I moved iis website from windows 2003 iis6 to 2008 iis 7. For some reason this asp code stopped working. I enabled trace and this is what I get:
ErrorCode 800a000d Description Type mismatch.
I get it on If broj > 0 Then line. Is this because of classic asp not working on IIS7 ?
<%
Dim cate, SQL, broj
cate = Request("cate")
SQL = "select count(*) as count from members where category_id = '" & cate & "' and status_flag <> 'NON-MEMBER' and status = 'APPROVED' order by company;"
rs.Open SQL,Con,adOpenKeyset,adLockOptimistic
broj = rs("count")
If broj > 0 Then // <-- this is the line where i get error ErrorCode 800a000d Description Type mismatch//
rs.close
rs.PageSize = 3
rs.CursorLocation = adUseClient
SQL = "select * from members where category_id = '" & cate & "' and status_flag <> 'NON-MEMBER' and status = 'APPROVED' order by company;"
rs.Open SQL,Con
datum = MonthName(Month(rs("last_updated"))) & " " & Day(rs("last_updated")) & ", " & Year(rs("last_updated"))
%>
Here is a checklist I put together while moving a bunch of Classic ASP sites from IIS 6 to 7:
(1) Do not name site folders with .com at the end.
(2) Create user account:
- [app pool user identity] is app_pool_blahblahblah, pw: xxxxxx
(3) In Server Manager, right click "Web Server (IIS)" and choose "Add Role Services". Add IIS 6 Management Compatibility.
(4) In Server Manager under features add SMTP server.
Install IIS6 Resource Kit so you can
Use Metabase Explorer.
Grant the [app pool user identity] user read access to the /Local Machine/SmtpSvc/ and /Local Machine/SmtpSvc/1/ nodes in the IIS Metabas
(5) In Application Pool, advanced settings:
- set .Net Framework version to "v2.0" <-- fixed issue with default asp doc not working!
- set "Enable 32-bit applications" to TRUE.
- set managed pipeline mode to "Classic".
- under Process Model, change Identity to "[app pool user identity]" account we created.
- be sure "load user profile" is set to FALSE.
- be sure "maximum worker processes" is "1".
(6) Mail: In IIS 6 Management Console:
http://intellitect.com/configuring-windows-smtp-server-on-windows-2008-for-relay/
- Under SMTP Virtual Server Properties:
-- "Access" Tab --> Relay: add IPs of this box, including 127.0.0.1
-- "Delivery" Tab --> Advanced: for "fully qualified domain name" put name of box
-- "Delivery" Tab --> Advanced: for "smart host" put "dedrelay.secureserver.net"
-- "Delivery" Tab --> Outbound connections: Make sure limits are set to 100.
-- "Security" Tab --> add "[app pool user identity]" and IIS_IUSRS
(7) In IIS 7.5 under web site:
- Under ASP:
-- ONLY IF PROBLEM: set enable buffering to "false"
-- under limits change max req entity and buffering limit to 1024000000
-- set script language to "vbscript"
-- set "send errors to browser" to true
- Authentication --> edit "Anonymous Authentication" and set to app pool identity.
- ONLY IF PROBLEM: under error pages: under 404 set to "/home.asp" and "execute URL"
- ONLY IF PROBLEM: edit c:\windows\system32\inetsrv\config\applicationHost.config: change to "Allow"
- under Management (at bottom) go into "Configuration Editor".
-- In the dropdown go to System.web --> http runtime and change maxRequestLength to 1024000000
-- In the dropdown go to System.webserver/security/requestFiltering --> chg allowDoubleEscaping=true
(8)
Set "Modify" Permissions for the following folders:
- windows\temp
- inetpub\temp
- inetpub\mailroot
- ONLY IF PROBLEM: windows\serviceprofiles\networkservice\AppData\Local\Temp?
AND Set Permissions in registry:
- ONLY IF PROBLEM: HKLM\SOFTWARE\Wow6432Node\Microsoft\Jet\4.0\Engines?
FOR THESE USER ACCOUNTS:
- IIS_IUSRS
- [app pool user identity]
- NETWORK SERVICE
(9) Install and Use Process Monitor to find permissions issues - filter
Related
Short question: How to check the current user used by integrated security SqlClient connection when the user is an Active Directory domain user forced through the "runas" command in a debug environment. All .NET methods found in similar questions reports uncorrect results.
Long question
I have an ASP.NET application using System.Data.SqlClient library to connect against a SqlServer database.
The connection is performed through "Integrated Security = SSPI" with Active Directory domain users.
I run debug from VisualStudio Community 2017 on my PC which is not joined to the Active Directory domain, but I'm able to connect with my Active Directory domain user to the database by running VisualStudio through the "RunAs" command like this:
C:\Windows\System32\runas.exe /user:<domain>\<user> /netonly "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe"
In this way the VisualStudio process runs with the domain user on my PC (altough the task manager shows the running user as local "mariano.paniga" user). This allows the IIS Express debug session to run with the same domain user and the connection to the database works fine.
