[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2789
  • Last Modified:

500pts IIS Out-Of-Process Error:80110414

I am running Cisco Unity on a Windows 2000 server running IIS. There are some asp pages for administration. In the event logs I am getting:
Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10004
Date:            5/9/2005
Time:            2:49:23 PM
User:            N/A
Computer:      KSQQSN03
Description:
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon .\IWAM_KSQQSN03 in order to run the server:
{3D14228D-FBE1-11D0-995D-00C04FD919C1}

Event Type:      Warning
Event Source:      W3SVC
Event Category:      None
Event ID:      36
Date:            5/9/2005
Time:            10:00:44 AM
User:            N/A
Computer:      KSQQSN03
Description:
The server failed to load application '/LM/W3SVC/1/ROOT'.  The error was 'The server process could not be started because the configured identity is incorrect.  Check the username and password.
'.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

I tried the following:
Excerpt from:http://support.microsoft.com/?kbid=822699

To resolve this issue, reset the passwords for the IUSR and the IWAM accounts so that they are the same in both the Internet Information Services (IIS) metabase and in the local accounts directory. To do this, follow these steps: 1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.  
2. Under System Tools, click Local Users and Groups, and then click Users.
3. Right-click IUSR_ComputerName, and then click Set Password.
4. Click Proceed.
5. Type the password in the New password box and in the Confirm password box, and then click OK.
6. Right-click IWAM_ComputerName, and then click Set Password.
7. Click Proceed.
8. Type the password in the New password box and in the Confirm password box, and then click OK.
9. Quit Computer Management.
10. Click Start, and then click Run.
11. In the Open box, type cmd and then click OK.
12. Type cd drive:\inetpub\adminscripts, where drive is the drive where Windows is installed, and then press ENTER.
13. To reset the password for the IUSR_ComputerName account, type the following command (where password is the password that you set in step 5), and then press ENTER:
cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password"
14. To reset the password for the IWAM_ComputerName account, type the following command (where password is the password that you set in step 8), and then press ENTER:
cscript.exe adsutil.vbs set w3svc/wamuserpass "password"
15. Update the starting identity of all IIS COM+ application packages by typing the following at the command prompt:
cscript.exe synciwam.vbs -v
Note You may need to restart IIS for all changes to take effect. To restart IIS, click Start, click Run, type iisreset, and then click OK.




Synciwam gives error 80110414

I then go to http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q269367

I try to start the IIS-Out-of-Process under component services and I get error 8000401A configured identity is incorrect.



From the client (IE) I get HTTP 500.100 - Internal Server Error - ASP error
Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../SaHeaderInc.asp' cannot contain '..' to indicate the parent directory.
/saweb/FrameASP/SAFrameInc.asp, line 1


Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Page:
GET /saweb/FrameASP/StartFrame.asp

0
jmissild
Asked:
jmissild
  • 6
  • 5
  • 3
  • +1
2 Solutions
 
Chris DentPowerShell DeveloperCommented:

The two issues are slightly unrelated. The second first, because it's easy...

To include files without using parent paths it's best to use include virtual (rather than include file), virtual paths are from the root of the web site so you don't have to enable parent paths in the application configuration for the site to get it working. For an example:

Change <!--#include file="../SaHeaderInc.asp" --> to:

<!--#include virtual="/SaHeaderInc.asp"-->

That assumes that SaHeaderInc is in the root of the website, if not add the path from the web root there.

If that isn't an option then open the properties for the site in IIS Manager, then the properties for the application under the Home Directory tab. Select Enable Parent Paths in there and the include file should work.

I take if you've changed the identity manually in the IIS-Out-of-Process properties?

The server {3D14228D-FBE1-11D0-995D-00C04FD919C1} should also have an entry in component services, normally easiest to find those by the identity they use.

Chris
0
 
Dave_DietzCommented:
Make sure the IWAM account is not disabled or locked out and also make sure it has the "Logon as Batch Job" right - then try Synciwam.vbs again.

Dave Dietz
0
 
ctoombsCommented:
This may work for you:
Search the registry for the class ID (3D14228D-FBE1-11D0-995D-00C04FD919C1) from your error message.  Locate the common name from related values in the registry.  
Then use DCOM Config (dcomcnfg from the run menu or cmd line) and find the class name you identified in the step before in the "Applications" list.  Open the properties for the application; pick the Security tab; select "use custom access permissions", then pick the "edit" button.  Add the IIS IWAM_xxx user you mentioned above (IWAM_KSQQSN03) to the list, and I'd add the "Administrators" group as well for good measure.  Save your settings, then retry your page.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
jmissildAuthor Commented:
The application is Cisco Unity which is a Unified messaging component. The IWAM account is not disabled or locked out.

