I have configured a Receive port and its location. When i run the BizTalk application in i get following error.
The Messaging Engine failed to add a receive location "EDIReceiveLocation" with URL "C:\EDIReceive*.txt" to the adapter "FILE". Reason: "File transport does not have read/write privileges for receive location "C:\EDIReceive\". ".
I am receiving a txt file and converting it into an xml in my BizTalk application.
Can anyone tell me what I am missing here in the terms of permissions or any other stuff?
The service account running the BizTalk host instance that your receive location is associated with must have Full Control permissions on the directory it is polling.
Here is a good link to take you through which permissions to add and how to add them:
Biztalk File Permissions
Related
I need to read the file of another server via vb.net application. For this case I tried to read destination file by FileSream.
The destination file in the another server is (\dstServer\sheardFolder\dstFilename). for destination parent path I type \dstServer\sharedFolder\Filename and this string is included in the FileSream Class. When I run this application I get the error of asp.net with this subject (Login failure: unknown user name or bad password)...!!!
I set the following permissions on the parent folder at the destination Server
1- users have a full permission
2- everyone have a full permission
3- asp.net have a full permission
Note: I searched in the internet and noticed that in the first step I should connect to the destination Server and my users should be authenticated by the destination Server.
After that I used .Net security classes and advapi32.dll , Kernel32.dll also impersonateValidUser.
I set the destination Server username and destination Server password and destination Server name or IP in the impersonateValidUser function but when I run the applciation, I get the response (failed) which means that connect to the destination Server is failed.
This application that is used to connect the users with destination server was in the following microsoft sample code: http://support.microsoft.com/kb/842789
Please give me tips.
Thanks in advance.
Just installed BizTalk 2010 and the HL7 adaptor, trying to set up a proof of concept application through the admin console:
1)Created a new 'Demo Application'
2)Created a request/response receive port
3)Created a request/response receive location associated to the receive port
3.a) Set the Type to MLLP
3.b) The only options I see for the Recieve pipeline are:
PassThrueReceive
XMLRecieve
3.b) The only options I see for the send pipeline are:
PassThruTransmit
XmlTransmit
How do I get the BTAHL7X and BTAHL7XML receive/send pipeline components to appear as an option?
I've tried adding a reference to BTAHL2XMLPipeline.dll and BTAHL72XPipeline.dll but I get an error:
Failed to add resources to application.
For help, click:
http://go.microsoft.com/fwlink/?LinkId=47400&ProdName=Microsoft+BizTalk+Server+2010&ProdVer=3.9.469.0&EvtSrc=Microsoft.BizTalk.Administration.SnapIn.Properties.Errors&EvtID=AddFilesForm_AddFailed&EvtChain=Microsoft.BizTalk.ApplicationDeployment+%2cApplyMultipleResourcesAddError%3bMicrosoft.BizTalk.ApplicationDeployment+%2cSatEntryExists
------------------------------ ADDITIONAL INFORMATION:
Failed to add resource(s). (mscorlib)
For help, click:
http://go.microsoft.com/fwlink/?LinkId=47400&ProdName=Microsoft+BizTalk+Server+2010&ProdVer=3.9.469.0&EvtSrc=Microsoft.BizTalk.ApplicationDeployment&EvtID=ApplyMultipleResourcesAddError&EvtChain=Microsoft.BizTalk.ApplicationDeployment+%2cSatEntryExists
Resource (-Type="System.BizTalk:BizTalkAssembly"
-Luid="BTAHL72XPipelines, Version=1.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35") already in store. 1) Use BTSTask's
overwrite flag or 2) Set redeploy flag to true in BizTalk Project or
3) Click overwrite all checkbox in Admin MMC to update if the
resource exists in the specified target application
"DemoApplication1". Overwrite flag will be ignored if the resource is
associated with another application.
(Microsoft.BizTalk.ApplicationDeployment.Engine)
For help, click:
http://go.microsoft.com/fwlink/?LinkId=47400&ProdName=Microsoft+BizTalk+Server+2010&ProdVer=3.9.469.0&EvtSrc=Microsoft.BizTalk.ApplicationDeployment&EvtID=SatEntryExists
In your new application, do you have a reference to the default application?
