locked
Data Center cannot provide application anymore RRS feed

  • Question

  • User260076833 posted

    Hello,

    my application is running in a data center (IT service provider) for years now.
    Since yesterday there are problems. And because I never knew exactly what's going on in the data center, I cannot tell what's the problem now.

    The application is a web application running on IIS on a server provided by the data center. It uses the "Windows" authentication mechanism for existing Windows users, i. e. they don't have to enter username and passwords. Instead of this, my application "knows" the current user (accout name), so he is authenticated automatically. The application uses the page.User.Identity property.

    Yesterday, the first problem was seen with this error message:

    Server Error
    500 - Internal server error.
    There is a problem with the resource you are looking for, and it cannot be displayed
    

    I opened a ticket at the data center. They told me about an error log entry in IIS, which looks like this:

    Note that I did not change anything on the file permissions of the web.config file. I also don't know of any changes to the web.config file contents.
    Here is the web.config:

    <?xml version="1.0" encoding="utf-8"?>
    <!--
      For more information on how to configure your ASP.NET application, please visit
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    <configuration>
      <system.web>
        <compilation debug="true" targetFramework="4.5.2" />
        <httpRuntime targetFramework="4.5.2" />
        <authentication mode="Windows" />
        <authorization>
          <deny users="?" />
        </authorization>
        <pages>
          <namespaces>
            <add namespace="System.Web.Optimization" />
          </namespaces>
          <controls>
            <add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
          </controls>
        </pages>
    
        <!-- mws -->
        <!-- remote error messages: mode="Off": normal. detailed error messages, RemoteOnly = special error pages -->
        <customErrors mode="Off" defaultRedirect="~/sys/Error/Default.aspx">
          <error statusCode="404" redirect="~/sys/Error/UnavailabilityError.aspx" />
          <error statusCode="500" redirect="~/sys/Error/InternalError.aspx" />
        </customErrors>
    
        <!-- avoid view state error, generate key here: http://www.eggheadcafe.com/articles/GenerateMachineKey/GenerateMachineKey.aspx -->
        <machineKey validationKey="675D9B1CBC79827EB53BAA01E759E8C60551AD318339E61384037736B9BB481B878B405C82CF07E977B4272772E5CF330A2CADBFD57DA5E22896D9B8FDA60CAA" decryptionKey="B5DC06C4C1C272A657A74DF2018BB808F419382EC690AF75" validation="SHA1" />
    
        <!-- /mws -->
    
      </system.web>
      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <dependentAssembly>
            <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
            <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
          </dependentAssembly>
          <dependentAssembly>
            <assemblyIdentity name="WebGrease" culture="neutral" publicKeyToken="31bf3856ad364e35" />
            <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
          </dependentAssembly>
        </assemblyBinding>
      </runtime>
      <system.codedom>
        <compilers>
          <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
          <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
        </compilers>
      </system.codedom>
    
      <!-- mws -->
      
      <connectionStrings>
        <add name="StMGP" connectionString="Server=RZS-SQL-B1D2008.rz-sued.bayern.de;Database=stmgp_home;User ID=stmgp;Password=#!AuTrqxYv%9z4!;Trusted_Connection=False;MultipleActiveResultSets=True;" providerName="System.Data.SqlClient" />
      </connectionStrings>
    
      <!-- turn off buggy browser link feature -->
      
      <appSettings>
        <add key="vs:EnableBrowserLink" value="false"></add>
      </appSettings>
    
      <!-- /mws -->
    
    </configuration>

    However, today the data center came with a "change", which should make the application run again.

    The change resulted in a situation, where the user is asked for username and password when accessing the application. This is contradictory to the auto login functionality mentioned above. In addition, when I enter my domain/name and password, I still cannot login. The password box opens again.

    Since I don't know how the IIS must be configured for my app: What could be wrong on the server side here?

    • How does this mechanism work that users are authenticated without having to enter username and password?
      What could be wrong at the server side?
    • What do you have to configure in IIS so that his works?
      What could be configured wrong so that it stopped working?

    Note that the application still works pefectly when started within Visual Studio in the development environment.

    Thanks
    Magnus

    Tuesday, November 21, 2017 4:27 PM

All replies

  • User753101303 posted

    Hi,

    My guess is that they have done permission changes on site files and/or directories. AFAIK "cannot read configuration file due to insufficient permissions" happens when the account under which the application runs is not allowed to read the web.config file.

    Similarly if your account is not allowed any more to read site files, the web server should show a login dialog so that you could enter an account which is allowed to do that.

    Ask them to double check file permissions.

    Tuesday, November 21, 2017 9:51 PM
  • User-335504541 posted

    Hi Yeoman,

    Yesterday, the first problem was seen with this error message:

    Server Error
    500 - Internal server error.
    There is a problem with the resource you are looking for, and it cannot be displayed

    This problem could be caused by the IIS_IUSRS group does not have the appropriate permissions for the ApplicationHost.config file, for the Web.config file, or for the virtual/application directories of IIS.

    You could be solved it by <g class="gr_ gr_384 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="384" data-gr-id="384">grant</g> the Read permission to the IIS_IUSRS group for the ApplicationHost.config file or for the Web.config file.

    To do this, follow these steps:

    1. In Windows Explorer, locate the folder that contains the ApplicationHost.config file that is associated with the <g id="343" data-gr-id="343" class="gr_ gr_343 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del">Web site</g>, or <g id="350" data-gr-id="350" class="gr_ gr_350 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar multiReplace">locate</g> the virtual directories or the application directories that contain the Web.config file that is associated with the Web site.
      Note The Web.config file may not be in the virtual directories or the application directories in IIS. Even in this situation, you need to follow these steps.
    2. Right-click the folder that contains the ApplicationHost.config file, or right-click the virtual or application directories that may contain the Web.config file.
    3. Click Properties.
    4. Click the Security tab, and then click Edit.
    5. Click Add.
    6. In the <g id="345" data-gr-id="345" class="gr_ gr_345 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation only-ins replaceWithoutSep">Enter</g> the object names to select box, type computername\IIS_IUSRS, click Check <g id="344" data-gr-id="344" class="gr_ gr_344 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation only-del replaceWithoutSep">Names</g><g id="344" data-gr-id="344" class="gr_ gr_344 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation only-del replaceWithoutSep">,</g> and then click OK.
      Note Computername is a placeholder for the computer name.
    7. Click to select the Read check box, and then click OK.
    8. In the Properties dialog box for the folder, click OK.
      Note Make sure the folder's properties are inherited by the ApplicationHost.config and Web.config files so that IIS_IUSRS has the Read permission for those files.

    Here is the reference:

    https://support.microsoft.com/en-us/help/942055/-http-error-500-19-error-when-you-open-an-iis-7-0-webpage

    However, today the data center came with a "change", which should make the application run again.

    Do you know what has changed on your server?

    • How does this mechanism work that users are authenticated without having to enter username and password?
      What could be <g class="gr_ gr_554 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" id="554" data-gr-id="554">wrong at</g> the server side?
    • What do you have to configure in IIS so that his works?
      What could be configured wrong so that it stopped working?

    You could refer to the links below for more information:

    https://msdn.microsoft.com/en-us/library/ff647076.aspx

    https://technet.microsoft.com/en-us/library/hh831472(v=ws.11).aspx

    And you could check the event log and see if IIS logged any more detailed diagnostic information there.

    Best Regards,

    Billy

    Wednesday, November 22, 2017 3:25 AM