I have a site that uses aspnet_setreg.exe to encrypt the username and password of the identity user into the registry. It has always worked fine but when I run it on a Windows 2008 i get this:
C:\aspnet_setreg>aspnet_setreg.exe -k:SOFTWARE\MYCODE\identity -u:"domain\user" -p:"password"
Please edit your configuration to contain the following:
userName="registry:HKLM\SOFTWARE\MYCODE\identity\ASPNET_SETREG,userName"
password="registry:HKLM\SOFTWARE\MYCODE\identity\ASPNET_SETREG,password"
The DACL on the registry key grants Full Control to System, Administrators, and Creator Owner.
If you have encrypted credentials for the configuration section, or a connection string for the configuration section, ensure that the process identity has Read access to the registry key. Furthermore, if you have configured IIS to access content on a
UNC share, the account used to access the share will need Read access to the registry key.
Regedt32.exe may be used to view/modify registry key permissions.
You may rename the registry subkey and registry value in order to prevent discovery.
Does anyone else use this and have you seen it work on 2008.
Thanks
Potential issue with aspnet_setreg.exe is that it's a 32 bit process, and will write to the Wow6432Node rather than the places indicated above. If you are running a 64 bit app pool, you will need to copy the reg key to the "real" x64 location.
1) The aspnet_setreg application was putting the registry entry into HKLM\Software\Wow6432Node\rest of path.
As mentioned above, this is the behavior for a 32bit app modifying a 64 bit registry entry.
2) To move the key to the right location, I exported the key to a .reg file and then edited the file and got rid of the Wow6432Node directory in the file.
3) Alternatively, you could just use the Wow6432Node path:
For example:
userName="registry:HKLM\Software\Wow6432Node\MYCODE\identity\ASPNET_SETREG,userName"
password="registry:HKLM\Software\Wow6432Node\MYCODE\identity\ASPNET_SETREG,password"
4) Also, note that you must have admin privileges to run this. On Windows 7, I ran it from command line with using the "run as administrator", and aspnet_setreg stored it in
HKEY_USERS[USER SID]\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node.
5) Finally, remember to set the permissions to the registry entry so that your application can read from the registry key.
References: http://support.microsoft.com/kb/329290
You are correct about x64 location. How do I get aspnet_setreg.exe to set the reg values at the x32 registry location?
I moved the keys from a 2003 server. But would still like to know if anyone else has experiance with using this on a 2008 machine.
Related
I have switched over to the 64bit Windows 7 and created a simple web app to test the connection to the database. I am using VS 2010 - plain asp.net web project and I am running the application from within VS.
I am getting this error:
"ORA-12154 could not resolve the connect identifier specified"
I also have a sample console application that tests the connection to the database, and it works fine.
After googling it some, I found that a lot of posts online refered to permissions so I set my C:/Oracle permissions to read/write/execute for my ASP.net account, NETWORK SERVICE, COMPUTER NAME. That still won't solve the issue. I checked that my web app runs under my domain\username account and that this account that the rights to read/write/execute to the C:\Oracle folder.
I even re-installed my VS to make sure that it is in C:\Program Files rather than C:\Program Files(x86)
Any ideas to why my web app doesn't see the connection string? (while the console app does)
Not sure what else I can do.
I am going to assume you are using the tnsnames.ora file to specify your available database services. If so connection errors usually come down to two things.
The application cannot find the TNS entry you specified in the connection string.
The TNS entry was found, but the IP or host is not correct in the tnsnames.ora file.
To expand on number 1 (which I think is your problem). When you tell Oracle to connect using something like:
sqlplus user/pass#service
The service is defined in the tnsnames.ora file. If I attempt to connect with a service that is not defined in my tnsnames.ora, I get the error you get:
[sodonnel#home ~]$ sqlplus sodonnel/sodonnel#nowhere
SQL*Plus: Release 11.2.0.1.0 Production on Mon Oct 31 21:42:15 2011
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specified
So you need to check a few things:
Is there a tnsnames.ora file - I think yes because your console can connect
Is there an entry in the file for the service - I think also yes as the console connects
Can the application find the tnsnames.ora?
