coolnicks
asked on
IIS5 -
im using iis 5 on win2000, everthing will work fine when the application protection is set to low but when its set to medium (pooled) and i try to access a page i get the error message :
"Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance."
and the following in the event log :
The server failed to load application '/LM/W3SVC/1/Root'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon .\IWAM_COMP3 in order to run the server:
{3D14228D-FBE1-11D0-995D-0 0C04FD919C 1}
the server files are on fat32 drive so no ntfs permissions involved and iis controls the password
can anybody please help me?
Nick
"Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance."
and the following in the event log :
The server failed to load application '/LM/W3SVC/1/Root'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon .\IWAM_COMP3 in order to run the server:
{3D14228D-FBE1-11D0-995D-0
the server files are on fat32 drive so no ntfs permissions involved and iis controls the password
can anybody please help me?
Nick
ASKER
that was very good but unfortuantly ive reinstalled iis before and that didnt fix it, ive also just played around wiv users and there groups but that didnt fit it! any ideas?im not sure bout this points thing and i might run out, if so please contact me at nickswebpages@hotmail.com
Thank you for help
Nick
Thank you for help
Nick
Is conversion of drive to NTFS a possibility?
Does event have any information about the error?
In the services menu is IIS running under the system account or another account?
Does event have any information about the error?
In the services menu is IIS running under the system account or another account?
ASKER
no conversion is not really possible,
the event log only shows (warning, event id 36):
The server failed to load application '/LM/W3SVC/1/Root/test'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.
(event id 10004, error)
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon .\IWAM_COMP3 in order to run the server:
{3D14228D-FBE1-11D0-995D-0 0C04FD919C 1}
in the services menu are the following relate :
world wide web publishing serivce : running on local system account(alowed 2 interact with desktop)
IIS admin service : running on local system acount(not alowed to interact with desktop)
also please can u explain the whole idea of low, medium and high application protection
cheers
Nick
the event log only shows (warning, event id 36):
The server failed to load application '/LM/W3SVC/1/Root/test'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.
(event id 10004, error)
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon .\IWAM_COMP3 in order to run the server:
{3D14228D-FBE1-11D0-995D-0
in the services menu are the following relate :
world wide web publishing serivce : running on local system account(alowed 2 interact with desktop)
IIS admin service : running on local system acount(not alowed to interact with desktop)
also please can u explain the whole idea of low, medium and high application protection
cheers
Nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
He's right about the named pipes, they can cause problems with accessdepending on where your SQL Server resides in relation to subnet of web server and authentication. Check your ODBC setup and have it use TCP/IP.
To answer your question about Low, Medium, High, here is is pretty simple.
Low is the default everything runs in the inetinfo.exe process.
Medium, applications run in a pooled process dllhost.exe outside of the normal inetinfo.exe. Benefit is if web application crashes, rest of website continues to function. Provides a nice separate memory space for applications that get constant use.
High, runs each directory in own dllhost.exe. Recommended if you have people doing their own development and your not monitoring them. If they crash doesn't affect everyone.
To answer your question about Low, Medium, High, here is is pretty simple.
Low is the default everything runs in the inetinfo.exe process.
Medium, applications run in a pooled process dllhost.exe outside of the normal inetinfo.exe. Benefit is if web application crashes, rest of website continues to function. Provides a nice separate memory space for applications that get constant use.
High, runs each directory in own dllhost.exe. Recommended if you have people doing their own development and your not monitoring them. If they crash doesn't affect everyone.
ASKER
im not using SQL Server but bout the low,medium,high was very helpfull, thankyou, il also try running that script later and let u know wot happnes
cheers again
Nick
cheers again
Nick
Ah caught in cross post frenzy, diregard SQL comment.
ASKER
i just tried to run synciwam.vbs and just got the error message "Error : 8004e00f" any ideas?
ASKER
ive must searched for the error message and found ms saying it had something to do wiv ms dtc so i started it but when ever msdtc.exe runs it uses 100% cpu constantly!
Did you run the IIS Lockdown tool at any point?
