 under IIS Website properties -->
Home Directory --> Advanced. The other
option is to modify the IIS metabase
to allow multiple SSL web apps on the
same IP. Be careful with the second
option and make sure you know what you
are doing.
Related
I am getting following error while importing data through the CRM Performance toolkit. Please help with solution:
System.Security.SecurityException: Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at System.Diagnostics.PerformanceCounterLib.CreateRegistryEntry(String categoryName, PerformanceCounterCategoryType categoryType, CounterCreationDataCollection creationData, Boolean& iniRegistered)
at System.Diagnostics.PerformanceCounterLib.RegisterCategory(String categoryName, PerformanceCounterCategoryType categoryType, String categoryHelp, CounterCreationDataCollection creationData)
at System.Diagnostics.PerformanceCounterCategory.Create(String categoryName, String categoryHelp, PerformanceCounterCategoryType categoryType, CounterCreationDataCollection counterData)
at dbPopulator.DbPopulator.Main(String[] args)
The Zone of the assembly that failed was:
MyComputer
Its probably because the account you are running the toolkit as doesn't have enough permissions. it looks like the toolkit is trying to write something to the event. Try running as a server admin to rule out any permissions issues.
Related info: You receive the "Requested registry access is not allowed" error message when you try to create a custom event log
I have an Orchard site that is set to periodically generate warm up pages.
I am seeing a number of UnauthorizedAccessExceptions when the background process is trying to delete the old warmup files.
Would somebody be able to guid me as to where I can grant the relevant permissions for this in IIS? The site is hosted by a shared hosting environment to which I have access although not as admin.
2013-01-15 18:44:09,078 [18] Orchard.Tasks.BackgroundService - Error while processing background task
Orchard.OrchardCoreException: Unable to make room for file "d:\virtualservers\xxxxx\xxxxxx\wwwroot\App_Data\Sites\Default\warmup.txt.lock" in "App_Data" folder ---> System.UnauthorizedAccessException: Access to the path 'd:\virtualservers\xxxxx\xxxxxx\wwwroot\App_Data\Sites\Default\warmup.txt.lock' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalDelete(String path, Boolean checkHost)
at Orchard.FileSystems.AppData.AppDataFolder.MakeDestinationFileNameAvailable(String destinationFileName) in c:\Users\sebros\My Projects\Orchard\src\Orchard\FileSystems\AppData\AppDataFolder.cs:line 79
--- End of inner exception stack trace ---
at Orchard.FileSystems.AppData.AppDataFolder.MakeDestinationFileNameAvailable(String destinationFileName) in c:\Users\sebros\My Projects\Orchard\src\Orchard\FileSystems\AppData\AppDataFolder.cs:line 82
at Orchard.FileSystems.LockFile.LockFile.Release() in c:\Users\sebros\My Projects\Orchard\src\Orchard\FileSystems\LockFile\L
It was a permissions issue within IIS.
As the site is hosted on a shared hosting provider I had to contact them to resolve the permissions.
Hopefully useful to somebody else if they see these errors in their logs.
I have a SP site with Claims Authentication and FBA setup. Dual auth Win/Forms is working perfectly.
I have a asp:PasswordRecovery control on app page.
It appears to lookup the account correctly - returning 'not found' messages if the username is not found. However, it fails to reset the password with the following execption:
Exception information:
Exception type: NotImplementedException
Exception message: The method or operation is not implemented.
Thread information:
Thread ID: 10
Thread account name: SERVER01\SPS_Farm
Is impersonating: False
Stack trace: at Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider.GetUser(String name, Boolean userIsOnline)
at System.Web.Security.MembershipProvider.GetUser(String username, Boolean userIsOnline, Boolean throwOnError)
at System.Web.UI.WebControls.PasswordRecovery.AttemptSendPasswordUserNameView()
at System.Web.UI.WebControls.PasswordRecovery.OnBubbleEvent(Object source, EventArgs e)
at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Thanks in advance.