Your problem may well be number 3 - does the application run as a different user than when you run the console?
Oracle looks for the tnsnames.ora file in the directory defined in the TNS_ADMIN environment variable - If you are running as different users, then maybe the TNS_ADMIN environment variable is not set, and therefore it cannot find the file?
Had a similar issue, only my web app was fine and it was SQLPlus that was giving me issues connecting, and the ORA-12154 could not resolve the connect identifier specified error. I had 11g and 12 Oracle clients installed. My environment variables were all set to point at my 12 instance:
ORACLE_HOME = C:\oracle\product\12
PATH = C:\oracle\product\12\bin;....
TNS_ADMIN = C:\oracle\product\12\network\admin
There is also a registry entry required at HKLM\Software\Oracle\KEY_OraClient12Home1, a string entry of TNS_ADMIN with the same path as the environment variable.
I have a tnsnames.ora at both C:\oracle\product\11\network\admin and C:\oracle\product\12\network\admin. As far as I know, both my web app and the 12 SQLPlus client I was using should have been using all 12 version variables.
My troubleshooting steps:
Change all environmental variables above from 12 to 11.
Connect with 11g's SQLPlus (worked!)
Change all environmental variables above back from 11 to 12.
Connect with 12's SQLPlus again (worked!)
So I don't really know what caused 12's SQLPlus to stop connecting, but this kind of reset may work for someone, so thought I'd document it here.
I have an Entity Framework web application that works on my local machine, but this error appears when pushed to another environment. There are other non-Entity Framework applications that work, and I'm able to connect with sqlplus.
Using sysinternals Process Monitor shows that tns names file is not being loaded correctly:
Following the documentation I tried to add a section giving the location of the tnsnames file like so:
<configuration>
<configSections>
<section name="oracle.manageddataaccess.client"
type="OracleInternal.Common.ODPMSectionHandler, Oracle.ManagedDataAccess, Version=4.122.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342"/>
</configSections>
<oracle.manageddataaccess.client>
<version number="*">
<settings>
<setting name="TNS_ADMIN" value="C:\Oracle\product\12.1.0\client_1\Network\Admin"/>
</settings>
</version>
</oracle.manageddataaccess.client>
<configuration>
However, this resulted in an immediate 500 server error.
Further investigation showed that the dll I was packaging with the web application was version 4.122.1.0, while the Oracle client environment installed on the machine was 4.121.2.0. As explained in the Oracle EntityFramework package documentation
Note: If your application is a web application and the above entry was added to a web.config and the same config section handler for "oracle.manageddataaccess.client" also exists in machine.config but the "Version" attribute values are different, an error message of "There is a duplicate 'oracle.manageddataaccess.client' section defined." may be observed at runtime. If so, the config section handler entry in the machine.config for "oracle.manageddataaccess.client" has to be removed from the machine.config for the web application to not encounter this error. But given that there may be other applications on the machine that depended on this entry in the machine.config, this config section handler entry may need to be moved to all of the application's .NET config file on that machine that depend on it.
I attempted to add a separate version section in the .NET machine.config without success (there existed a section for version 4.121.2.0 and I added a section for version 4.122.1.0). After I removed the "oracle.manageddataaccess.client" section from the machine.config, the above addition to the web.config resolved ORA-12154.
Solution #1 summary:
Remove "oracle.manageddataaccess.client" from .NET machine.config
Give TNS_ADMIN configuration setting in web.config as above
Solution 2
While researching this problem I found that the TNS_ADMIN environmental variable was not set. I created a new environmental variable called TNS_ADMIN and set the value to "C:\Oracle\product\12.1.0\client_1\Network\Admin". I removed the web.config changes, and removed the "oracle.manageddataaccess.client" section from .NET machine.config, but still received ORA-12154. Only after I restarted the machine did this resolve the issue.
