Windows 2012 R2 Web Server
IIS 8.5
SharePoint 2010 SP2 November CU 2015
Everyday at 2:49 AM I get the following errors one in the system log and one in the application log
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 11/13/2015 2:49:03 AM
Event ID: 1334
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERV013.FQDN.com
Description:
An unhandled exception occurred and the process was terminated.
Application ID: /LM/W3SVC/1068268973/ROOT
Process ID: 7540
Exception: System.Security.Cryptograp
hy.Cryptog
raphicExce
ption
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
hy.Cryptog
raphicExce
ption.Thro
wCryptogap
hicExcepti
on(Int32 hr)
at System.Security.Cryptograp
hy.SafePro
vHandle._F
reeCSP(Int
Ptr pProvCtx)
at System.Security.Cryptograp
hy.SafePro
vHandle.Re
leaseHandl
e()
at System.Runtime.InteropServ
ices.SafeH
andle.Inte
rnalFinali
ze()
at System.Runtime.InteropServ
ices.SafeH
andle.Disp
ose(Boolea
n disposing)
at System.Runtime.InteropServ
ices.SafeH
andle.Fina
lize()
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ASP.NET 2.0.50727.0" />
<EventID Qualifiers="49152">1334</E
ventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000
</Keywords
>
<TimeCreated SystemTime="2015-11-13T07:
49:03.0000
00000Z" />
<EventRecordID>90691</Even
tRecordID>
<Channel>Application</Chan
nel>
<Computer>TGCS013.our.netw
ork.tgcsne
t.com</Com
puter>
<Security />
</System>
<EventData>
<Data>An unhandled exception occurred and the process was terminated.
Application ID: /LM/W3SVC/1068268973/ROOT
Process ID: 7540
Exception: System.Security.Cryptograp
hy.Cryptog
raphicExce
ption
Message: Keyset does not exist
StackTrace: at System.Security.Cryptograp
hy.Cryptog
raphicExce
ption.Thro
wCryptogap
hicExcepti
on(Int32 hr)
at System.Security.Cryptograp
hy.SafePro
vHandle._F
reeCSP(Int
Ptr pProvCtx)
at System.Security.Cryptograp
hy.SafePro
vHandle.Re
leaseHandl
e()
at System.Runtime.InteropServ
ices.SafeH
andle.Inte
rnalFinali
ze()
at System.Runtime.InteropServ
ices.SafeH
andle.Disp
ose(Boolea
n disposing)
at System.Runtime.InteropServ
ices.SafeH
andle.Fina
lize()</Da
ta>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WAS
Date: 11/13/2015 2:49:04 AM
Event ID: 5009
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERV013.FQDN.com
Description:
A process serving application pool 'SharePoint - Default App Pool' terminated unexpectedly. The process id was '7540'. The process exit code was '0xe0434f4d'.
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WA
S" Guid="{524B5D04-133C-4A62-
8362-64E8E
DB9CE40}" EventSourceName="WAS" />
<EventID Qualifiers="32768">5009</E
ventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
</Keywords
>
<TimeCreated SystemTime="2015-11-13T07:
49:04.0000
00000Z" />
<EventRecordID>74547</Even
tRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERV013.FQDN.com
</Computer
>
<Security />
</System>
<EventData>
<Data Name="AppPoolID">SharePoin
t - Default App Pool</Data>
<Data Name="ProcessID">7540</Dat
a>
<Data Name="ExitCode">e0434f4d</
Data>
</EventData>
</Event>
My research found these
From the Event ID 5009 ran err.exe on 0xe0434f4d
C:\Util\Err>err 0xe0434f4d
# as an HRESULT: Severity: FAILURE (1), Facility: 0x43, Code 0x4f4d
# NOT FOUND: 0xe0434f4d
Do not understand what is NOT FOUND
This seems to be COM permissions?????????
Command prompt->dcomcnfg->componen
t services->computers->right
click on my computer->properties.
Go to COM security
Under launch and activation permissions
Add the SID S-1-5-82-3006700770-424185
619-174548
8364-79489
5919-40046
96415 and provide local launch permissions.
then try and check if IISRESET still throws same error in event log.
I added spapppool account
No change
I spent many hours trying to figure out why everyday at 2:49 AM then by dumb luck I found it.
From within IIS I expanded the Application Pools list after scrolling thru each entry I found that
Application Pool SharePoint - Default App Pool is started v2.0 Integrated identity mydom\spapppool
when I clicked on Recycling Settings I see that it is set for Specific times at 2:49 AM
I also installed DebugDiag 2 Analysis and I have a dump but I a, not sure what to look for
Any thoughts
Thanks in advance
Tom
Or did it come up with NOV 2015 CU?
What pointed you to the DCOM description, did you have this error in combination with the other error?
Does the pool recycle?
I would expect that this may be a permission problem. If you see a DCOM error, it can even come up,
if a component tries to start too early. Seen it more often with local accounts as local service or network service. So interesting in this combination is the farm count and the identity of the app pool.
In which local groups are they a member?
Also keep in mind that changing permissions need sometimes a logoff. So you have to shut down al the services running under this account and restart them again (or just reboot the machine.
So you said the error comes also up, if you run IISReset, right? Are you farm admin? In which local groups is your account?
What maybe a fast try is to change the App Pool (via the SharePoint service accounts ) to a temporary account, IISRESET, change it back, run the SharePoint config wizard and see, if it makes any change. Also you may reboot the machine and see, if the behavior change.
This procedure may reset all needed permissions for the pool account.