ASKER
yes, im just gona try and re install iis and hopefully msdtc with it! :s:s
From Google:
1. Use Windows Explorer to expand the %SystemRoot%\System32\Dtcl og folder.
2. If a Msdtc.log file exists, rename it to Msdtc.old.
3. Opens NOTEPAD and save an empty file as %SystemRoot%\System32\Dtcl og\Msdtc.l og.
5. Open a CMD prompt and type: msdtc -resetlog and press Enter.
1. Use Windows Explorer to expand the %SystemRoot%\System32\Dtcl
2. If a Msdtc.log file exists, rename it to Msdtc.old.
3. Opens NOTEPAD and save an empty file as %SystemRoot%\System32\Dtcl
5. Open a CMD prompt and type: msdtc -resetlog and press Enter.
ASKER
"msdtc" is not recognized as an internal or external command, operable program or batch file
thats wot it says when i try what you said
how can i reinstall msdtc?
also i just reinstalled iis and still the same problem
starting to get just a little annoying! :(
thats wot it says when i try what you said
how can i reinstall msdtc?
also i just reinstalled iis and still the same problem
starting to get just a little annoying! :(
That's lovely! You'll notice that Microsoft's instructions for reinstalling msdtc involve using msdtc command arguments:
HOWTO: Reinstall MS DTC for a Nonclustered Windows 2000 Server
The information in this article applies to:
Microsoft COM+, version 1.0
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Q256986 Description of the Microsoft Windows Registry
SUMMARY
This article describes how to reinstall Microsoft Distributed Transaction Coordinator (MS DTC) for a nonclustered Microsoft Windows 2000 server.
MORE INFORMATION
IMPORTANT: You should reinstall MS DTC only when you must troubleshoot a serious problem. In addition, you must follow the procedures in this article precisely; otherwise, you may need to reformat your hard disk.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To reinstall MS DTC, perform the following steps:
In Control Panel, stop all services, and change the Startup Type to "manual" except for the following:
Alerter
COM+ Event System
Computer Browser
Distributed File System
Distributed Link Tracking Client
Distributed Link Tracking Server
DNS Client
Event Log
IPSEC Policy Agent
License Logging Service
Logical Disk Manager
Messenger
Net Logon
NT LM Security Support Provider
Network Connectors
Plug and Play
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Removable Storage
Security Accounts Manager
Server
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper Services
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Windows Time
Workstation
Close Control Panel, and restart your computer.
At the command prompt, type the following command:
msdtc -uninstall
In the registry, remove the following keys if they exist:
HKEY_CLASSES_ROOT\CID
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\MSD TC
HKEY_LOCAL_MACHINE\SYSTEM\ ControlSet 001\Servic es\MSDTC
HKEY_LOCAL_MACHINE\SYSTEM\ ControlSet 002\Servic es\MSDTC
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\MSDTC
From the %WINDIR%\System32 folder, run the Dtcsetup.exe file.
Wait for the Installation Success message box, and then click OK.
Restore the services' Startup Type to their original values, and restart your computer.
Open up a command prompt and enter the following command:
msdtc -resetlog
Do you have a copy of msdtc.exe on your server at all? If not, you might just be able to run dtcsetup.exe to get around it.
Have you done anything unusual to this machine? Run the IISLockdown tool for instance? Modified registry or NTFS permissions severely?
Definitely pull down the COM+ Rollup hotfix from windows update before you do anything else. If you do have msdtc.exe on your server and it isn't pathed properly, path it or CD to the appropriate directory location and see what happens when you launch it from there.
HOWTO: Reinstall MS DTC for a Nonclustered Windows 2000 Server
The information in this article applies to:
Microsoft COM+, version 1.0
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Q256986 Description of the Microsoft Windows Registry
SUMMARY
This article describes how to reinstall Microsoft Distributed Transaction Coordinator (MS DTC) for a nonclustered Microsoft Windows 2000 server.
MORE INFORMATION
IMPORTANT: You should reinstall MS DTC only when you must troubleshoot a serious problem. In addition, you must follow the procedures in this article precisely; otherwise, you may need to reformat your hard disk.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To reinstall MS DTC, perform the following steps:
In Control Panel, stop all services, and change the Startup Type to "manual" except for the following:
Alerter
COM+ Event System
Computer Browser
Distributed File System
Distributed Link Tracking Client
Distributed Link Tracking Server
DNS Client
Event Log
IPSEC Policy Agent
License Logging Service
Logical Disk Manager
Messenger
Net Logon
NT LM Security Support Provider
Network Connectors
Plug and Play
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Removable Storage
Security Accounts Manager
Server
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper Services
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Windows Time
Workstation
Close Control Panel, and restart your computer.
At the command prompt, type the following command:
msdtc -uninstall
In the registry, remove the following keys if they exist:
HKEY_CLASSES_ROOT\CID
HKEY_LOCAL_MACHINE\SYSTEM\
HKEY_LOCAL_MACHINE\SYSTEM\
HKEY_LOCAL_MACHINE\SYSTEM\
HKEY_LOCAL_MACHINE\Softwar
From the %WINDIR%\System32 folder, run the Dtcsetup.exe file.