Solution #2 summary:
Create a new environmental variable called TNS_ADMIN and set the value to "C:\Oracle\product\12.1.0\client_1\Network\Admin"
Restart machine
Solution 3
I added an entry for the correct version in the registry and this resolved the issue:
HKLM\Software\Wow6432Node\Oracle\ODP.NET.Managed\4.121.2.0
The name of the key is TNS_ADMIN and this points to the folder containing the tnsnames file:
C:\Oracle\product\12.1.0\client_1\network
Not the C:\Oracle\product\12.1.0\client_1\network\admin folder.
There can be so many issues but if you are using oracle 10g , uninstall oracle 10g and also remove the value from registry and install oracle 11g. But if you are using oracle 11g , first go and check on registry if it is pointing to right home. Sometimes there can be more than one home because you install sql developer again and again . In that case either you can remove unnecessary home registry value or you can add tns and sql.net file to all of those home, that might resolve the issue. I resolved mine in that way.
I had the same issue. In my case I was using a web service which was build using AnyCPU settings. Since the WCF was using 32 bit Oracle data access components therefore it was raising the same error when I tried to call it from a console client. So when I compiled the WCF service using the x86 based setting the client was able to successfully get data from the web service.
If you compile as "Any CPU" and run on an x64 platform, then you won't be able to load 32-bit dlls (which in our case were the Oracle Data Access components), because our app wasn't started in WOW64 (Windows32 on Windows 64). So in order to allow the 32 bit dependency of Oracle Data Access components I compilee the web service with Platform target of x86 and that solved it for me
As an alternative if you have 64bit ODAC drivers installed on the machine that also caused the problem to go away.
If you are using LDAP, make sure that the environment variable "TNS_ADMIN" exists and points to the folder containing the file "ldap.ora".
If this variable does not exist, create it and restart Visual Studio.
Another obnoxious error type I've encountered in Oracle 11: entries in tnsnames.ora that don't begin at the first column of the line (' XXX=(...)' instead of 'XXX=(...)') and are parsed together with the preceding entry, making it malformed.
Like replaced orr misplaced tnsnames.ora files, this type of problem is easy to diagnose with the tnsping command-line utility: you pass it the name of a tnsnames.ora entry and it gives the complete text of its definition.
Please let me repeat what Stephen said since I missed it the first time myself. The TNS_ADMIN environment variable and ORACLE_HOME is set to C:\instantclient_11_2 and th tnsnames.ora file is in there. Found the answer on this link.
This error (and also ORA-6413: Connection not open) can also be caused by parentheses in the application executable path and a bug in the 10.2.0.1 or lower oracle client libraries.
You should either upgrade your oracle client library or change the executable path.
Further details see:
http://blogs.msdn.com/b/debarchan/archive/2009/02/04/good-old-connectivity-issue.aspx
http://social.technet.microsoft.com/Forums/de-DE/ab662d63-6385-4f73-b27f-d526048f601f/connecting-to-oracle-on-64bit-x64-machine
use process monitor and search for name not found log for tnsnames.ora file.
check your environment variables. if not valid than uninstall all oracle client and reinstall.
I had this error in Visual Studio 2013, with an SSIS project. I set Project, Properties, Debugging, Run64BitRuntime = false and then the SSIS package ran. However, when I deployed the package to the server I had to set the value to true (Server is 64 bit Windows 2012 / Sql 2014 ).
I think the reasoning behind this is that Visual Studio is a 32 bit application.
This is an old question but Oracle's latest installers are no improvement, so I recently found myself back in this swamp, thrashing around for several days ...
My scenario was SQL Server 2016 RTM. 32-bit Oracle 12c Open Client + ODAC was eventually working fine for Visual Studio Report Designer and Integration Services designer, and also SSIS packages run through SQL Server Agent (with 32-bit option). 64-bit was working fine for Report Portal when defining and Testing an Data Source, but running the reports always gave the dreaded "ORA-12154" error.
