I have this config in my standalone-ha.xml in datasource tag
<pool>
<min-pool-size>50</min-pool-size>
<max-pool-size>150</max-pool-size>
<prefill>true</prefill>
<use-strict-min>false</use-strict-min>
<flush-strategy>FailingConnectionOnly</flush-strategy>
</pool>
but when my Keycloak Kubernetes pod gets up, my pool tag has overridden with this
<pool>
<flush-strategy>FailingConnectionOnly</flush-strategy>
</pool>
Does anyone know why this happened?
Related
I have asp.net core 3.1 web api. When I run the project locally in Visual studio, it works fine. But when I publish it to IIS and run it, I get the error.
500 Internal Server Error","error": "A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)"}
Or Login failed for user domain_name\machine_name.
connection string looks like this
"ConnectionStrings": {
"ABCDB": "Server=xxx-test,80;Database=abc;Integrated Security=true;MultipleActiveResultSets=true;"
},
I have the hosting bundle installed for .net core 3.
my app runs under ApplicationPoolIdentity which is added to the database and has the permissions. My application pool is set to No Managed Code with ApplicationPoolIdentity.
The endpoints for the api which are not connecting to the database work just fine on published version but anything that is connecting to the database gives the error.
I referred to couple of links but hard luck.
https://www.loganfranken.com/blog/1345/why-your-web-application-cant-connect-to-sql-server/
IIS fails to pass windows credentials through to SQL Server for ASP.NET Core app
Why asp.net core app uses different user than AppPool identity for Windows Authentication when connecting to SQL Server?
Any help is appreciated.
Edit: The only things that works for me running the appPool under custom account(my credentialis) but does not work under appPoolIdentity on IIS
It seem that your environment needs a reset.
1- Manually check your app folder under IIS to see if any cached files or similar ones could be deleted.
2- Ideally, install it in a new folder under IIS
3- Reset the IIS
4- Make a hard refresh of the web browser
your connection string should be like this:
"ABCDB": "Data Source=xxx-test;Initial Catalog=abc;Integrated Security=SSPI;Persist Security Info=True;"
and add application pool name of your published application of security/users folder of your DB:
IIS APPPOOL\<apppool name>
Or add a new user account to you DB with user name and password. In this case you will also have to change the connection string.
I was having the same issue.
Other .NET Core 3.1 web apps are running just fine with the same authentication method (anonymous authentication) on the same IIS instance on the same server using the same connection string to the same MS SQL DB.
With this one particular .NET Core 3.1 web app, IIS is causing the app to try to authenticate to MSSQL DB with the username {DOMAIN}\{Computer Name}
The issue for me was that the connection string for the one app with the issue had "Trusted_Connection=True".
I knew that I would get this authentication interception from IIS with Integrated_Security but did not realize that Integrated_Security is synonymous with Trusted_Connection.
So the fix is to remove Trusted_Connection = True or Integrated_Security = True from the DB connection string in the app. If you need either of these two for your code to work (but are providing a username and password in the DB connection string), you should probably re-evaluate your code. Otherwise, the behavior OP and I observed should be what you want to happen and this isn't a problem.
I'm getting the following error randomly, sometimes works, but sometimes it fails:
Unable to make the session state request to the session state server.
Please ensure that the ASP.NET State service is started and that the
client and server ports are the same. If the server is on a remote
machine, please ensure that it accepts remote requests by checking the
value of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection.
If the server is on the local machine, and if the before mentioned
registry value does not exist or is set to 0, then the state server
connection string must use either 'localhost' or '127.0.0.1' as the
server name.
My sessionState configuration in the Web.config is the following:
<sessionState cookieless="UseCookies" mode="StateServer" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" stateConnectionString="tcpip=127.0.0.1:42424" timeout="20" />
I have double-checked that the ASP.NET state server is up & running. Also I've checked that the ASP.NET state server is running on port 42424. In fact, sometimes work. My IIS application pool is .NET 4 integrated pipeline.
I have also checked this article from Microsoft, that suggest to increase the stateNetworkTimeout. But seems not to be a good solution for me since the server is not under heavy load.
