By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,668 Members | 1,552 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,668 IT Pros & Developers. It's quick & easy.

Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE

P: n/a
MS has posted this here:

http://www.asp.net/faq/ms03-32-issue.aspx
Fix for: 'Server Application Unavailable' Error after Applying Security Update
for IE
-------------------------------------------------------------------------------
-

We have identified an issue with the recent MS03-32 Security Update for
Internet Explorer security patch and ASP.NET V1.0 running on Windows XP. This
patch can be installed manually or by obtaining recent critical updates from
the Windows Update site.

The symptom of this issue is that after installing the patch on a Windows XP
machine, all requests to ASP.NET applications running on the local IIS 5.1 web
server result in an error message saying "Server Application Unavailable".
Requests to remote web servers are unaffected.

This issue only impacts installations running ASP.NET V1.0 on Windows XP. It
does not impact machines running Windows 2000 or Windows Server 2003. It also
does not impact machines running Windows XP with ASP.NET v1.1 installed.

Please note that this issue is not a security bug with ASP.NET. It does not
open up or allow any malicious attacks against an ASP.NET application or
server. Instead, it is purely a functional bug caused by the patch itself.

We are working hard on a permanent solution for this issue. In the meantime,
you can execute the following batch file as a workaround for the issue. The
batch file does the following:
Stops the IIS and ASP.NET state services
Deletes and recreates the ASPNET account with a known temporary password
Uses the Windows runas command to launch an executable that creates an ASPNET
user profile
Re-registers ASP.NET. This creates a new random password for the account and
applies default ASP.NET access control settings for it
Restarts the IIS service


The batch file contains a hardcoded temporary password of "1pass@word" which
you will be prompted to enter for the runas command when the batch file is run.
After the runas command completes, the ASPNET account password is recreated
with a strong random value. Note that the batch file may fail if the hardcoded
password does not meet the password complexity requirements in your
environment. If that's the case, you can change it to another value that is
appropriate for your environment.

Important note: If you have added custom access control settings or database
account permissions for the ASPNET account, they will need to be recreated
after this batch file completes. This is because when the account is
recreated, it will get a new security identifier (SID).

Important note: If you are running the ASP.NET worker process with a custom
account other than the ASPNET account, then you should not run this batch file.
Instead, you should log in interactively or use the runas command with that
account which will create a user profile for that account.

The batch file is included in the self-extracting archive below. To use it:

You must be running as an account with Administrator privileges
Download and open the self-extracting executable file
Extract the contents to c:\
Select Run... from the start menu, and enter cmd.exe
In the open command windows, type c:\fixup.cmd.
When prompted, enter 1pass@word as the password.
If you have previously custom access control settings or database account
permissions for the ASPNET account, you'll need to re-apply these settings now.
Ask questions and get answers in the Issues with 'Server Application
Unavailable' error on Windows XP forum.
Many apologies for the inconvenience that this has caused. We'll post
additional information as it becomes available.

The matrix below details platforms and versions impacted by this issue.

..NET Framework Version # Platform Affected
Version 1.0 Windows 2000 Professional No
Version 1.0 Windows 2000 Server No
Version 1.0 Windows XP Professional Yes
Version 1.0 Windows Server 2003 No
Version 1.0 Windows XP Home with Cassini No
Version 1.1 Windows 2000 Professional No
Version 1.1 Windows 2000 Server No
Version 1.1 Windows XP Professional No
Version 1.1 Windows Server 2003 No
Version 1.1 Windows XP Home with Cassini No
Thanks,
The ASP.NET Team

Nov 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
My pleasure!

--
Microsoft MVPs have a question for *you*: Are you patched against the Worm?
http://www.microsoft.com/security/se...s/ms03-026.asp

"Jacob Yang [MSFT]" <ji***@online.microsoft.com> wrote in message
news:QF**************@cpmsftngxa06.phx.gbl...
Hi Ken,

Thank you very much for your help in this newsgroup.

Best regards,

Jacob Yang
Microsoft Online Partner Support
<MCSD>
Get Secure! C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Nov 17 '05 #2

P: n/a
I've run the batch file, and now the login is failing for aspnet. Tried
reinstalling it, but that doesn't work.

