Windows Small Business Server SBS 2008, Sharepoint internal companyweb , Server Error in '/' Application

I have Small Business Server 2008 which was running well until companyweb and access to rww stopped working. Trying to access http://companyweb I get the attached error code (customErrors mode="Off").

Im under pressure to fix this today so any help would be greatly appreciated and points will be awarded for any progress. Many thanks.
Server Error in '/' Application.
--------------------------------------------------------------------------------

Access is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Runtime.InteropServices.COMException: Access is denied.


Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 


[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +635
   System.DirectoryServices.DirectoryEntry.Bind() +62
   System.DirectoryServices.DirectoryEntry.get_IsContainer() +53
   System.DirectoryServices.ChildEnumerator..ctor(DirectoryEntry container) +36
   System.DirectoryServices.DirectoryEntries.GetEnumerator() +39
   Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.System.Web.IHttpModule.Init(HttpApplication app) +699
   System.Web.HttpApplication.InitModulesCommon() +135
   System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers) +2602372
   System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context) +347
   System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +139
   System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +196

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.1873; ASP.NET Version:2.0.50727.1871

Open in new window

SEDWEBAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
have a look in your server's application/system/security logs and see if there's a more detailed entry for what exactly is being denied access to

did you recently change the application-pool identity?
0
SEDWEBAuthor Commented:
Im getting a couple of errors which may be related:

Security: Audit Failure EventID 4625. LogonProcessName Advapi  C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe.

System: Error EventID: 10016 DistributedCOM - The machine-default permission settings do not grant Local Activation permission for the COM Server application CLSID to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. (Could do with help for this one).

Finally something that related to the Companyweb access attempt from the local machine: Warning: An unhandlled exception has occured. Event code 3005. Details Attached.  



Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          05/04/2010 13:26:17
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERVER.domain.local
Description:
Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 05/04/2010 13:26:17 
Event time (UTC): 05/04/2010 12:26:17 
Event ID: e34d09c7f4134b399a21b27ee65f7411 
Event sequence: 10 
Event occurrence: 9 
Event detail code: 0 
 
Application information: 
    Application domain: /LM/W3SVC/949488155/ROOT-1-129149429077684920 
    Trust level: WSS_Minimal 
    Application Virtual Path: / 
    Application Path: C:\Program Files\Windows Small Business Server\Bin\WebApp\InternalWebSite\ 
    Machine name: SERVER 
 
Process information: 
    Process ID: 7668 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\NETWORK SERVICE 
 
Exception information: 
    Exception type: COMException 
    Exception message: Access is denied.
 
 
Request information: 
    Request URL: http://companyweb/ 
    Request path: / 
    User host address: 192.168.1.22 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
 
Thread information: 
    Thread ID: 4 
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
    Is impersonating: False 
    Stack trace:    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_IsContainer()
   at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container)
   at System.DirectoryServices.DirectoryEntries.GetEnumerator()
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.System.Web.IHttpModule.Init(HttpApplication app)
   at System.Web.HttpApplication.InitModulesCommon()
   at System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers)
   at System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context)
   at System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context)
   at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
 
 
Custom event details: 

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ASP.NET 2.0.50727.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-04-05T12:26:17.000Z" />
    <EventRecordID>185893</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>05/04/2010 13:26:17</Data>
    <Data>05/04/2010 12:26:17</Data>
    <Data>e34d09c7f4134b399a21b27ee65f7411</Data>
    <Data>10</Data>
    <Data>9</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/949488155/ROOT-1-129149429077684920</Data>
    <Data>WSS_Minimal</Data>
    <Data>/</Data>
    <Data>C:\Program Files\Windows Small Business Server\Bin\WebApp\InternalWebSite\</Data>
    <Data>SERVER</Data>
    <Data>
    </Data>
    <Data>7668</Data>
    <Data>w3wp.exe</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>COMException</Data>
    <Data>Access is denied.
</Data>
    <Data>http://companyweb/</Data>
    <Data>/</Data>
    <Data>192.168.1.22</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>4</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>False</Data>
    <Data>   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_IsContainer()
   at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container)
   at System.DirectoryServices.DirectoryEntries.GetEnumerator()
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.System.Web.IHttpModule.Init(HttpApplication app)
   at System.Web.HttpApplication.InitModulesCommon()
   at System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers)
   at System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context)
   at System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context)
   at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
</Data>
  </EventData>
</Event>

Open in new window

0
SEDWEBAuthor Commented:
Q. did you recently change the application-pool identity?

A. Not knowingly, cant rule it out because there is another tech guy who could have potentially played with it. I suspect though it was an windows update last year that triggered it to suddenly stop working.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