When I go to the event viewer, I see the following warnings:
Event code: 3009
Event message: Unable to make the session state request to the session state server. Details: last phase='Sending request to the state server', error code=0x80072749, size of outgoing data=0
Event time: 8/27/2014 4:38:04 PM
Event time (UTC): 8/27/2014 2:38:04 PM
Event ID: 848eadc753cf4e99aee72824d1d7fc85
Event sequence: 239
Event occurrence: 12
Event detail code: 50016
Application information:
Application domain: /LM/W3SVC/2/ROOT/download-7-130536222982810000
Trust level: Full
Application Virtual Path: /download
Application Path: C:\inetpub\vhosts\plasticscm.com\httpdocs\download\
Machine name: main
Process information:
Process ID: 4124
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: HttpException
Exception message: Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same. If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection. If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '127.0.0.1' as the server name.
What things can I do to further investigate this?
I used google map static api to get map image, but I got an error "The remote name could not be resolved:'maps.googleapis.com'" when executing using (HttpWebResponse response = request.GetResponse() as HttpWebResponse).
But I can got image of google map in windows application(same code with web application), I don't know what happened
This thing is happen due to proxy setting in your system.Please add this code in your web.config file and it will work.
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
</defaultProxy>
</system.net>
The problem can go from invalid url (hostname) to your firewall or proxy blocking the request or even misconfigured host file or DNS.
I also faced same issue.
If you are connected with local area network and protected by Proxy server then Go in google chrome settings.
Our system takes default settings from google chrome.
In settings of chrome, go in proxy settings.Click on Lan setting.Click on proxy setting checkbox and click as well on by pass proxy server for local addresses.Also fill details of your proxy server in textbox.
Go in advance and in exceptions field type localhost.Run project again.It will work.
I can access the elmah.axd file, to view errors, when browsing using the localhost host name (i.e. http://localhost:24425/admin/elmah.axd).
I created a different host name and added it in my host file (to mirror production domain name). When I browse the site, and force an exception, the exception does get logged (SQL Server) using the prod host name. However, I am not able to view the elmah.axd file (i.e. http://www.foo.com/admin/elmah.axd). I get "HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."
When I force an exception, using the localhost url, the exception still does get logged in SQL and I am able to browse this file: http://localhost:24425/admin/elmah.axd. However, I only see exceptions that occur under the localhost url (not the www.foo.com url).
After reviewing SQL, I see errors that happen using localhost with Application "/" and User set to the account I am logged in with. The errors generated when using www.foo.com have Application set to "/LM/W3SVC/6/ROOT" and the User column is blank.
I just need to be able to access the elmah.axd file when using www.foo.com/admin/elmah.axd. I have set security allowRemoteAccess to "1" in my web.config and have also added the elmah stuff to system.web and system.webServer nodes in my web.config.
I am using Windows Server 2008R2, IIS7.5 and it is a ASP.NET site (set up as a Web Application).
Thanks for any advice given.
By default elmah.axd can only be viewed on the local machine (whicj is why using localhost works).
You need to configure the web application to allow remote access.
I have an ASP.NET application that executes a WMI call to a remote system. The application Web.config contains <identity impersonate="true"> and <authentication mode="Windows"> options which, as I understand, should force the application code to be executed on behalf of the application user.
The problem is that I get "Access is denied" error, despite the fact I can successfully execute the my WMI request from PowerShell console on the same host under the same user to the remote server in question.
// this doesn't work
ManagementScope scope = new ManagementScope();
scope.Path.NamespacePath = "root\\virtualization";
scope.Path.Server = "vs01";
scope.Connect(); // <-- here comes exception
# this works just fine
Get-WmiObject -Namespace 'root\virtualization' -Class Msvm_ComputerSystem -ComputerName vs01
Dumping HttpContext.Current.User.Identity.Name, System.Security.Principal.WindowsIdentity.GetCurrent().Name, System.Threading.Thread.CurrentPrincipal.Identity.Name properties suggest that impersonation works as expected.
Ideas? Could the issue be some kind of .NET or IIS security?
You need to have a domain administrator enable Delegation for your web server machine. This is a security feature of Kerberos. By default an intermediate server (in this case your web server) is not allowed to pass the impersonation context of a client to the remote server unless it has been given Delegation permission. If you don't do this the remote target server will see the request coming in as Anonymous User... which if its properly secured will be denied access.
Note its a common policy to only allow an intermediate server to delegate to specific target servers (called constrained delegation), so if your web app needs to be able to call WMI on any server in your network you may have problem. Talk to your domain admin.