locked
Unhandled exception RRS feed

  • Question

  • User-1588766547 posted

    Dear All

    I have a strange issue that i cannot rid of.

    In the given environment, there is:

    -1 IIS 7.5 on server 2008 R2

    -1 SQL 2008 server instance on server 2008 R2

    -domain is on 2008 R2 func level

    The web server host my very basic ASP webapp which uses a single database on the SQL server above.

    If a domain admin opens the webapp it behaves as it should, AND any user who has access can also open it. After 8-12 hours if domain admin does not open the website again no domain user can open the site throwing the exception below:

    Event code: 4011 
    Event message: An unhandled access exception has occurred. 
    Event time: 2/27/2013 12:08:19 PM 
    Event time (UTC): 2/27/2013 11:08:19 AM 
    Event ID: 70b7bc16fda44a90aa6e1b6c45b8a2fb 
    Event sequence: 22 
    Event occurrence: 7 
    Event detail code: 0 
     
    Application information: 
        Application domain: /LM/W3SVC/1/ROOT/------------------------------------------
        Trust level: Full 
        Application Virtual Path: /AppFolder/
        Application Path: D:\AppFolder\
        Machine name: IISSRV01
     
    Process information: 
        Process ID: 2172 
        Process name: w3wp.exe 
        Account name: IIS APPPOOL\Classic .NET AppPool 
     
    Request information: 
        Request URL: http://alias_to_iissrv01/AppFolder/default.aspx
        Request path: /AppFolder/default.aspx
        User host address: 192.168.1.100
        User: DOM01\test01
        Is authenticated: True 
        Authentication Type: Basic 
        Thread account name: IIS APPPOOL\Classic .NET AppPool 



    I have made some research as this is access rights issue. In my desperation i have given full rights to the user onto the folder of the web application, and db_owner rights on the db.

    As this is generated on the web server i suspect it does not even get to the SQL server and breaks down before. Also opening the db with dom.users from SSMS works all the time.

    So the strange thing that it works if a domain admin opens that webapp first. Then any other user who has access can open it.

    Any feedback would help, I appraciate it.

    Thank you

    A

    Thursday, February 28, 2013 2:50 PM

All replies

  • User-718146471 posted

    This right here makes me think the App Pool Identity is not configured with a domain account.

    Process information:
        Process ID: 2172
        Process name: w3wp.exe
        Account name: IIS APPPOOL\Classic .NET AppPool
    

    Remember though you want to use a domain account of least privilege. Only give what permissions it actually needs to make the application work.

    Thursday, February 28, 2013 2:55 PM
  • User-1588766547 posted

    Hello Daniel, thank You.

    I have checked and AppPool Identity is indeed ApplicationPoolIdentity, and not a domain user.

    I will try to change that and report back the results.

    Cheers

    A

    Friday, March 1, 2013 3:58 AM
  • User-1588766547 posted

    Hello David

    Sorry i had time to try it out now. I have changed the app pool to run under my domain admin account (dont worry this is just for trying). If i hit the webpage the app pool stops, and the event log indicates this, which neither of it applicable to me:

    EventID: 5021

    Source: WAS

    "The identity of application pool NewTestAppPool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request.  If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number."

    Any help and thought on this would be appreciated.

    Thank you

    A

    Monday, March 11, 2013 4:18 AM
  • User-718146471 posted

    Check this on the IIS Forums: http://forums.iis.net/t/1191974.aspx/1

    Monday, March 11, 2013 11:11 AM
  • User-1588766547 posted

    Hello

    Having the app pool running in DomainUser context did not help.

    Iam keep trying to fiddle with the webapp to understand what else it does besides SQL access.

    A

    Thursday, March 14, 2013 4:27 AM