My final solution was to switch to an EZCONNECT connection string - this avoids the TNSNAMES mess altogether. Here's a link to a detailed description, but it's basically just: host:port/sid
http://www.oracledistilled.com/oracle-database/oracle-net/using-easy-connect-ezconnect-naming-method-to-connect-to-oracle-databases/
In case it helps anyone in the future (or I get stuck on this again), here are my Oracle install steps (the full horror):
Install Oracle drivers: Oracle Client 12c (32-bit) plus ODAC.
a. Download and unzip the following files from http://www.oracle.com/technetwork/database/enterprise-edition/downloads/database12c-win64-download-2297732.html and http://www.oracle.com/technetwork/database/windows/downloads/utilsoft-087491.html ):
i. winnt_12102_client32.zip
ii. ODAC112040Xcopy_32bit.zip
b. Run winnt_12102_client32\client32\setup.exe. For the Installation Type, choose Admin. For the installation location enter C:\Oracle\Oracle12. Accept other defaults.
c. Start a Command Prompt “As Administrator” and change directory (cd) to your ODAC112040Xcopy_32bit folder.
d. Enter the command: install.bat all C:\Oracle\Oracle12 odac
e. Copy the tnsnames.ora file from another machine to these folders: *
i. C:\Oracle\Oracle12\network\admin *
ii. C:\Oracle\Oracle12\product\12.1.0\client_1\network\admin *
Install Oracle Client 12c (x64) plus ODAC
a. Download and unzip the following files from http://www.oracle.com/technetwork/database/enterprise-edition/downloads/database12c-win64-download-2297732.html and http://www.oracle.com/technetwork/database/windows/downloads/index-090165.html ):
i. winx64_12102_client.zip
ii. ODAC121024Xcopy_x64.zip
b. Run winx64_12102_client\client\setup.exe. For the Installation Type, choose Admin. For the installation location enter C:\Oracle\Oracle12_x64. Accept other defaults.
c. Start a Command Prompt “As Administrator” and change directory (cd) to the C:\Software\Oracle Client\ODAC121024Xcopy_x64 folder.
d. Enter the command: install.bat all C:\Oracle\Oracle12_x64 odac
e. Copy the tnsnames.ora file from another machine to these folders: *
i. C:\Oracle\Oracle12_x64\network\admin *
ii. C:\Oracle\Oracle12_x64\product\12.1.0\client_1\network\admin *
* If you are going with the EZCONNECT method, then these steps are not required.
The ODAC installs are tricky and obscure - thanks to Dan English who gave me the method (detailed above) for that.
Use this link.on Microsoft Support
I gave permission to IUSR_MachineName user on oracle home folder and I was able to resolve the problem
If your password contains # then you have to change it, most of Oracle products don't accept the # character in password
In my case, the reason for this error was that I was missing the tnsnames.ora file under client_32\NETWORK\ADMIN
Go to Control panel -> search for 'Environment Variables' and click on 'edit the system Environment Variables for your account'
make sure it is not 'edit Environment Variables for your account'
Click on 'Environment Variables' button then on 'System Variables' list click on 'New'
Fill the boxes as following:
Name: TNS_ADMIN
Value: [path of tns file on your PC], ex: D:\app[userName]\product\11.2.0\client_1\Network\Admin
Restart You PC [Important to apply changes]
In my case, I changed the connection string from user/pass#19.168.x.x:portNum/SID to user/pass#alias where alias is the alias provided in the tnsnames.ora file and it worked.
If i use Response.Cookies["test"].Value ="Hi"; where are cookie stored in system?
Can i check Cookies["test"] value in my pc because cookies are stored in text format.
I am using VS 2008. Operating system is Windows 7.
I have tried to find in Google but not getting the exact answer. Please help to sort out this problem.
IE and Windows keeps cookies here:
%AppData%\Microsoft\Windows\Cookies
Points to the same directory as #Sohnee's does under Windows Visa and newer, but his doesn't under Windows XP and earlier, my - does.
also Temporary Internet Files can contain some cookies.
Meanwhile Firefox keeps cookies into SQLite database under profile root:
%AppData%\Mozilla\Firefox\Profiles\%FirefoxProfile%\cookies.sqlite
To read the data you need to connect to that database using any SQLite client and execute next query:
select value
from moz_cookies
where name = 'test'
I did it just now using trial SQLite Maestro. And don't forget to close all running Firefoxes before connection attempt.