Jon Cosby

"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:#z**************@TK2MSFTNGP10.phx.gbl...
MS has posted this here:

http://www.asp.net/faq/ms03-32-issue.aspx
Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE
-------------------------------------------------------------------------- ----- -

We have identified an issue with the recent MS03-32 Security Update for
Internet Explorer security patch and ASP.NET V1.0 running on Windows XP. This patch can be installed manually or by obtaining recent critical updates from the Windows Update site.

The symptom of this issue is that after installing the patch on a Windows XP machine, all requests to ASP.NET applications running on the local IIS 5.1 web server result in an error message saying "Server Application Unavailable".
Requests to remote web servers are unaffected.

This issue only impacts installations running ASP.NET V1.0 on Windows XP. It does not impact machines running Windows 2000 or Windows Server 2003. It also does not impact machines running Windows XP with ASP.NET v1.1 installed.

Please note that this issue is not a security bug with ASP.NET. It does not open up or allow any malicious attacks against an ASP.NET application or
server. Instead, it is purely a functional bug caused by the patch itself.

We are working hard on a permanent solution for this issue. In the meantime, you can execute the following batch file as a workaround for the issue. The batch file does the following:
Stops the IIS and ASP.NET state services
Deletes and recreates the ASPNET account with a known temporary password
Uses the Windows runas command to launch an executable that creates an ASPNET user profile
Re-registers ASP.NET. This creates a new random password for the account and applies default ASP.NET access control settings for it
Restarts the IIS service


The batch file contains a hardcoded temporary password of "1pass@word" which you will be prompted to enter for the runas command when the batch file is run. After the runas command completes, the ASPNET account password is recreated with a strong random value. Note that the batch file may fail if the hardcoded password does not meet the password complexity requirements in your
environment. If that's the case, you can change it to another value that is appropriate for your environment.

Important note: If you have added custom access control settings or database account permissions for the ASPNET account, they will need to be recreated
after this batch file completes. This is because when the account is
recreated, it will get a new security identifier (SID).

Important note: If you are running the ASP.NET worker process with a custom account other than the ASPNET account, then you should not run this batch file. Instead, you should log in interactively or use the runas command with that account which will create a user profile for that account.

The batch file is included in the self-extracting archive below. To use it:
You must be running as an account with Administrator privileges
Download and open the self-extracting executable file
Extract the contents to c:\
Select Run... from the start menu, and enter cmd.exe
In the open command windows, type c:\fixup.cmd.
When prompted, enter 1pass@word as the password.
If you have previously custom access control settings or database account
permissions for the ASPNET account, you'll need to re-apply these settings now. Ask questions and get answers in the Issues with 'Server Application
Unavailable' error on Windows XP forum.
Many apologies for the inconvenience that this has caused. We'll post
additional information as it becomes available.

The matrix below details platforms and versions impacted by this issue.

.NET Framework Version # Platform Affected
Version 1.0 Windows 2000 Professional No
Version 1.0 Windows 2000 Server No
Version 1.0 Windows XP Professional Yes
Version 1.0 Windows Server 2003 No
Version 1.0 Windows XP Home with Cassini No
Version 1.1 Windows 2000 Professional No
Version 1.1 Windows 2000 Server No
Version 1.1 Windows XP Professional No
Version 1.1 Windows Server 2003 No
Version 1.1 Windows XP Home with Cassini No
Thanks,
The ASP.NET Team


Nov 17 '05 #3

P: n/a
Hi Jon,

Your best place for support on this issue is in the special group at
www.asp.net where the ASP.NET team is handling the problems:

http://www.asp.net/Forums/ShowForum....=1&ForumID=128

Ken
--
Microsoft MVPs have a question for *you*: Are you patched against the Worm?
http://www.microsoft.com/security/se...s/ms03-026.asp

"Jon Cosby" <jc****@mindspring.com> wrote in message
news:wM***************@newsread4.news.pas.earthlin k.net...
I've run the batch file, and now the login is failing for aspnet. Tried
reinstalling it, but that doesn't work.

