472,127 Members | 1,620 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,127 software developers and data experts.

IIS lock-up when calling ASP scripts - security level problem?

This is my first post to this forum: I use ASP occasionally but don't know a lot of it, and the Windows IIS was invented by MS to torture me :) So I'm not sure if this should be herre or on the IIS area, but here goes:

For the local mirror on my development PC of a site I've been managing for some years, I use the built in IIS (XP pro sp2) to act as a server for local web pages, and some of them use a little bit of simple ASP scripting.

Sometimes, with so called "security" updates, Microsoft does something to the system which disallows this scripting.

I've fixed it once before but this time I don't seem to be able to (either because something different has happened or I've forgotten what I did last time)

HTML pages work fine served via localhost, and even ASP pages, provided they don't do anything too clever (ie <%'...%> comments work OK).

But somewhere in the past three days (during which an MS security update occurred), the scripts have stopped working again.

What happens is that when I click a link to a page that uses the scripts, the IIS stalls ("waiting for localhost..."). Sometimes it requires a PC reboot to get it moving again. When this happens, I can't stop/start the IIS service in the services control applet, until I reboot the PC.

Here's the script that causes the pain (hopefully doesn't disappear when read in this message):

Expand|Select|Wrap|Line Numbers
  1. <%
  2.     filespec = "ctimes/" + request("id") + ".htm"
  3.     filespec = server.mapPath(filespec)
  4.     content = server.createobject("scripting.fileSystemObject").openTextFile(filespec).readall
  5.     response.write(content)
  6. %>
and the link is something like:
Expand|Select|Wrap|Line Numbers
  1. <a href="ct.asp?id=ct01oct06">more</a>
which is supposed to include, within the calling page, a file called 'ct01oct06.htm' from subfolder 'ctimes'.

It's roughly the equivalent of a
Expand|Select|Wrap|Line Numbers
  1. <cfinclude template="#stuff#">

The scripts have been working since 1999 on this PC and several other PCs with IIS, and work fine on the remote host.

I think it must be a security setting thing but I can't work out what.

I'm also getting an EventID 10016 error on DCOM, ("The application-specific permission settings do not grant Local Activation permission for the COM Server application") relating to MDM.EXE, the machine debug manager, but that may or may not be related.

Can anyone help?

Sep 27 '06 #1
1 4555
Arrgghh!! McAfee virus scan was the problem. It had enabled (without permission) "Enable Script Stopper" after a reinstall.

Problem solved. And here I was blaming MS. For once they were innocent!

Sep 27 '06 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

4 posts views Thread by Rich Sienkiewicz | last post: by
4 posts views Thread by Christoph Zeltner | last post: by
7 posts views Thread by Sunny | last post: by
13 posts views Thread by Andrew Morton | last post: by
190 posts views Thread by blangela | last post: by
5 posts views Thread by jeff.ranney | last post: by
20 posts views Thread by Kurt | last post: by
6 posts views Thread by michael.spoden | last post: by
3 posts views Thread by Marco | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.