Cookies are stored in the cookies folder on Windows 7. To open the cookies folder, open run in Windows and type shell:cookies. Also, as suggested above, they might be in Temporary internet files. However, I see that your cookies are not persistent. This means you are not setting any expiration on them. Therefore, they won't be stored on your machine and they will only be part of the browser's memory.
C:\Users\<user_name>\AppData\Local\Google\Chrome\User Data\Default
Also note, "Local" is a hidden folder.
For Windows :
C:\Users\Your User Name\AppData\Local\Google\Chrome\User
Data\Default.
For Mac:
~Library/Application\ Support/Google/Chrome/Default/Cookies
You can use SQLite Browser for access it .
Your cookies are stored in your user folder:
%userprofile%\AppData\Roaming\Microsoft\Windows\Cookies
You will need to "show" hidden / system files to see them.
On Windows 10, I press Win+R and type shell:Cookies to open the cookies folder.
it's a hidden folder, the path is
C:\Users\admin\AppData\Local\Microsoft\Windows\INetCookies
I’m working on trying to port an ASP.NET app from Server 2003 (and IIS6) to Server 2008 (IIS7).
When I try and visit the page on the browser I get this:
Server Error in ‘/’ Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and the location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]
System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +562
System.Diagnostics.EventLog.SourceExists(String source, String machineName) +251
[snip]
These are the things I’ve done to try and solve it:
Give “Everyone” full access permission to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security. This worked. But naturally I can’t do this in production. So I deleted the “Everyone” permission after running the app for a few minutes and the error re-appeared.
I created the source in the Application log and the Security log (and I verified it exists via regedit) during installation with elevated permissions but the error remained.
I gave the app a full trust level in the web.config file (and using appcmd.exe) but to no avail.
Does anyone have an insight as to what could be done here?
PS: This is a follow up to this question. I followed the given answers but to no avail (see #2 above).
To give Network Service read permission on the EventLog/Security key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx
Open the Registry Editor:
Select Start then Run. Enter regedt32 or regedit
Navigate/expand to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
3. Right click on this entry and select Permissions
Add the Network Service user
Give it Read permission
UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.
I am using PowerShell function (calling in Octopus Deploy.ps1)
function Create-EventSources() {
$eventSources = #("MySource1","MySource2" )
foreach ($source in $eventSources) {
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
[System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
}
}
}
See also Microsoft KB 2028427 Fail to write to the Windows event log from an ASP.NET or ASP application
The problem is that the EventLog.SourceExists tries to access the EventLog\Security key, access which is only permitted for an administrator.
A common example for a C# Program logging into EventLog is:
string sSource;
string sLog;
string sEvent;
sSource = "dotNET Sample App";
sLog = "Application";
sEvent = "Sample Event";
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);
EventLog.WriteEntry(sSource, sEvent);
EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);
However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLog\Application as EventLog.SourceExists will then try to access EventLog\Security.
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);
Therefore the recommended way is to create an install script, which creates the corresponding key, namely:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App
One can then remove those two lines.
You can also create a .reg file to create the registry key. Simply save the following text into a file create.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App]
The solution was to give the "Network Service" account read permission on the EventLog/Security key.
For me ony granting 'Read' permissions for 'NetworkService' to the whole 'EventLog' branch worked.
I had a very similar problem with a console program I develop under VS2010 (upgraded from VS2008 under XP)
My prog uses EnLib to do some logging.
The error was fired because EntLib had not the permission to register a new event source.
So I started once my compiled prog as an Administrator : it registered the event source.
Then I went back developping and debugging from inside VS without problem.
(you may also refer to http://www.blackwasp.co.uk/EventLog_3.aspx, it helped me
This exception was occurring for me from a .NET console app running as a scheduled task, and I was trying to do basically the same thing - create a new Event Source and write to the event log.
In the end, setting full permissions for the user under which the task was running on the following keys did the trick for me:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
I try almost everything in here to solve this problem... I share here the answer that help me:
Another way to resolve the issue :
in IIS console, go to application pool managing your site, and note the identity running it (usually Network Service)
make sure this identity can read KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog (rigth-click, authorisations)
now change the identity of this application pool to Local System, apply, and switch back to Network Service
Credentials will be reloaded and EventLog reacheable
in http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx , thanks Michael Freidgeim
A new key with source name used need to be created under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application in the regEdit when you use System.Diagnostics.EventLog.WriteEntry("SourceName", "ErrorMessage", EventLogEntryType.Error);
So basically your user does not have permission to create the key. The can do the following depending of the user that you are using from the Identity value in the Application Pool Advanced settings:
Run RegEdit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
Right click in EventLog key and the select Permissions... option
3.Add your user with full Control access.