From the BizTalk Administration Console, Right-Click on the application and choose Properties.... In the Properties screen, choose References. You will want to add a reference to the default application here.
If you do have a reference to the default application, has the adapter been registered?
From the BizTalk Administration Console, expand Platform Settings and then right-click on Adapters. Select the New > Adapter... option and then look for MLLP in the dropdown. Select MLLP and give it a name of MLLP and then select OK. At this point, you should have the MLLP adapter available for use.
On II7 we host a WCF/asp.net based API. In order to allow users of a classic asp application to connect to the API we had to publish a version we refer to as "transport". This Transport version is written in asp.net too, it points to the same assembly , its just the security layer is different to allow classic asp to authenticate. Transport level security is used as opposed to message based security.
When using a browser to load the service reference i can loading the svcutil.exe ... WDSL page.
When using my test asp page to call a web method from this reference i get the following returned:
Finished calling Web Service.
Status = Internal Server Error
ResponseText = a:InvalidSecurityAn error occurred when verifying security for the message.
This suggests that the authentication is failing. When testing using asp.net or the application WCF storm to contact the normal API everything works well.
The API was recently migrated , it would appear something has not been setup correctly but i am at a loss to explain what.
I can browse to the svcutil.exe ... WDSL service reference, when selecting it via the browser i get the expect XML response.
The USER NAME and password utilised work when using the non-classic asp publicaiton of the API using the message based secuirty.
Would it be possible to post some troubleshooting tip that may help diagnoise the issue please specifically regarding transport level security fault finding and setup ?
Thank you
Scott
EDITED TO ADD THE FOLLOWING UPDATE:
Attempted to use the Default App Pool and a new App Pool but same problem persists.
My test page error: ResponseText = a:InvalidSecurityAn error occurred when verifying security for the message.
IIS LOG shows:
v3/transport/testclassicasptransportwcfservice.asp ( 200 0 0 ) (i.e iis 200)
/V3/Transport/DeviceService.svc/DeviceService (500 0 0) (i.e iis error 500)
note: virtual dir defined on TRANSPORT and V3. V3 works ok using .net as opposed to classic asp to authenticate.
EVENT LOG:
The Template Persistent Cache initialization failed for Application Pool 'transport' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes.
This reference appears to suggest a fix but many of the DIR paths and references in "appcmd" dont exist.
_http://theether.net/kb/100127
REF http://theether.net/kb/100127
load cmd prompt
CD to C:\Windows\System32\inetsrv
enter: appcmd list config -section:system.webServer/asp
the following path is displayed: c:\inetpub\conf\temp\ASP compiled templates
check path exists (it does)
Check if the NETWORK SERVICE has permissions to access "ASP compiled templates" If not from appcmd execute;
icacls "c:\inetpub\conf\temp\ASP Compiled Templates" /grant "NETWORK SERVICE:(OI)(CI)(M)"
should read "sucessfully processed 1 files"
restarted app pool.
THE "InvalidSecurityAn error occurred when verifying security for the message" problem still persists but the "COULD NOT CREATE A DISK CACHE SUB-DIRECORY .... " error from the eventlog is no longer occurring.
Sorry another update. The network service permission change DID NOT resolve the issue , changeing to the DEFAULT APP POOL solved the problem.
Got a lead at last. Examined:
ServiceSecurityAudit set in service behaviour. Ref http://intrepiddeveloper.wordpress.com/2008/08/07/security-event-logging-auditing/#
IIS logs (simply shows the non-specific error 500.)
Fault tracing enabled( also shows error 500).
Custom errors were off
Friendly IE messages were off
Asp client side and server side debugging on
ProcessMon running , no errors.
Web.config httpErrors errorMode="Detailed" /> +
ServiceSecurityAudit found me an "Object reference not set to an instance of an object" so sounds like our app has a bug.
Follow up (17/08/11):
Service Security Audit documented here:
http://intrepiddeveloper.wordpress.com/2008/08/07/security-event-logging-auditing/
Was the key for us to resolve this issue. Uncovered the Object Reference Error which indicated out Business Objects and Data Access dlls were out of alignment. Using CLASSIC ASP to contact the WCF.NET API using TRANSPORT AUTHENTICATION there was abolutely no indication of this error until Service Security Audit was enavled on the behaviour.config file in the WCF deployment.