Wait for the Installation Success message box, and then click OK.
Restore the services' Startup Type to their original values, and restart your computer.
Open up a command prompt and enter the following command:
msdtc -resetlog
Do you have a copy of msdtc.exe on your server at all? If not, you might just be able to run dtcsetup.exe to get around it.
Have you done anything unusual to this machine? Run the IISLockdown tool for instance? Modified registry or NTFS permissions severely?
Definitely pull down the COM+ Rollup hotfix from windows update before you do anything else. If you do have msdtc.exe on your server and it isn't pathed properly, path it or CD to the appropriate directory location and see what happens when you launch it from there.
ASKER
cheers, im just running thru those steps but yes i have run the IISLockdown tool, how would that affect it?
ASKER
ok it still uses 100% cpu, everthing is goin bad...........i think i may reformat! no.............. any last ideas/advice?
Back out of the IILockdown tool changes if you can and try it again. The only time I've seen the these symptoms the IWAM and IUSR accounts were either locked out or their passwords were messed up. In the case in question, my customer had heavily modified NTFS permissions and had also run the IISLockdown tool. Make sure that you've got Everyone rights set to at least R, RE, and Write to System32 and subdirs, in addition to IUSR and IWAM access to any databases, objects, or scripts that your site uses.
I also seem to remember the registry permissions being modified as well and having to go in there to fix it, but I honestly don't remember what hive was messed up - it was about 3 months ago and I get a different hosed Win2k webserver to work on every few hours ;.)
Peace,
Satori, who hopes that this helps!
I also seem to remember the registry permissions being modified as well and having to go in there to fix it, but I honestly don't remember what hive was messed up - it was about 3 months ago and I get a different hosed Win2k webserver to work on every few hours ;.)
Peace,
Satori, who hopes that this helps!
ASKER
well the c:\ is fat32 so dosent hav permissions, wen i reformat shuld i use fat32 or ntfs? wot u reckon? il read ur reply then reformatt, cheers for all your help :>
Nick
Nick
Well, definitely try to back out of the IISLockdown tool before you reformat. Also make sure that the IWAM account isn't locked out! (check Local users and Groups snap-in).
If you do reformat and reinstall, I highly recomend NTFS. I would never conceive of running a (windows) web server with any other filesystem! IIS simply doesn't have the kind of security support that you need inately, and can only approach security when used in conjunction with NTFS.
Good luck mate. I'm going offline for the evening, so likely won't see any response until much later. Peace!
Satori
If you do reformat and reinstall, I highly recomend NTFS. I would never conceive of running a (windows) web server with any other filesystem! IIS simply doesn't have the kind of security support that you need inately, and can only approach security when used in conjunction with NTFS.
Good luck mate. I'm going offline for the evening, so likely won't see any response until much later. Peace!
Satori
ASKER
quick msg : this is my personal pc, games, progs etc etc but also small web server, still think ntfs?
Run synciwam.vbs script located on your \Inetpub\AdminScritps\ directory
"cscript synciwam.vbs -v"
If the script fails with a error 80110414,
Go to the Users and Groups in the Controll Panel
and uncheck the checkbox "User Cannot Change Password".
Re-running the script fixes everything.
Georg
"cscript synciwam.vbs -v"
If the script fails with a error 80110414,
Go to the Users and Groups in the Controll Panel
and uncheck the checkbox "User Cannot Change Password".
Re-running the script fixes everything.
Georg
listening,
i had this error after I followed the advice of MS Baseline Security Analyzer and put passwords on IUSER_ and IWAM_ accounts
d
i had this error after I followed the advice of MS Baseline Security Analyzer and put passwords on IUSER_ and IWAM_ accounts
d
ASKER
this is a fix, but not in this case
When you go to run in a protected application mode, IIS uses the account IWAM_servername (servername is at the time of IIS install) to gain access to the files, so that account must still be a valid acount in the local users group and it must have rights to logon locally and access files by being a member of the right group. You can also verify account hasn't been locked out by checking its properties in local users.
Its password is managed by IIS just like the IUSR_servername account used for anonymous access.
A reinstall over the top should put it back if it is missing, but you can backup your IIS metabase if your worried about loosing your web config.
An NTFS partition is faster and will offer you much better performance for if you can stand to deal with permissions from time to time.
Todd