Update:
I added:
enablePasswordReset="true"
to the app web.config AND the token-service web.config
Wrote some some code to do a manual test, and still got this when my code tried to 'reset' the password:
This provider is not configured to allow password resets. To enable password reset, set enablePasswordReset to "true" in the configuration file.
This may not help since you seem to be looking up the user properly... but if you aren't doing this I know you can run into not implemented issues:
Make sure to get an instance of the user using the appropriate Membership Provider.
e.g.
MembershipUser myUser = Membership.Providers["aspMembership"].GetUser(userName, false);
Hope this helps.
I have an issue that is occurring after my server reboots. I have some features in SharePoint, for doing various things. One thing they do is add items into a couple of different MSMQ queues. Immediately after a server reboot, if I try to log in to SharePoint and I go to a custom page of mine, and click on a button within that page (which would then create the msmq item) I get taken to a page that displays the following:
The website declined to show this webpage
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage
If I dig in to the Event Logs I find the following errors in Application:
Event ID: 1314
An unhandled access exception has occurred
AND in the Security event logs:
3 of these:
Event ID: 560
Object Open:
Object Server: SC Manager
Object Type: SERVICE OBJECT
Object Name: MSDTC
....
Accesses: Query status of service
Event ID: 560
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
...
Image File Name: C:\WINDOWS\system32\services.exe
...
Accesses: Connect to service controller
Query service database lock state
Event ID: 560
Object Open:
Object Server: SC Manager
Object Type: SERVICE OBJECT
Object Name: MSDTC
...
Image File Name: C:\WINDOWS\system32\services.exe
...
Accesses: Query service configuration information
ALSO, if I dig in to the SharePoint logs, I find the following errors:
Application error when access /my/site/url/MyPage.aspx, Error=Access
is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Server stack trace: at
System.Transactions.Oletx.IDtcProxyShimFactory.ConnectToProxy(String
nodeName, Guid resourceManagerIdentifier, IntPtr managedIdentifier,
Boolean& nodeNameMatches, UInt32& whereaboutsSize, CoTaskMemHandle&
whereaboutsBuffer, IResourceManagerShim& resourceManagerShim) at
System.Transactions.Oletx.DtcTransactionManager.Initialize() at
System.Transactions.Oletx.DtcTransactionManager.get_ProxyShimFactory()
at
System.Transactions.Oletx.OletxTransactionManager.CreateTransaction(TransactionOptions
properties) at
System.Transactions.TransactionStatePromoted.EnterState(InternalTransaction
tx) ...
...at System.Transactions.EnlistableStates.Promote(InternalTransaction tx)
at System.Transactions.Transaction.Promote() at
System.Transactions.TransactionInterop.ConvertToOletxTransaction(Transaction
transaction) at
System.Transactions.TransactionInterop.GetDtcTransaction(Transaction
transaction) at
System.ServiceModel.Channels.MsmqQueue.GetNativeTransaction(MsmqTransactionMode
transactionMode) at
System.ServiceModel.Channels.MsmqQueue.SendDtcTransacted(NativeMsmqMessage
message, MsmqTransactionMode transactionMode) at
System.ServiceModel.Channels.MsmqQueue.Send(NativeMsmqMessage message,
MsmqTransactionMode transactionMode) at
System.ServiceModel.MsmqIntegration.MsmqIntegrationOutputChannel.OnSend(Message
message, TimeSpan timeout) at System.ServiceModel.Chann...
I have two VMs, one for the web (sharepoint) machine, and one of the DB machine (where all the content dbs etc are stored). The DB server is a primary domain controller, and both machines are part of the same domain. I've created a domain user to use for the SharePoint application pool.
Strangely, it is possible to make the errors go away by going to a different part of my application and running that code (which also adds an entry into the msmq). Once that is done, then all of the rest of the application works as normal.
Any help would be incredibly appreciated.
Note: I noticed that the error had something to do with the anonymous user (IUSR...) in IIS for the SharePoint site. I changed that user to be a domain administrator user, and the error no longer happens. So, it's something to do with the permissions of the IUSR.. user, but I don't know what...
