IIS runtime error in /OMA application, reregistering ASP.NET fails

Windows Server 2003 SP1 with Exchange Server 2003 SP1 and Microsoft.NET Framework v1.1.4322

When browsing to http://mail.servername.local/exchange, the following error is generated.

Server Error in '/OMA' Application.

Runtime Error

Microsoft KB 818486 discusses this issue, and documents reinstallation of ASP.NET to fix security information.  When running the procedure for reinstalling ASP.NET, the problem is not resolved, and the ASPNETSetup.Log file contains an entry:

2005-05-25 11:35:29      Failure       Getting IIS6 specific SID: GetPrincipalSIDfailed with HRESULT8000ffff: 'Catastrophic failure  '

Any suggestions leading to resolution would be greatly appreciated.  
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This is very different than the isue described in the article - this is a Runtime Error while the article talks about an Access Denied issue.

What is the exact error you get when trying to hit OMA?

Dave Dietz
vtsincAuthor Commented:
The error when opening OMA (after authenticating) is one I believe related to permissions on the server for ASP scripts to run, but I am not an IIS expert.  I have verified all permissions referenced in related Exchange documentation, and since became confinced this is more of an IIS iss, which let to the attempted reinstallation of ASP.NET components, the process which led to the original error I posted.

Below is the text of the web page displayed to IIS on the client when accessing OMA.  I'll not have access to the server for another 18 hours for more detail from that perspective.


Server Error in '/OMA' Application.

Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

<!-- Web.Config Configuration File -->

        <customErrors mode="Off"/>

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
This is a generic error page given to external browsers for ASP.Net errors.

What we really need is the output generated when browsing the OMA application from the server itself - that should give us a much more descriptive error message.

Dave Dietz
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

vtsincAuthor Commented:

Your assistance is appreciated!  Below is the server-side browsing output.  


Server Error in '/OMA' Application.

Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

Compiler Error Message: CS0016: Could not write to output file 'c:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\e7e8207d\559314f1\tu9x3x6f.dll' -- 'Access is denied. '

Source Error:


[No relevant source lines]

Source File:    Line: 0

Show Detailed Compiler Output:

c:\winnt\system32\inetsrv> "c:\winnt\microsoft.net\framework\v1.1.4322\csc.exe" /t:library /utf8output /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\91708413\00986a3a_1e3ac301\adodb.dll" /R:"c:\winnt\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll" /R:"c:\winnt\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\0f2bc709\00663cee_8118c401\microsoft.exchange.oma.userinterface.dll" /R:"c:\winnt\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\47c974a2\00390bed_8118c401\interop.tools.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\fb41bf85\00f08bdd_8118c401\microsoft.exchange.oma.uisvr.dll" /R:"c:\winnt\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\c3d34ff9\00016fd0_8118c401\microsoft.exchange.oma.dpsvr.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\e168078f\007adbcc_8118c401\microsoft.exchange.oma.preferencingserverresources.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\35020280\00663cee_8118c401\microsoft.exchange.oma.exchangedataprovider.dll" /R:"c:\winnt\assembly\gac\system.web.mobile\1.0.5000.0__b03f5f7f11d50a3a\system.web.mobile.dll" /R:"c:\winnt\assembly\gac\system.web.ui.mobilecontrols.adapters\\system.web.ui.mobilecontrols.adapters.dll" /R:"c:\winnt\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\a275b361\00771fe1_8118c401\microsoft.exchange.oma.dataproviderinterface.dll" /R:"c:\winnt\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll" /R:"c:\winnt\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\a8987466\00771fe1_8118c401\microsoft.exchange.oma.preferencing.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\oma\e7e8207d\559314f1\assembly\dl2\d9fc1bde\00986a3a_1e3ac301\microsoft.exchange.oma.tracing.dll" /R:"c:\winnt\microsoft.net\framework\v1.1.4322\mscorlib.dll" /out:"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\e7e8207d\559314f1\tu9x3x6f.dll" /debug- /optimize+ /warnaserror /w:1  "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\e7e8207d\559314f1\tu9x3x6f.0.cs"

Microsoft (R) Visual C# .NET Compiler version 7.10.6310.4
for Microsoft (R) .NET Framework version 1.1.4322
Copyright (C) Microsoft Corporation 2001-2002. All rights reserved.