I need to check in my code the current user performing the action, but I'm not able to see what I consider the correct user connecting to the database (i.e. "/").
This is the connection command
SqlConnection sqlConn = new SqlConnection("Initial Catalog = WL; Integrated Security = SSPI; Data Source = <DB_Machine>");
These are the ways I tried to check the current user and their actual results in my debug environment:
sb.Append(string.Format("{0} - Started handling insert from user {1}\n", DateTime.Now
, System.Security.Principal.WindowsIdentity.GetCurrent().Name));
sb.Append(string.Format("{0} - Debug HttpContext.Current.User.Identity.Name = {1}\n", DateTime.Now
, HttpContext.Current.User.Identity.Name));
sb.Append(string.Format("{0} - Debug System.Environment.UserName = {1}\n", DateTime.Now
, System.Environment.UserName));
sb.Append(string.Format("{0} - Debug Thread.CurrentPrincipal.Identity.Name = {1}\n", DateTime.Now
, Thread.CurrentPrincipal.Identity.Name));
Results:
02/10/2019 10:08:51 - Started handling insert from user <MYPC-NAME>\mariano.paniga
02/10/2019 10:08:51 - Debug HttpContext.Current.User.Identity.Name =
02/10/2019 10:08:51 - Debug System.Environment.UserName = mariano.paniga
02/10/2019 10:08:51 - Debug Thread.CurrentPrincipal.Identity.Name =
Have you thought of sending the database
select ORIGINAL_LOGIN()
To purposely check the login used to start the connection.
(I'm presuming that you'd just do that to help your debugging along it's way in your current environment)
I have a legacy ASP application that I moved from a old server to Windows 2012 server with IIS 8.5.
I see the email sending is failing with the below error in IIS logs.
80040220|The__SendUsing__configuration_value_is_invalid
Current code is
Dim MyCDONTSMail2
Dim HTML
Set MyCDONTSMail2 = CreateObject("CDO.Message")
HTML = "all html format of mail content"
MyCDONTSMail2.From= "some from address"
MyCDONTSMail2.To="some to address"
MyCDONTSMail2.Subject="My Subject"
MyCDONTSMail2.HTMLBody=HTML
MyCDONTSMail2.Send
set MyCDONTSMail2=nothing
I have read a few other articles over Internet and this as well. I add a little bit of configuration in the code as shown in all other articles
MyCDONTSMail2.HTMLBody=HTML
MyCDONTSMail2.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing")=2
MyCDONTSMail2.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver")="SMTP Server Name"
MyCDONTSMail2.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport")=25
MyCDONTSMail2.Configuration.Fields.Update
MyCDONTSMail2.Send
set MyCDONTSMail2=nothing
But I still get the same error. My SMTP Server Name is absolutely correct as I used the same server in my other .Net applications hosted on the same server to this ASP application. The .Net app works well with the same configuration.
I'm not sure if ASP pages need any other configuration / installation required.
I have also tried to configure my SMTP server inside the IIS Website --> SMTL E-mail and changing the smtp server in the ASP code to localhost. But, it also resulted in the same error.
EDIT: Application Pool is set to Classic Pipeline Mode and Identity as NetworkService
Your provided sample code is not SMTP Authenticated...please try to use SMTP Authenticated script..
.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "mail#yourdomain.com"
.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "email account password"
After that, have a check with email delivery.
If an Azure site's application pool shuts down due to Rapid Fail Protection is it possible to restart it again automatically?
This question asks pretty much the same question but not related to azure
ASP.NET application pool shutdown problem
Possibly using a WebRole to monitor and some adaption of the code on this page Is it possible to restart IIS on a Azure web role without restarting the process?
var mgr = new ServerManager();
var azurePools = mgr.ApplicationPools.Where(p => Guid.TryParse(p.Name));
azurePools.ToList().ForEach(p => p.Recycle());
You can run the following script from a startup task (make sure you create an elevated background task):
Timeout= 30000
set events = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecNotificationQuery("select * from __instancecreationevent where targetinstance isa 'Win32_NTLogEvent' and TargetInstance.LogFile='System' and TargetInstance.EventCode=5002")
Do
WScript.Echo "==========================================================================="
WScript.Echo "Listening for IIS Rapid Fail Protection Events"
Set objLatestEvent = events.NextEvent
Wscript.Echo objLatestEvent.TargetInstance.Message
' get the AppPool name from the Eventlog message
appPool = objLatestEvent.TargetInstance.InsertionStrings(0)
WScript.Echo "Restarting Application Pool '" & appPool & "' in " & Timeout & " milliseconds"
WScript.Sleep(Timeout)
'construct ADSI path to failed AppPool and start by setting AppPoolCommand to 1
set pool = GetObject("IIS://localhost/w3svc/AppPools/" & appPool)
pool.AppPoolCommand = 1
pool.SetInfo
WScript.Echo "AppPool " & appPool & " restarted"
WScript.Echo "==========================================================================="
WScript.Echo
Loop
Using WMI it will listen for IIS RFP events. This is done by combining ExecNotificationQuery with NextEvent. The call to NextEvent will block until a new event arrives. When this happens, the script waits 30sec and restarts the application pool.