I'm running IIS5.0 and I am trying to change the ASP.NET process account to my domain user account.
I have followed everything possible here.
When I browse the .svc file (this is a wcf service) I am getting this error:
Server Application Unavailable The
web application you are attempting to
access on this web server is currently
unavailable. Please hit the "Refresh"
button in your web browser to retry
your request.
Administrator Note: An error message
detailing the cause of this specific
request failure can be found in the
application event log of the web
server. Please review this log entry
to discover what caused this error to
occur.
Eventlog says:
aspnet_wp.exe could not be started.
The error code for the failure is
80070522. This error can be caused when the worker process account has
insufficient rights to read the .NET
Framework files. Please ensure that
the .NET Framework is correctly
installed and that the ACLs on the
installation directory allow access to
the configured account.
When I run the client, I get the following error:
The content type text/html;
charset=utf-8 of the response message
does not match the content type of the
binding (application/soap+xml;
charset=utf-8). If using a custom
encoder, be sure that the
IsContentTypeSupported method is
implemented properly. The first 872
bytes of the response were: '
From ASP.NET 2.0 onwards, the correct method to ensure that a user account has the correct rights to run as the worker process identity is to run this command:
aspnet_regiis -ga [account]
You need to run the aspnet_regiis command that matches the ASP.NET version you plan on running:
ASP.NET 2.0 -
%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ga [account]
ASP.NET 4.0 -
%SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -ga [account]
If you put your Domain Account under IIS_WPG group, it should ideally work. If it doesn't work, there is a sure shot way of fixing it.
In IIS 6... step 1 is applicable... since you are on IIS 5, ignore step 1
Run it with Local System to begin with. If the applications runs, it means your IIS is configured well and you can proceed with the step 2.
Change the account to your domain account, and ensure that you have put the account in IIS_WPG as well. After that, run the tool called Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Browse the application now. If you still get the error, switch to the Process Monitor and stop capture [menu option].
Search for Access denied and fix it. Link
I have an ASP NET web server application that calls another process running on the same box that creates a pdf file and returns it. The second process requires a secure connection via SSL.
The second process has issued my ASP NET application with a digital certificate but I still cannot authenticate, getting a 403 error.
The code is a little hard to show but here's a simplified method ...
X509Certificate cert = X509Certificate.CreateFromCertFile("path\to\cert.cer");
string URL = "https://urltoservice?params=value";
HttpWebRequest req = HttpWebRequest.Create(URL) as HttpWebRequest;
req.ClientCertificates.Add(cert);
req.Credentials = CredentialCache.DefaultCredentials;
req.PreAuthenticate = true;
/// error happens here
WebResponse resp = req.GetResponse();
Stream input = resp.GetResponseStream();
The error text is "The remote server returned an error: (403) Forbidden."
Any pointers are welcome.
Finally fixed (wasted 6 hours on this *&%$##&)
I needed to grant access to the private keys on the digi cert to the account that the calling ASP.NET application runs under. This account is NETWORK SERVICE by default although you may want to run under a more restricted account.
Access is granted with the winhttpcertcfg tool, here's what got it working for me:
winhttpcertcfg -g -s "cert name" -c "LOCAL_MACHINE\MY" -a "NETWORK SERVICE"
where "cert name" is the CN of the digi cert.
More info at http://support.microsoft.com/kb/901183
Thanks to all who helped out with pointers on how to get this working :)
A 403 sounds like an authorization problem, not an authentication problem. It might be caused by the NTFS security settings on the files and folders accessed by your PDF service. Maybe it doesn't have permission to create the PDF file in the output folder?
Can you install the client certificate into your browser, and then access your PDF service through the browser? When you do that, do you still get a 403 or does it work?
Can you temporarily configure the PDF service to allow unencrypted HTTP connections? Does that make the problem go away?
From Windows Explorer, can you grant the "Network Service" account full control over the physical folder corresponding to the root of the PDF service site? Also grant it full control over any other directories it accesses. You should lock things down later after you've figured things out.
Or you can change the application pool to run under a different account - e.g. your own account.
Finally: if you're running IIS 7, you can turn on failed request tracing, which should give you a lot more info about why it failed.