Windows 2012 R2 Web Server
IIS 8.5
SharePoint 2010 SP2 November CU 2015
Everyday at 2:49 AM I get the following errors one in the system log and one in the application log
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 11/13/2015 2:49:03 AM
Event ID: 1334
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERV013.FQDN.com
Description:
An unhandled exception occurred and the process was terminated.
Application ID: /LM/W3SVC/1068268973/ROOT
Process ID: 7540
Exception: System.Security.Cryptograp
hy.Cryptog
raphicExce
ption
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
hy.Cryptog
raphicExce
ption.Thro
wCryptogap
hicExcepti
on(Int32 hr)
at System.Security.Cryptograp
hy.SafePro
vHandle._F
reeCSP(Int
Ptr pProvCtx)
at System.Security.Cryptograp
hy.SafePro
vHandle.Re
leaseHandl
e()
at System.Runtime.InteropServ
ices.SafeH
andle.Inte
rnalFinali
ze()
at System.Runtime.InteropServ
ices.SafeH
andle.Disp
ose(Boolea
n disposing)
at System.Runtime.InteropServ
ices.SafeH
andle.Fina
lize()
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ASP.NET 2.0.50727.0" />
<EventID Qualifiers="49152">1334</E
ventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000
</Keywords
>
<TimeCreated SystemTime="2015-11-13T07:
49:03.0000
00000Z" />
<EventRecordID>90691</Even
tRecordID>
<Channel>Application</Chan
nel>
<Computer>TGCS013.our.netw
ork.tgcsne
t.com</Com
puter>
<Security />
</System>
<EventData>
<Data>An unhandled exception occurred and the process was terminated.
Application ID: /LM/W3SVC/1068268973/ROOT
Process ID: 7540
Exception: System.Security.Cryptograp
hy.Cryptog
raphicExce
ption
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
hy.Cryptog
raphicExce
ption.Thro
wCryptogap
hicExcepti
on(Int32 hr)
at System.Security.Cryptograp
hy.SafePro
vHandle._F
reeCSP(Int
Ptr pProvCtx)
at System.Security.Cryptograp
hy.SafePro
vHandle.Re
leaseHandl
e()
at System.Runtime.InteropServ
ices.SafeH
andle.Inte
rnalFinali
ze()
at System.Runtime.InteropServ
ices.SafeH
andle.Disp
ose(Boolea
n disposing)
at System.Runtime.InteropServ
ices.SafeH
andle.Fina
lize()</Da
ta>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WAS
Date: 11/13/2015 2:49:04 AM
Event ID: 5009
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERV013.FQDN.com
Description:
A process serving application pool 'SharePoint - Default App Pool' terminated unexpectedly. The process id was '7540'. The process exit code was '0xe0434f4d'.
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WA
S" Guid="{524B5D04-133C-4A62-
8362-64E8E
DB9CE40}" EventSourceName="WAS" />
<EventID Qualifiers="32768">5009</E
ventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
</Keywords
>
<TimeCreated SystemTime="2015-11-13T07:
49:04.0000
00000Z" />
<EventRecordID>74547</Even
tRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERV013.FQDN.com
</Computer
>
<Security />
</System>
<EventData>
<Data Name="AppPoolID">SharePoin
t - Default App Pool</Data>
<Data Name="ProcessID">7540</Dat
a>
<Data Name="ExitCode">e0434f4d</
Data>
</EventData>
</Event>
My research found these
From the Event ID 5009 ran err.exe on 0xe0434f4d
C:\Util\Err>err 0xe0434f4d
# as an HRESULT: Severity: FAILURE (1), Facility: 0x43, Code 0x4f4d
# NOT FOUND: 0xe0434f4d
Do not understand what is NOT FOUND
This seems to be COM permissions?????????
Command prompt->dcomcnfg->componen
t services->computers->right
click on my computer->properties.
Go to COM security
Under launch and activation permissions
Add the SID S-1-5-82-3006700770-424185
619-174548
8364-79489
5919-40046
96415 and provide local launch permissions.
then try and check if IISRESET still throws same error in event log.
I added spapppool account
No change
I spent many hours trying to figure out why everyday at 2:49 AM then by dumb luck I found it.
From within IIS I expanded the Application Pools list after scrolling thru each entry I found that
Application Pool SharePoint - Default App Pool is started v2.0 Integrated identity mydom\spapppool
when I clicked on Recycling Settings I see that it is set for Specific times at 2:49 AM
I also installed DebugDiag 2 Analysis and I have a dump but I a, not sure what to look for
Any thoughts
Thanks in advance
Tom