Jon Cosby

"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:#z**************@TK2MSFTNGP10.phx.gbl...
MS has posted this here:

http://www.asp.net/faq/ms03-32-issue.aspx
Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE
-------------------------------------------------------------------------- ----- -

We have identified an issue with the recent MS03-32 Security Update for
Internet Explorer security patch and ASP.NET V1.0 running on Windows XP. This patch can be installed manually or by obtaining recent critical updates from the Windows Update site.

The symptom of this issue is that after installing the patch on a Windows XP machine, all requests to ASP.NET applications running on the local IIS 5.1 web server result in an error message saying "Server Application Unavailable".
Requests to remote web servers are unaffected.

This issue only impacts installations running ASP.NET V1.0 on Windows XP. It does not impact machines running Windows 2000 or Windows Server 2003. It also does not impact machines running Windows XP with ASP.NET v1.1 installed.

Please note that this issue is not a security bug with ASP.NET. It does not open up or allow any malicious attacks against an ASP.NET application or
server. Instead, it is purely a functional bug caused by the patch itself.

We are working hard on a permanent solution for this issue. In the meantime, you can execute the following batch file as a workaround for the issue. The batch file does the following:
Stops the IIS and ASP.NET state services
Deletes and recreates the ASPNET account with a known temporary password
Uses the Windows runas command to launch an executable that creates an ASPNET user profile
Re-registers ASP.NET. This creates a new random password for the account and applies default ASP.NET access control settings for it
Restarts the IIS service


The batch file contains a hardcoded temporary password of "1pass@word" which you will be prompted to enter for the runas command when the batch file is run. After the runas command completes, the ASPNET account password is recreated with a strong random value. Note that the batch file may fail if the hardcoded password does not meet the password complexity requirements in your
environment. If that's the case, you can change it to another value that is appropriate for your environment.

Important note: If you have added custom access control settings or database account permissions for the ASPNET account, they will need to be recreated
after this batch file completes. This is because when the account is
recreated, it will get a new security identifier (SID).

Important note: If you are running the ASP.NET worker process with a custom account other than the ASPNET account, then you should not run this batch file. Instead, you should log in interactively or use the runas command with that account which will create a user profile for that account.

The batch file is included in the self-extracting archive below. To use it:
You must be running as an account with Administrator privileges
Download and open the self-extracting executable file
Extract the contents to c:\
Select Run... from the start menu, and enter cmd.exe
In the open command windows, type c:\fixup.cmd.
When prompted, enter 1pass@word as the password.
If you have previously custom access control settings or database account
permissions for the ASPNET account, you'll need to re-apply these settings now. Ask questions and get answers in the Issues with 'Server Application
Unavailable' error on Windows XP forum.
Many apologies for the inconvenience that this has caused. We'll post
additional information as it becomes available.

The matrix below details platforms and versions impacted by this issue.

.NET Framework Version # Platform Affected
Version 1.0 Windows 2000 Professional No
Version 1.0 Windows 2000 Server No
Version 1.0 Windows XP Professional Yes
Version 1.0 Windows Server 2003 No
Version 1.0 Windows XP Home with Cassini No
Version 1.1 Windows 2000 Professional No
Version 1.1 Windows 2000 Server No
Version 1.1 Windows XP Professional No
Version 1.1 Windows Server 2003 No
Version 1.1 Windows XP Home with Cassini No
Thanks,
The ASP.NET Team



Nov 17 '05 #4

P: n/a
Hi

Is there anyway to reverse the script?

Thanks
le'Ke
"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
Hi Jon,

Your best place for support on this issue is in the special group at
www.asp.net where the ASP.NET team is handling the problems:

http://www.asp.net/Forums/ShowForum....=1&ForumID=128

Ken
--
Microsoft MVPs have a question for *you*: Are you patched against the Worm? http://www.microsoft.com/security/se...s/ms03-026.asp

"Jon Cosby" <jc****@mindspring.com> wrote in message
news:wM***************@newsread4.news.pas.earthlin k.net...
I've run the batch file, and now the login is failing for aspnet. Tried
reinstalling it, but that doesn't work.