-If you are using "NetworkService" add NETWORK SERVICE user
-If you are usinf "ApplicationPoolIdentity" add IIS APPPOL{name of your app pool} (use local machine location when search the user).
-If you are using "LocalSystem" make sure that the user has Administrator permissions. It is not recommend for vulnerabilities.
Repeat the steps from 1 to 3 for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security
For debugging with Visual Studio I use "NetworkService" (it is ASP.NET user) and when the site is published I used "AppicationPoolIdentity".
I ran into the same issue, but I had to go up one level and give full access to everyone to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ key, instead of going down to security, that cleared up the issue for me.
Same issue on Windows 7 64bits.
Run as administrator solved the problem.
There does appear to be a glaringly obvious solution to this that I've yet to see a huge downside, at least where it's not practical to obtain administrative rights in order to create your own event source: Use one that's already there.
The two which I've started to make use of are ".Net Runtime" and "Application Error", both of which seem like they will be present on most machines.
Main disadvantages are inability to group by that event, and that you probably don't have an associated Event ID, which means the log entry may very well be prefixed with something to the effect of "The description for Event ID 0 from source .Net Runtime cannot be found...." if you omit it, but the log goes in, and the output looks broadly sensible.
The resultant code ends up looking like:
EventLog.WriteEntry(
".Net Runtime",
"Some message text here, maybe an exception you want to log",
EventLogEntryType.Error
);
Of course, since there's always a chance you're on a machine that doesn't have those event sources for whatever reason, you probably want to try {} catch{} wrap it in case it fails and makes things worse, but events are now saveable.
FYI...my problem was that accidently selected "Local Service" as the Account on properties of the ProcessInstaller instead of "Local System". Just mentioning for anyone else who followed the MSDN tutorial as the Local Service selection shows first and I wasn't paying close attention....
I'm not working on IIS, but I do have an application that throws the same error on a 2K8 box. It works just fine on a 2K3 box, go figure.
My resolution was to "Run as administrator" to give the application elevated rights and everything works happily. I hope this helps lead you in the right direction.
Windows 2008 is rights/permissions/elevation is really different from Windows 2003, gar.
Hi I ran into the same problem when I was developing an application and wanted to install it on a remote PC, I fixed it by doing the following:
1) Goto your registry, locate: HKLM\System\CurrentControlSet\Services\EventLog\Application(???YOUR_SERVICE_OR_APP_NAME???)
Note that "(???YOUR_SERVICE_OR_APP_NAME???)" is your application service name as you defined it when you created your .NET deployment, for example, if you named your new application "My new App" then the key would be: HKLM\System\CurrentControlSet\Services\EventLog\Application\My New app
Note2: Depending on which eventLog you are writing into, you may find on your DEV box, \Application\ (as noted above), or also (\System) or (\Security) depending on what event your application is writing into, mostly, (\Application) should be fine all the times.
2) Being on the key above, From the menu; Select "FILE" -> "Export", and then save the file. (Note: This would create your necessary registry settings when the application would need to access this key to write into the Event Viewer), the new file will be a .REG file, for the argument sake, call it "My New App.REG"
3) When deploying on PRODuction, consult the Server's System's administrator (SA), hand over the "My New App.REG" file along with the application, and ask the SA to install this REG file, once done (as admin) this would create the key for your applicaion.
4) Run your application, it should not need to access anything else other than this key.
Problem should be resolved by now.
Cause:
When developing an application that writes anything into the EventLog, it would require a KEY for it under the Eventlog registry if this key isn't found, it would try to create it, which then fails for having no permissions to do so. The above process, is similar to deploying an application (manually) whereas we are creating this ourselves, and no need to have a headache since you are not tweaking the registry by adding permissions to EVERYONE which is a securty risk on production servers.