O M G
Ok, so I tried something, it was a LONG shot, but I was at my wits end.
I wrapped all of the code that was talking to the MSMQ (adding items to the queue) in the run with elevated privelages thang, and it worked!!!!
SPSecurity.RunWithElevatedPrivileges(delegate()
{
//MSMQCode here
});
Now, I can reboot the server, and do the stuff that was erroring before, and it works fine!
Consider running warm up scripts upon server reboot.
http://blogs.msdn.com/joelo/archive/2006/08/13/697044.aspx
Give everyone read permission to the bin directory under inetpub\wss etc..
We’re getting the following error message when we click on “Search Settings” for a Shared Services Provider: “Authentication failed because the remote party has closed the transport stream.”
This is a new server environment with two web front ends, one database server, and one index server, all running Windows 2003 x64.
Does anyone have any thoughts related to if this could be related to 64-bit, or what could be causing the error.
Here are the full details from ULS:
09/17/2008 16:30:34.13 w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86x4 High Configuring the Search Application web service Url to 'https://mushni-sptwb04q:56738/Shared%20Services%20Portal/Search/SearchAdmin.asmx'.
09/17/2008 16:30:34.14 w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86ze High Exception caught in Search Admin web-service proxy (client). System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.Co...
09/17/2008 16:30:34.14* w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86ze High ...mpilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.SoapHt...
09/17/2008 16:30:34.14* w3wp.exe (0x0E84) 0x030C Search Server Common MS Search Administration 86ze High ...tpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.Office.Server.Search.Administration.SearchWebServiceProxy.RunWithSoapExceptionHandling[T](String methodName, Object[] parameters)
I guess you find this exception in the index server, right?
Are you able to browse to 'https://mushni-sptwb04q:56738/Shared%20Services%20Portal/Search/SearchAdmin.asmx' from the index server?
It seems like SSL is not properly provisioned on the front-end servers. This might solve your issue:
Remove the SSL certificate of the front-end servers
Remove the index server from the farm
Move the search and index roles to one of the front-ends
Join the index server back to the farm
Add the index/search roles to the index server
Apply the SSL certificate (you can generate them using SelfSSL) to both front-ends
Be careful with SelfSSL, its better to use Use SSLDiag. SelfSSL has a bug where if you use it to assign certificates to multiple sites on the same box, only the last site will work. You can run SslDiag from the command line like so:
ssldiag /selfssl /V:999 /N:CN=<hostname> /S:<siteId>
Use metabase explorer to find the side it.
Could be an SSL issue.
Do have a look into profiles settings, do you get any error when accessing to the User Profiles settings for that same SSP?
I'm having the same problem. The "Office Server Web Services" (henceforth OSWS) site is available through HTTP on my app server, but not via HTTPS. It doesn't matter where I try to hit the HTTPS URL from, it just flat-out fails (read: no HTTP error code).
However, I have come up with some more information. When the app server was joined to the farm, it gave OSWS a different site identifier than exists in the rest of the farm.
I tried changing the site identifier, but that didn't work. I've also tried installing the IIS diagnostics toolkit. That pointed me towards the certificate that MOSS installed when the machine was joined to the farm. The line of interest is this one:
#WARNING: AcquireCredentialsHandle failed with error -2146893043(0x8009030d)
Unfortunately, it looks like Microsoft has embedded some information in the certificate that would prevent me from using SelfSSL or similar tools. Here's the subject (suitably scrubbed):
CN={hostname},L=951338967,OU=SharePoint,O=Microsoft
The "L" parameter matches the original (and incorrect) site identifier that the site was given and not the one that matches the rest of the farm.
My next step is to see if I can generate something that looks appropriate and install it with winhttpcertcfg.exe
We are also running x64 windows and moss 2007 with .net 3.5 sp1,same issues. I suspect this is the culprit.
To resolve this issue download the IIS6 resource kit and run the following command
Selfssl /s:(IIS ID of the Office Server Web Services site) /v:9999
Cheers,
-Ivan