Jon Cosby

"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:#z**************@TK2MSFTNGP10.phx.gbl...
MS has posted this here:

http://www.asp.net/faq/ms03-32-issue.aspx
Fix for: 'Server Application Unavailable' Error after Applying Security Update
for IE


--------------------------------------------------------------------------
-----
-

We have identified an issue with the recent MS03-32 Security Update for
Internet Explorer security patch and ASP.NET V1.0 running on Windows XP.

This
patch can be installed manually or by obtaining recent critical updates

from
the Windows Update site.

The symptom of this issue is that after installing the patch on a Windows XP
machine, all requests to ASP.NET applications running on the local IIS
5.1 web
server result in an error message saying "Server Application
Unavailable". Requests to remote web servers are unaffected.

This issue only impacts installations running ASP.NET V1.0 on Windows XP. It
does not impact machines running Windows 2000 or Windows Server 2003. It also
does not impact machines running Windows XP with ASP.NET v1.1 installed.

Please note that this issue is not a security bug with ASP.NET. It does

not
open up or allow any malicious attacks against an ASP.NET application or
server. Instead, it is purely a functional bug caused by the patch

itself.
We are working hard on a permanent solution for this issue. In the

meantime,
you can execute the following batch file as a workaround for the issue.

The
batch file does the following:
Stops the IIS and ASP.NET state services
Deletes and recreates the ASPNET account with a known temporary password
Uses the Windows runas command to launch an executable that creates an

ASPNET
user profile
Re-registers ASP.NET. This creates a new random password for the account and
applies default ASP.NET access control settings for it
Restarts the IIS service


The batch file contains a hardcoded temporary password of "1pass@word" which
you will be prompted to enter for the runas command when the batch file

is run.
After the runas command completes, the ASPNET account password is recreated
with a strong random value. Note that the batch file may fail if the

hardcoded
password does not meet the password complexity requirements in your
environment. If that's the case, you can change it to another value

that is
appropriate for your environment.

Important note: If you have added custom access control settings or database
account permissions for the ASPNET account, they will need to be

recreated after this batch file completes. This is because when the account is
recreated, it will get a new security identifier (SID).

Important note: If you are running the ASP.NET worker process with a

custom
account other than the ASPNET account, then you should not run this batch file.
Instead, you should log in interactively or use the runas command with that
account which will create a user profile for that account.

The batch file is included in the self-extracting archive below. To use

it:

You must be running as an account with Administrator privileges
Download and open the self-extracting executable file
Extract the contents to c:\
Select Run... from the start menu, and enter cmd.exe
In the open command windows, type c:\fixup.cmd.
When prompted, enter 1pass@word as the password.
If you have previously custom access control settings or database

account permissions for the ASPNET account, you'll need to re-apply these

settings now.
Ask questions and get answers in the Issues with 'Server Application
Unavailable' error on Windows XP forum.
Many apologies for the inconvenience that this has caused. We'll post
additional information as it becomes available.

The matrix below details platforms and versions impacted by this issue.

.NET Framework Version # Platform Affected
Version 1.0 Windows 2000 Professional No
Version 1.0 Windows 2000 Server No
Version 1.0 Windows XP Professional Yes
Version 1.0 Windows Server 2003 No
Version 1.0 Windows XP Home with Cassini No
Version 1.1 Windows 2000 Professional No
Version 1.1 Windows 2000 Server No
Version 1.1 Windows XP Professional No
Version 1.1 Windows Server 2003 No
Version 1.1 Windows XP Home with Cassini No
Thanks,
The ASP.NET Team



Nov 17 '05 #5

P: n/a
It would be best to ask that here:

http://www.asp.net/Forums/ShowForum....=1&ForumID=128

Ken
--
Microsoft MVPs have a question for *you*: Are you patched against the Worm?
http://www.microsoft.com/security/se...s/ms03-026.asp

"le'Ke" <ca*******@hotmail.com> wrote in message
news:OS**************@TK2MSFTNGP09.phx.gbl...
Hi

Is there anyway to reverse the script?

