Solved

WWW Service stopped working after Admin password change

Posted on 2011-09-12
9
1,452 Views
Last Modified: 2012-05-12
We were getting a lot of failed login events to the SBS 2003 server administrator account.  I changed the password, and it appears to have affected HTTP SSL service and the WWW Publising service.
I am receiving Event 7001: "World Wide Web Publishing Service service depends on the HTTP SSL service which failed to start because of the following error: The system cannot find file specified."
Also, Event 7023: "The HTTP SSL service terminated with the following error: The system cannot find the file specified."
The file lsass.exe exists in the system32 folder.
I am unable to manually start the HTTP SSL service (same error).
It seems that the password change prevents the services from starting. The errors started occurring very soon after the password was changed.
Any help would be appreciated.
0
Comment
Question by:beyondt
  • 4
  • 3
  • 2
9 Comments
 
LVL 10

Expert Comment

by:ThorinO
ID: 36525735
What account are the services running under.
0
 

Author Comment

by:beyondt
ID: 36526069
The Log On tab in the properties of both services specifies the Local system account as the "Log on as" account.
0
 
LVL 10

Assisted Solution

by:ThorinO
ThorinO earned 200 total points
ID: 36526168
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:beyondt
ID: 36526411
That article is addressing iisadmin not starting.  My iisadmin is started.  I ran the following command and it seems that iisadmin is okay.  But frankly, I am not sure wht this is telling me:
C:\Documents and Settings\Administrator>sc query iisadmin

SERVICE_NAME: iisadmin
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
0
 
LVL 5

Accepted Solution

by:
AJS2011NZ earned 300 total points
ID: 36526555
This seems to be a issue I see more and more. Some other service is tying up the files that the HTTP SSL service requires. The first culprit tends to be your AV, so try disabling any realtime scanning and see if that helps. I have also seen the SQL reporting services cause the issue.

If these don't help, download process explorer and determine which process is locking the file. You can determine which file HTTP SSL is trying to access by running filemon and filtering for just lsass.exe

Post your findings and we will see if we can get this one sorted for you.
0
 

Author Comment

by:beyondt
ID: 36533822
Sorry for the long delay.
I ran the Process Exploere, and frankly, I did not know exactly what to make of it.  I did not see any obvious errors.
However, We are running Trend Micro WOrry-Free Business Security v7, build 1435.  I stopped the TM Master Service  and the Smart Scan Service.  I was then able to start teh HTTP SSL service and the WWW Publishing Service.  I then started the TM Master service (which started the Smart Scan), and things are working......except that an error occurred that the HTTP service had stopped.  The event ID is 15005:
"Unable to bind to the underlying transport for 0.0.0.0:8531. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number."
Immediately preceding that error, Event ID 1004 (W3SVC) occurred:
"Cannot register the URL prefix 'https://*:8531/DssAuthWebService/' for site '1273917433'. The site has been deactivated.  The data field contains the error number."

That's where I am now.  Even though things seem to be working properly, there is obviously something else going on here.
What do you think?

Thanks!
0
 
LVL 5

Expert Comment

by:AJS2011NZ
ID: 36558950
Looks like there is an issue with bindings for the WSUS site. Go into the site and check the NIC bindings, it is probably worthwhile rerunning the SBS BPA, which checks common configuration issues. I'd also recommend running the Connect Internet and Internet Address wizards.
0
 

Author Closing Comment

by:beyondt
ID: 36562114
What I ended up doing, which seemed to work, was I stopped the Trend Micro Worry Free Business Security Services.  I then was able to start HTTP, HTTPS and WWW. I then started the TM WFBS servies and all seemed okay.  I have not rebooted the server yet to see if the issue will return.
As much as I like Trend Micro WFBS, I am running across issues like this, from out of the blue that are quite annoying and time consuming.
Thanks for your input.  Event though the solutions were not complete, they were helpful in researching the issue.  That is worth points, in my book.
0
 
LVL 10

Expert Comment

by:ThorinO
ID: 36562177
Cool, can you check to see if there are multiple virtual sites in IIS using the same port? If so, that could be the reason and upon reboot you might have the same issue.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question