This started happening recently. After changing a couple of settings in the Advanced Settings window through a remote IIS client, the application pool automatically stops and I can't restart it without stopping again instantly or after its first web request.
What's interesting is that after getting that issue, I reenter the Identity credentials being used in the same Advanced Settings window, and the Application Pool works again.
There are no messages in the Event viewer.
The only plausible explanation is that saving the settings through a remote client somehow messes up with the Identity used. If I change the same settings directly on the server, I don't get this issue.
Has anyone had this happen before?
Related
We recently had to change a domain admin password due to a security issue. As a result, on our prod web server, we're seeing a large number of Event ID 4625 errors showing up in our security log associated with an IIS App Pool. We're on Windows 2012 R2/IIS 8.5; ASP.NET 2.0 & 4.0 are installed on the system.
The interesting piece is that the App Pool in question never used the domain admin account as its Identity. It has always used the out of the box ApplicationPoolIdentity. I should also note that the server was logged off using that affected user well prior to the password change & a new account is now used to administer the server.
The server itself though was in fact built using the affected domain admin account. All roles/features were added while logged in as the aforementioned account. With this in mind, no services are running as the account, ie World Wide Web Publishing Service/IIS Admin service. They're running as Local System & always have.
No functionality has been compromised, everything is operating normally on the web server. The issue is that our tech services team is receiving constant notifications from their account monitoring software regarding the bad logon attempts & it is impeding their operations. Full disclosure... We haven't had an opportunity to reboot the server yet since its production, we will be doing that tonight.
The problem seems to be relegated to the root of the site, the \wwwroot folder. Segregating only the root app to its own app pool/turning off the pool is not an option since it services file system requests. We've tried explicitly setting the identity on the affected app pool to use Local Service as well as a regular domain user. The issue persists regardless:
So naturally, our hope is that the reboot takes care of it... Perhaps the old password is stuck in a kerberos cache, but it's just strange since this app pool never used the ID as its identity, that it continues to show up.
We had a virtual directory that was using the ID in order to reach out to a CIFS share on the network. Once we changed that, the error ceased.
I have a ASP.Net MVC Website Hosted on IIS on couple of servers with load balancers, it a very simple page when it opens it logs user details in DB and show the view.
Issue is: It becomes unreachable sometime and pages are never opened. I have to restart APP Pool to get back on track and then it happens again.
What I have tried:
Made sure all DB connection are properly handled, any connection that gets opened are surely closed
Have put Recycle of APP Pool based on volume of RAM
Went through IIS logs and checked that request have reached there or not
There are other application also running on Server but the problem is isolated to this website
There are global users, issue persist of different global area
What I think it can be:
Might be possible that Load Balancer is never diverting my request
My request getting lost in between networks and layer
This is Production environment and we are not facing this issue in ACC or Dev.
What else I can go ahead and check?
I have a WF4 workflow which is running in AppFabric 1.1 in IIS 7.5. I am trying to test the suspension and resume functionality. The workflow is configured to 'Abandon and suspend' on unhandeld exception. To force an error I put the database that the workflow application uses (not the appfabric database) into single user mode. I then put the database back into multi-user mode and attempt to resume the workflow from the IIS AppFabric UI. I get the following error:
There was no endpoint listening at net.pipe://lonmw87129/ApprovalService/PreApprovalService.xamlx/System.ServiceModel.Activities_IWorkflowInstanceManagement that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
You have to enable the net.pipe binding on your IIS web site to allow workflow instance management.
see http://social.technet.microsoft.com/wiki/contents/articles/appfabric-configuration-issues-net-4-net-pipe-and-role-services.aspx
To enable the net.pipe protocol for a site, right-click the site, point to Manage Application, and then click Advanced Settings. Add “,net.pipe” to “http” in the Enabled Protocols line (with no space between “http” and the comma), and then click OK.
I have an application in classic asp running on IIS 7. The website uses global ASA (Application_OnStart and Session_OnEnd, the others are not being used)
The problem is this. When one user logs in/out, sometimes the entire site does some sort of IIS reset and all the visitors of that site will have their sessions all reset. If any visitor was logged, it kicks them out and they have to login again.
There is some sort of activity triggering this mass session reset, or better yet, IIS reset, because it only happens sometimes. I am not sure what could be causing it.. Any suggestions?
Use the "Recycling..." action on the relevant Application pool in IIS Manager to check the Recycling conditions.
Anything that causes recycling of the application pool will result in the loss of all current sessions. Use the same dialog to turn on logging of recycles (if not already on).
Use event log to track any recycles and their cause.
Internet Information Services (IIS) application pools can be periodically recycled to avoid unstable states that can lead to application crashes, hangs, or memory leaks. Please check this event id on technet. It explains a bit more.
If you disable recycle settings and your application is buggy then there is lots of chances of your website getting down. Recently I also increased the session timeout of my website but it was timing out 12:45 irrespective of ilde time out. Hence I shifted the recycle settings to 20:00 during non buiness hours. So that it can clear all the unwanted app pools.
Please note: In each step I describe below I'm logged in as the same domain user account.
I have a web application that controls a service on a remote machine (via ServiceController). When I connect to the website remotely and attempt to control the service, I get an InvalidOperationException: Access is denied.
I know it CAN work, because when I connect to the website from the web server (remote desktop in, login as my domain user, then open the webpage), it works as expected.
I have configured IIS and ASP.NET to require windows authentication and impersonation. I log the current thread's principal when this fails, and I see that the thread is running under my identity whether I'm connecting remotely or from the server itself.
I have tried forcing IIS to use Kerberos authentication, NTLM authentication and both at the same time; whether my principal reports its AuthenticationType as "Negotiate" or "NTLM" it doesn't matter. None of them work when I connect remotely (from my local machine)
ANOTHER weird thing about this is that if I'm debugging from my local machine/connecting to the remote server, it works every time! But I'm NOT debugging, it fails every time!
What in the heck could be going on here?
Your scenario is delegation and not impersonation. Delegation is hard to achieve and it depends on many thing that are done right.
A place to start would be Kerberos authentication and troubleshooting delegation issues
David Wang blog is a very useful resource on thous issues.
"ANOTHER weird thing about this is that if I'm debugging from my local machine/connecting to the remote server, it works every time! But I'm NOT debugging, it fails every time!"
That's a clear indication that you have permission issues. When you run in the debugger you're running as the logged on user, when you're not debugging it runs as whatever IIS is set to use (NETWORK SERVICE by default). Try setting (temporarily!) the Enable anonymous access using your domain account as the user and see if that works. If it does then it means your IIS is not setup properly to impersonate (and it's probably running as NETWORK SERVICE).
Permissions in IIS can be a bitch to fine tune properly...
Good luck!
P/S: This looks more like a network administration question than a programming one (see https://stackoverflow.com/questions/321618/stackoverflow-is-for-programming-questions-here-are-some-better-forums-for-your#321756)