Thanks
le'Ke
"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
Hi Jon,

Your best place for support on this issue is in the special group at
www.asp.net where the ASP.NET team is handling the problems:

http://www.asp.net/Forums/ShowForum....=1&ForumID=128

Ken
--
Microsoft MVPs have a question for *you*: Are you patched against the Worm? http://www.microsoft.com/security/se...s/ms03-026.asp

"Jon Cosby" <jc****@mindspring.com> wrote in message
news:wM***************@newsread4.news.pas.earthlin k.net...
I've run the batch file, and now the login is failing for aspnet. Tried
reinstalling it, but that doesn't work.

Jon Cosby

"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:#z**************@TK2MSFTNGP10.phx.gbl...
MS has posted this here:

http://www.asp.net/faq/ms03-32-issue.aspx
Fix for: 'Server Application Unavailable' Error after Applying Security Update
for IE


--------------------------------------------------------------------------
-----
-

We have identified an issue with the recent MS03-32 Security Update for
Internet Explorer security patch and ASP.NET V1.0 running on Windows XP.

This
patch can be installed manually or by obtaining recent critical updates

from
the Windows Update site.

The symptom of this issue is that after installing the patch on a Windows XP
machine, all requests to ASP.NET applications running on the local IIS
5.1 web
server result in an error message saying "Server Application
Unavailable". Requests to remote web servers are unaffected.

This issue only impacts installations running ASP.NET V1.0 on Windows XP. It
does not impact machines running Windows 2000 or Windows Server 2003. It also
does not impact machines running Windows XP with ASP.NET v1.1 installed.

Please note that this issue is not a security bug with ASP.NET. It does

not
open up or allow any malicious attacks against an ASP.NET application or
server. Instead, it is purely a functional bug caused by the patch

itself.
We are working hard on a permanent solution for this issue. In the

meantime,
you can execute the following batch file as a workaround for the issue.

The
batch file does the following:
Stops the IIS and ASP.NET state services
Deletes and recreates the ASPNET account with a known temporary password
Uses the Windows runas command to launch an executable that creates an

ASPNET
user profile
Re-registers ASP.NET. This creates a new random password for the account and
applies default ASP.NET access control settings for it
Restarts the IIS service


The batch file contains a hardcoded temporary password of "1pass@word" which
you will be prompted to enter for the runas command when the batch file

is run.
After the runas command completes, the ASPNET account password is recreated
with a strong random value. Note that the batch file may fail if the

hardcoded
password does not meet the password complexity requirements in your
environment. If that's the case, you can change it to another value

that is
appropriate for your environment.

Important note: If you have added custom access control settings or database
account permissions for the ASPNET account, they will need to be

recreated after this batch file completes. This is because when the account is
recreated, it will get a new security identifier (SID).

Important note: If you are running the ASP.NET worker process with a

custom
account other than the ASPNET account, then you should not run this batch file.
Instead, you should log in interactively or use the runas command with that
account which will create a user profile for that account.

The batch file is included in the self-extracting archive below. To use

it:

You must be running as an account with Administrator privileges
Download and open the self-extracting executable file
Extract the contents to c:\
Select Run... from the start menu, and enter cmd.exe
In the open command windows, type c:\fixup.cmd.
When prompted, enter 1pass@word as the password.
If you have previously custom access control settings or database

account permissions for the ASPNET account, you'll need to re-apply these

settings now.
Ask questions and get answers in the Issues with 'Server Application
Unavailable' error on Windows XP forum.
Many apologies for the inconvenience that this has caused. We'll post
additional information as it becomes available.

The matrix below details platforms and versions impacted by this issue.

.NET Framework Version # Platform Affected
Version 1.0 Windows 2000 Professional No
Version 1.0 Windows 2000 Server No
Version 1.0 Windows XP Professional Yes
Version 1.0 Windows Server 2003 No
Version 1.0 Windows XP Home with Cassini No
Version 1.1 Windows 2000 Professional No
Version 1.1 Windows 2000 Server No
Version 1.1 Windows XP Professional No
Version 1.1 Windows Server 2003 No
Version 1.1 Windows XP Home with Cassini No
Thanks,
The ASP.NET Team




Nov 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.