Anyways, if RFP kicks in it might be more appropriate to see why your process is crashing over and over again.
I'm having facing problemind with LDAP, its bit strange one. My Web server is IIS7.5(windows server 2008 R2). Its configured to use windows Authentication. I've pasted my asp page below.
Web browser is IE8, Have added the website to intranet zone and enabled send, user details if intranet zone in security tab->custom level. Intigrated windows authentication is enabled in advanced tab.
Everything works fine for 20minutes(Session time setiing and other default time out settings are for 20min). After 20minutes I get it ASP runtime error. Which says method or property memberOf for object objUser is not supported. When I get below error I change the Authentication type to basic Authentication. It prompts for windows credentials and works fine. After that I again revert back to windows authentication. And it works for sometime.
Not sure if IIS7.5 id configured with basic authentication enabled and IE8 configured as above, still why it prompts for windows Credential. Though windows Authentication mode doesn't prompt for credential, It works fine but for certain period. Can any one explain me why this strange behaviour and solution to fix this one?
<%# LANGUAGE="VBSCRIPT" %>
<%
Option Explicit
Dim oADSysInfo
Dim objUser
Dim strGroupData
Dim strUserDN
Dim arrGroups
Dim strGroup
Dim wsObject
Dim netSys
Dim strUsrDomain
strGroupData = ""
Set wsObject = CreateObject("WScript.Shell")
Set netSys = CreateObject("WScript.Network")
strUsrDomain = netSys.UserDomain
Set oADSysInfo = CreateObject("ADSystemInfo")
If err.number <> 0 Then
'getLDAPGroupInfo = strGroupData
'wsObject.popup("Error"& e.decription)
'Exit Function
End If
strUserDN = oADSysInfo.UserName
Set objUser = GetObject("LDAP://"& strUserDN)
arrGroups = objUser.memberOf
If IsEmpty(arrGroups) Then
'Wscript.Echo "Member of no groups"
ElseIf (TypeName(arrGroups) = "String") Then
'Wscript.Echo "Member of group " & arrGroups
strGroupData = arrGroups
Else
For Each strGroup In arrGroups
strGroupData = strGroupData & "," & strGroup
Next
'strGroupData = arrGroups
End If
Response.Write(strGroupData)
%>
I employed rather simple solution.
Solution I employed was as follows.
My Application is running under specific user identity(Physical path credential and Application pool idenity set to DNS account)
I created another page with above code and ran under applcation pool identity(SPN) and there by created a primary token key between Active Directory server and Webserver server
Using that key I again connected to LDAP to query user related info by calling above code under virtual directory having windows authentication and and running under user identity, there by getting user details.
If you are using asp.net programmatically impersonate user and get user detail from ldap and on application start create primary token by connecting ldap, The primary key persists till worker process is killed
Dim filePath As String = "~/Images/FleaMarket/uploadedImages/" & User.Identity.Name.ToString & "/" & itemID & Path.GetExtension(fuImage.FileName)
MsgBox(filePath)
If fuImage.HasFile Then
If Directory.Exists(Server.MapPath("~/Images/FleaMarket/uploadedImages/" & User.Identity.Name.ToString & "/")) = False Then
Directory.CreateDirectory(Server.MapPath("~/Images/FleaMarket/uploadedImages/" & User.Identity.Name.ToString & "/"))
End If
'lblMessage.Text = ""
If checkFileType(fuImage.FileName) Then
fuImage.SaveAs(Server.MapPath("../Images/FleaMarket/uploadedImages/" & User.Identity.Name.ToString))
i get an error "System.UnauthorizedAccessException: Access to the path 'D:\TriceDealsII Updated\13-10-11\Tricedeals II(4)\Images\FleaMarket\uploadedImages\mitali2054' is denied"
why??
ASP.NET Applications, which run in IIS use the User assigned to the specified Application Pool. For each Application Pool there will be a Windows User which is part of the Windows Group "IIS_IUSRS". As this User / Group do not have Write/Change Access to the directory of your Webapplication (or any other directory) you must manually grant these permissions.
To achive this: Navigate in the explorer to the specified path, where you wish to write your files / data open the Security Page of the directory to add the User of your AppPool or the Group "IIS_IUSRS" to the List and select the write (or change) permission.
Note: Write permission is always a security risk. Therefore you should restrict it as much as possible.
This is probably caused by a permissions issue on the file you're trying to access. You could try Procmon to see if it will tell you what account is trying to access the file then grant the necessary permissions to that account.