Unhandled exception

Question

User-1588766547 posted

Dear All

I have a strange issue that i cannot rid of.

In the given environment, there is:

-1 IIS 7.5 on server 2008 R2

-1 SQL 2008 server instance on server 2008 R2

-domain is on 2008 R2 func level

The web server host my very basic ASP webapp which uses a single database on the SQL server above.

If a domain admin opens the webapp it behaves as it should, AND any user who has access can also open it. After 8-12 hours if domain admin does not open the website again no domain user can open the site throwing the exception below:

Event code: 4011 
Event message: An unhandled access exception has occurred. 
Event time: 2/27/2013 12:08:19 PM 
Event time (UTC): 2/27/2013 11:08:19 AM 
Event ID: 70b7bc16fda44a90aa6e1b6c45b8a2fb 
Event sequence: 22 
Event occurrence: 7 
Event detail code: 0 
 
Application information: 
    Application domain: /LM/W3SVC/1/ROOT/------------------------------------------
    Trust level: Full 
    Application Virtual Path: /AppFolder/
    Application Path: D:\AppFolder\
    Machine name: IISSRV01
 
Process information: 
    Process ID: 2172 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\Classic .NET AppPool 
 
Request information: 
    Request URL: http://alias_to_iissrv01/AppFolder/default.aspx
    Request path: /AppFolder/default.aspx
    User host address: 192.168.1.100
    User: DOM01\test01
    Is authenticated: True 
    Authentication Type: Basic 
    Thread account name: IIS APPPOOL\Classic .NET AppPool 

I have made some research as this is access rights issue. In my desperation i have given full rights to the user onto the folder of the web application, and db_owner rights on the db.

As this is generated on the web server i suspect it does not even get to the SQL server and breaks down before. Also opening the db with dom.users from SSMS works all the time.

So the strange thing that it works if a domain admin opens that webapp first. Then any other user who has access can open it.

Any feedback would help, I appraciate it.

Thank you

A

Answer 1

User-718146471 posted

This right here makes me think the App Pool Identity is not configured with a domain account.

Process information:
    Process ID: 2172
    Process name: w3wp.exe
    Account name: IIS APPPOOL\Classic .NET AppPool

Remember though you want to use a domain account of least privilege. Only give what permissions it actually needs to make the application work.

Answer 2

User-1588766547 posted

Hello Daniel, thank You.

I have checked and AppPool Identity is indeed ApplicationPoolIdentity, and not a domain user.

I will try to change that and report back the results.

Cheers

A

Answer 3

User-1588766547 posted

Hello David

Sorry i had time to try it out now. I have changed the app pool to run under my domain admin account (dont worry this is just for trying). If i hit the webpage the app pool stops, and the event log indicates this, which neither of it applicable to me:

EventID: 5021

Source: WAS

"The identity of application pool NewTestAppPool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request.  If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number."

Any help and thought on this would be appreciated.

Thank you

A

Answer 4

User-718146471 posted

Check this on the IIS Forums: http://forums.iis.net/t/1191974.aspx/1

Answer 5

User-1588766547 posted

Hello

Having the app pool running in DomainUser context did not help.

Iam keep trying to fiddle with the webapp to understand what else it does besides SQL access.

A