I have really jacked it up now! :)

I have no IIS-Out-of-Process applications in Component services. I used an excerpt from the following article
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q309051&

As a last resort, you can re-create the IIS packages. To do this, follow these steps:a.  Browse to Component Services and delete the following packages:NOTE: To delete the packages, you must first open the properties of the package, click the Advanced tab, and then click to clear the Disable Deletion check box.

• IIS In-Process Applications
• IIS Out-of-Process Pooled Applications
• IIS Utilities
 
b.  Open a command prompt, and then use the following command to switch directories:
cd %windir%\system32\inetsrv
c.  Run the following commands:
rundll32 wamreg.dll, CreateIISPackage
NOTE: "CreateIISPackage" must be typed exactly; it is case-sensitive.
regsvr32 asptxn.dll
d.  Close and reopen Component Services. You should see all three IIS COM+ applications that have been recreated.
e.  Run IISRESET from a command line and test any ASP page that previously did not load correctly


I searched the registry for the value but find nothing. Oh yeah the IWAM account has logon as a batch job rights.

I will look at ctoombs suggestion, Thanks!

Hey Dave got anything on this? I used to work there with you, I bought a PCI VGA card from nctrade from you last year.

Jason
0
 
Chris DentPowerShell DeveloperCommented:

You can make it work by reducing the security of the application it uses to Low - not an ideal setup, but it will work if IIS Out-Of-Process is missing...
0
 
Chris DentPowerShell DeveloperCommented:

And that's only suggested as a temporary fix, I'm not suggesting that as a permanent one.
0
 
jmissildAuthor Commented:
I tried that and this stupid ASP page will still not load. I do not claim to be an IIS or ASP guru by any means. I am more of an AD/DNS/Exchange guy. In the application protection section under the virtual directory properties I selected "unload" and not I cannot load it back. Yes, I am idiot!

I feel like a moron. I am definitely going to study more on this because I cannot stand not knowing how something works.

Thanks for the help!

Keep it coming!
0
 
Chris DentPowerShell DeveloperCommented:

It's a fun one to learn in my opinion... and you also get to post lots on this TA which is nice :)

I followed that MS article as well a few months ago and ended up in exactly the same state. Problem is... to fix it I wiped out IIS and reinstalled it, that might not really be the best way to approach it, but I was in a hurry.

erm... so how do you feel about reinstalling IIS? It's the only suggestion I have at this point... Dave (Dave_Dietz) and Mike (meverest) might have something better if you can somehow attract them into the thread. :)

If you ever get the chance I highly recommend an upgrade to 2003 - much more robust and resiliant (and just generally quite shiny).
      
Chris
0
 
jmissildAuthor Commented:
Thanks Chris!

We are migrating Unity to a 2003 server very soon. Most of my IIS pages are on IIS 6.0.

It is working now, I had to enable parent paths and set the application protection to low to get it to work. I wish I could figure out how to get the IIS Out-of-process applications back in Com+ but it is going to be upgraded soon so I am not very concerned.

I do not know Mike, but I know Dave and he is very sharp.

Thanks Again

Jason
0
 
Chris DentPowerShell DeveloperCommented:

Glad I could help a little anyway. If I ever do find a better way to fix IIS Out of Process I'll certainly advertise it - in the mean time I'll just try and get everyone to convert to IIS 6 where the application control is just so much better ;)

Chris
0
 
Dave_DietzCommented:
To fix the IIS OOP package -

Make sure the IWAM account is included in the 'Log on as Batch Job Policy' - mentioned this above but never heard if it was or not....
Open a command prompt and navigate to the c:\winnt\system32\inetsrv directory
Run the following commands:

rundll32 wamreg.dll, CreateIISPackage
(NOTE: "CreateIISPackage" must be typed exactly; it is case-sensitive.)
            
regsvr32 asptxn.dll

This should recreate the IIS OOP Package.
Theoretically this should also allow you to run the app in Medium isolation.....

Dave Dietz
0
 
jmissildAuthor Commented:
Hello Dave,

I mentioned in an above post that IWAM has logon as a batch job right.

I also tried the suggestions from your last post but was not successful. I will try again.

Thanks,
Jason
0
 
jmissildAuthor Commented:
Still no luck in creating the IIS OOP Package

This is exactly what I typed

C:\>cd winnt\system32\inetsrv

C:\WINNT\system32\inetsrv>rundll32 wamreg.dll, CreateIISPackage

C:\WINNT\system32\inetsrv>regsvr32 asptxn.dll



I get the notice that the dll reg was successful.

This is a DOD hardened server if that makes a difference.
0
 
Dave_DietzCommented:
You mean this server has been locked down to C2 security levels?

If so then you may be out of luck.  C2 breaks a lot of things.

Dave Dietz
0
 
jmissildAuthor Commented:
Yes.  Thanks Dave!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now