error CS0016: Could not write to output file 'c:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\e7e8207d\559314f1\tu9x3x6f.dll' -- 'Access is denied. '


Show Complete Compilation Source:

Line 1:    //------------------------------------------------------------------------------
Line 2:    // <autogenerated>
Line 3:    //     This code was generated by a tool.
Line 4:    //     Runtime Version: 1.1.4322.2300
Line 5:    //
Line 6:    //     Changes to this file may cause incorrect behavior and will be lost if
Line 7:    //     the code is regenerated.
Line 8:    // </autogenerated>
Line 9:    //------------------------------------------------------------------------------
Line 10:  
Line 11:   namespace ASP {
Line 12:       using System;
Line 13:       using System.Collections;
Line 14:       using System.Collections.Specialized;
Line 15:       using System.Configuration;
Line 16:       using System.Text;
Line 17:       using System.Text.RegularExpressions;
Line 18:       using System.Web;
Line 19:       using System.Web.Caching;
Line 20:       using System.Web.SessionState;
Line 21:       using System.Web.Security;
Line 22:       using System.Web.UI;
Line 23:       using System.Web.UI.WebControls;
Line 24:       using System.Web.UI.HtmlControls;
Line 25:      
Line 26:      
Line 27:       public class global_asax : Microsoft.Exchange.OMA.UserInterface.Global {
Line 28:          
Line 29:           private static bool __initialized = false;
Line 30:          
Line 31:           public global_asax() {
Line 32:               if ((ASP.global_asax.__initialized == false)) {
Line 33:                   ASP.global_asax.__initialized = true;
Line 34:               }
Line 35:           }
Line 36:       }
Line 37:   }
Line 38:  

Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
Try the following command first:

c:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i

If this works check http://support.microsoft.com/default.aspx?scid=KB;EN-US;818486 for reasons why.
If it doesn't work start with the following:

Check Permissions of the c:\windows\microsoft.net\framework\v1.1.4322
 - Network services should have (read and execute, list folder content, Read)
 - System should have (ALL)
 - Users should have  (read and execute, list folder content, Read)

Check Permissions of the c:\windows\microsoft.net\framework\v1.1.4322\Temporary asp.net Files
 - The configuration should be the same as c:\windows\microsoft.net\framework\v1.1.4322

Dave Dietz

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vtsincAuthor Commented:
Thanks for the suggestions.   The problem still exists after running the command,
and in reviewing the logs I have one error:

(From the ASPNETSetup.Log file after running "aspnet_regiis.exe -i")

 Failure      Getting IIS6 specific SID: GetPrincipalSIDfailed with HRESULT8000ffff: 'Catastrophic failure  '

Permissions on the temoprary asp.net folders are correct, and are inherited from the parent.  I am *assuming*
that this means that permissions on the parent are correct as well, but will have to check tomorrow to confirm that is
actually the case.  Based upon the failure message it seems as if there is a mismatch between an account and
its SID, which is where I am stumped.  Googling the failure message doesn't turn up much that I've found to be
relevant, but I shall keep digging to see if there is a way to perhaps reset the association of the SID and the
"network service" account (or similar).  

I know I am grabbing at a few straws here, but thanks for your input!



I'm stumped.  :-(

I've never seen the GetPrincipalSIDfailed error come up with 8000ffff.

I'm afraid I don't have a clue where to go next.

Might be best to call Microsoft and see if they can help.....

Dave Dietz
vtsincAuthor Commented:

Thanks for you help.  Your answer is technically correct, so I awarding the points even though the problem was eventually fixed via other means.  

As it turns out we ended up contacting Microsoft.  Their Exchange people said everything was configured correctly for OMA, so they brought in
the IIS support group.  After a couple of hours doing various things such as reinstalling ASP.NET (which we tried before) we eventually hit on
the following sequence which magically fixed everything.  

Change the account for the application pool that OMA runs under from "Network Service" to LOCAL SYSTEM".  Restart IIS.  
Recycle worker processes for OMA app pool.  OMA now works under the LOCAL SYSTEM account.
Change the account for the app pool back to run under "Network Service".  Restart IIS.
Recycle worker processes again.

After that the application works properly.

So, after much ado, everything is fine.  Thanks again!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.