I hope this helps resolving it.
Though the installer answer is a good answer, it is not always practical when dealing with software you did not write. A simple answer is to create the log and the event source using the PowerShell command New-EventLog (http://technet.microsoft.com/en-us/library/hh849768.aspx)
Run PowerShell as an Administrator and run the following command changing out the log name and source that you need.
New-EventLog -LogName Application -Source TFSAggregator
I used it to solve the Event Log Exception when Aggregator runs issue from codeplex.
Had a similar issue with all of our 2008 servers. The security log stopped working altogether because of a GPO that took the group Authenticated Users and read permission away from the key HKLM\System\CurrentControlSet\Services\EventLog\security
Putting this back per Microsoft's recommendation corrected the issue. I suspect giving all authenticated users read at a higher level will also correct your problem.
I hit similar issue - in my case Source contained <, > characters. 64 bit machines are using new even log - xml base I would say and these characters (set from string) create invalid xml which causes exception. Arguably this should be consider Microsoft issue - not handling the Source (name/string) correctly.
My app gets installed on client web servers. Rather than fiddling with Network Service permissions and the registry, I opted to check SourceExists and run CreateEventSource in my installer.
I also added a try/catch around log.source = "xx" in the app to set it to a known source if my event source wasn't created (This would only come up if I hot swapped a .dll instead of re-installing).
Solution is very simple - Run Visual Studio Application in Admin mode !
I had a console application where I also had done a "Publish" to create an Install disk.
I was getting the same error at the OP:
The solution was right click setup.exe and click Run as Administrator
This enabled the install process the necessary privilege's.
I had this issue when running an app within VS. All I had to do was run the program as Administrator once, then I could run from within VS.
To run as Administrator, just navigate to your debug folder in windows explorer. Right-click on the program and choose Run as administrator.
try below in web.config
<system.web>
<trust level="Full"/>
</system.web>
Rebuilding the solution worked for me
I'm trying to read values from the registry but somehow I seem to be getting the wrong registry. I can't read from any keys that I create and changing the values of keys that I am able to get seems to have no effect.
I'm using Registry.GetValue to get the values and it is returning either null for my keys or the original value for the keys that I changed.
I'm reading the values in an aspx page. The OS is Windows Server 2003 SP2 64bit. IIS is running in 32bit. I'm not sure what other information might be relevant here.
Any information on how this can happen and what I can do about it is appreciated.
If IIS is running in 32-bit mode on a 64-bit server, it will be accessing the WOW64 registry. Try setting values under HKLM\Software\Wow6432Node instead, which will map to a 32-bit process's view of HKLM\Software
Make sure you're not writing to HKEY_CURRENT_USER. Those are for settings localized to the logged in user. Your ASP.NET app isn't going to be able to access your registry settings.
I'm not sure exactly, but I'd suggest trying to place your keys in HKEY_LOCAL_MACHINE/Software. That's where the system wide (like your asp.net app) settings go.
ASP.Net 3.5 running under IIS 7 doesn't seem to allow this out of the box.
if (!EventLog.SourceExists("MyAppLog"))
EventLog.CreateEventSource("MyAppLog", "Application");
EventLog myLog = new EventLog();
myLog.Source = "MyAppLog";
myLog.WriteEntry("Message");
I've copied this answer from here (the question was Log4Net but the answer still applies). The technet link misses a vital step.
Create a registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MY-AWESOME-APP
Create a string value inside this
Name it EventMessageFile, set its value to
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
That path appears to work in both 64 bit and 32 bit environments.
With this technique you don't need to set permissions in the registry, and once the key above is created it should just work.
Alternatively
If you don't have a large server farm but just a small "web garden" you could run a console application on each server that creates the event log source using EventLog.CreateEventSource, make sure the console application is run by an administrator.
This is part of windows security since windows 2003.
You need to create an entry in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application Make sure that network service or the account you impersonate has permission to this registry key.
#CheGueVerra's link: Requested Registry Access Is Not Allowed
Right click the application and choose "Run as Administrator"