SnowWolfCommented:
Have you tried a restart?
0
SEDWEBAuthor Commented:
Im wondering if another potential cause could be the DNS records. Seem to have remote.server.com and remote.remote.server.com !! Attached screenshot.
dns-problem.png
0
SEDWEBAuthor Commented:
Yes tried many restarts.
0
B HCommented:
based on your screenshot in your original question, this is a permissions error... if it was unable to resolve, or resolving improperly, we'd be seeing different errors.  the remote.remote.whatever.local doesn't hurt anything.  it might be redundant or not being used, but it's not hurting anything

it seems like your application is running as "network service" which is ok, but some files/folders don't have that account set up for access
0
SEDWEBAuthor Commented:
Ok thanks for note on DNS.

I have attached a screenshot of the Application Pools. It show SBS Sharepoint AppPool running as a Network Service. Can this service be given permission or set to run as a local service? What do you suggest?

Many thanks
applicationpools.png
0
SEDWEBAuthor Commented:
Could it be an issue with ASP.NET v2.0, i have seen some discussions about reinstalling it. If I did this would do you think it would affect any settings in IIS?
0
B HCommented:
Set it for local system for testing, recycle the app and restart the site...
0
B HCommented:
Set it for local system for testing, recycle the app and restart the site...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SEDWEBAuthor Commented:
We are very close. Companyweb now runs from a local client machine.

So that indicated a permissions problem with the network service identity. Do you know where to change permissions for the NetworkService?
0
B HCommented:
see the location of your companyweb "site" in IIS, explore to there, and you can adjust the permissions there to allow network service (might be best to explore to the site location, and then go up one level, set permissions on that

after, change your application back to network service and if it works, that should be that

0
SEDWEBAuthor Commented:
Have done the same for SBS Websites and now have remote web workplace working which is excellent.

Only slight issue is that no images are showing under the RWW login screen. Example image url: https://remote.company.com/Remote/images/desktop.png.

 The images exists on the server and I have checked the permissions.
0
B HCommented:
the link you posted cant be reached without logging into your RWW, which is ok, but useless for here - and identifies your company, so we'll ask a mod to clean that up when we're done

have you found the "/images/" folder on the actual hard drives, and verified permissions there?

have a look at the IIS log files, for entries at the time you test, that end in 5## # #  (like, - 500 2 12)

copy those lines, edit them so they dont identify your ip or company name, and paste here

0
SEDWEBAuthor Commented:
At the time of testing im getting an Application error, EventID 2424 - Windows SharePoint Services 3 Search... The update cannot be started because the content souces cannot be accessed.. Context: Application 'Search', Catalog  'index file on the search server Search' (Task Category: Gatherer)

It does all seem to be working internally, except the images. Will test externally this evening.

Cannot see anything in the log files for WebWorkplace, only some bits from 6 months ago.

Can a Moderator please change my last link as it shows the company. Many thanks.
0
B HCommented:
well, i can get the login prompt, so it's at least working that much from external.

lemmie do a little research on the images issue and get back to you in a bit

(a mod will be by shortly to clean up the company name)
0
SEDWEBAuthor Commented:
Thank you for your help so far. Much appreciated.
0
B HCommented:
ok, the images that dont show up...  

1. do they live here? C:\Program Files\Windows Small Business Server\Bin\webapp\Remote\images
   a. if not, where... and have you confirmed the file permissions on that images folder, to allow
2. what do you see where the images should be - can you post a screenshot, not including any private info?

i'm about to test this from my home machine, should see a lot more detail in a sec
0
B HCommented:
at a fork in the road researching - do your other sites show red x's for images?  companyweb, owa, connect, etc
?
0
B HCommented:
well, i'm out of research ideas... so lets compare security/apps from a working setup...

here's what i got

iis > "SBS Web Applications" > edit permissions > security:
creator owner: special, allow full to subfolders and files only
trustedinstaller: special, allow full to this folder and subfolders
system: allow full control
users (domain\users): allow read&execute
administrators (domain\administrators): allow full control
(all of these are inherited from program files)

iis > "Remote" > edit permissions > security:
all the same as above

iis > "Remote\images" > edit permissions > security:
all the same as above

iis > "SBS Web Applications" > edit bindings:
type, host, port, ip, binding-info:
http, blank, blank, blank, *:80:Sites
http, remote.domain.com, 80, *, blank
http, autodiscover.domain.com, 80, *, blank
http, gateway.domain.com, 80, *, blank
https, blank, 443, *, blank

iis > "SBS Web Applications" > view applications:
/Remote = C:\Program Files\Windows Small Business Server\Bin\WebApp\Remote
/Remote, Application Pool > SBS Web Workplace AppPool (v2.0)

iis > application pools > SBS Web Workplace AppPool:
dot net: version 2.0
managed pipeline mode: integrated
identity: networkservice

iis > sbs web applications > remote > images > content view
desktop.png security shows:
system: allow full control
domain\administrators: allow full control
domain\users: allow read&execute






0
SEDWEBAuthor Commented:
Only the remote site is showing red x's for the images. Ive tried changing the permissions on the images folder and child objects, but nothing seems to make a difference. Any ideas what could be overiding the permissions?
0
B HCommented:
the iis logs would hopefully tell us more but they're apparently not.

i have seen these tonight while testing, when accessing /Remote using a hostname that doesn't match the security certificate.  IE8 says "are you sure you dont want to not view only the insecure content" or whatever its double-speak stupid question is where most people hit YES and only see https content... the desktop.png was delivered via http, and not https, so IE8 didnt show it.

i wish they just kept the old warning "do you want to display both the secure and the non-secure content?" since we're all used to just clicking yes... now it's backwards

what are your permission settings on the images folder?  (substitute your identifying info for generic)
0
SEDWEBAuthor Commented:
The only way I can get RWW to work is by selecting LocalSystem in the Application pool for SBS Remote Web Workplace, however the images do not show.

When the identity NetworkService (built-in)is selected, it doesnt work at all.

It would be good if I could check the permissions for the built in NetworkService account, because this looks to be the issue. Would you agree? I dont know though where to find this account, is it perhaps built into SBS and if it is, by changing the password, could it mess up other things up that SBS uses?
0
SEDWEBAuthor Commented:
Have a Warning in the Event Viewer for Share Point.
Log Name:      Application
Source:        Windows SharePoint Services 3 Search
Date:          06/04/2010 02:00:13
Event ID:      2436
Task Category: Gatherer
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERVER.domain.local
Description:
The start address <sts3s://remote.domain.com:987/contentdbid={bb9ce6ae-af97-47dd-acf4-6d483f7300aa}> cannot be crawled.

Context: Application 'Search index file on the search server', Catalog 'Search'

Details:
	Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.   (0x80041205)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows SharePoint Services 3 Search" />
    <EventID Qualifiers="32768">2436</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-04-06T01:00:13.000Z" />
    <EventRecordID>186589</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Context: Application 'Search index file on the search server', Catalog 'Search'

Details:
	Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.   (0x80041205)</Data>
    <Data>sts3s://remote.domain.com:987/contentdbid={bb9ce6ae-af97-47dd-acf4-6d483f7300aa}</Data>
  </EventData>
</Event>

Open in new window

0
SEDWEBAuthor Commented:
Oh sorry, the permissions looked good, thank you for those.

Even setting permissions to allow Everyone and taking off inherite permissions for the images folder didnt work.
0
B HCommented:
you could add networkservice to those folders, full control... just type "network" and hit check name - it'll resolve to two addresses, just pick the "network service" one

i'm looking at your paste from above and will post back in a few

but yeah this is a permissions issue based on the app impersonation
0
B HCommented:
for the cannot be crawled, this looks real promising:
http://microsofttoolbox.com/2009/12/sbs2008-wss-3-0-event-2436/

and, although this specific problem isn't happening right now, it was before:
http://microsofttoolbox.com/2009/12/server-error-in-remote-application-error-when-trying-to-browse-rww/
0
SEDWEBAuthor Commented:
Thank you bryon44035v3 for all your help solving this issue. ive learnt alot about IIS and the permissions. I think SBS tries to restrict changes to the RWW. After much testing I found the Web.config in the images folder was causing the issue. By renaming this file, it allowed the images to be viewed locally and remotely. Thanks again, Daniel
0
SEDWEBAuthor Commented:
Many thanks again.
0
B HCommented:
wow, that's great to know.

i have a whole lot of hours experience with sbs sharepoint, more than i'd like, but it's always good to learn more stuff... which is why i like to participate here, for the chance to research
0
freaky_NLCommented:
Hi,

did you ever properly resolve this? Setting the app pool to the localsystem account is something I'd only consider a temporary workaround. We have the same issue (both companyweb and /remote stopped working). It must be something with permissions somewhere, but haven't yet figured out where.

Have temporarily set the app pools to run as localsystem and that fixes it, but knowing SBS it's only a matter of time before an update or a wizard is going to screw things up because settings are not what it expects them to be.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.